## crypto : object Native Node.js crypto interface **Kind**: global namespace ## createPrivateRsaKey([modulusLength]) ⇒ Promise.<buffer> Generate a private RSA key **Kind**: global function **Returns**: Promise.<buffer> - PEM encoded private RSA key | Param | Type | Default | Description | | --- | --- | --- | --- | | [modulusLength] | number | 2048 | Size of the keys modulus in bits, default: `2048` | **Example** Generate private RSA key ```js const privateKey = await acme.crypto.createPrivateRsaKey(); ``` **Example** Private RSA key with modulus size 4096 ```js const privateKey = await acme.crypto.createPrivateRsaKey(4096); ``` ## createPrivateKey() Alias of `createPrivateRsaKey()` **Kind**: global function ## createPrivateEcdsaKey([namedCurve]) ⇒ Promise.<buffer> Generate a private ECDSA key **Kind**: global function **Returns**: Promise.<buffer> - PEM encoded private ECDSA key | Param | Type | Description | | --- | --- | --- | | [namedCurve] | string | ECDSA curve name (P-256, P-384 or P-521), default `P-256` | **Example** Generate private ECDSA key ```js const privateKey = await acme.crypto.createPrivateEcdsaKey(); ``` **Example** Private ECDSA key using P-384 curve ```js const privateKey = await acme.crypto.createPrivateEcdsaKey('P-384'); ``` ## getPublicKey(keyPem) ⇒ buffer Get a public key derived from a RSA or ECDSA key **Kind**: global function **Returns**: buffer - PEM encoded public key | Param | Type | Description | | --- | --- | --- | | keyPem | buffer \| string | PEM encoded private or public key | **Example** Get public key ```js const publicKey = acme.crypto.getPublicKey(privateKey); ``` ## getJwk(keyPem) ⇒ object Get a JSON Web Key derived from a RSA or ECDSA key https://datatracker.ietf.org/doc/html/rfc7517 **Kind**: global function **Returns**: object - JSON Web Key | Param | Type | Description | | --- | --- | --- | | keyPem | buffer \| string | PEM encoded private or public key | **Example** Get JWK ```js const jwk = acme.crypto.getJwk(privateKey); ``` ## splitPemChain(chainPem) ⇒ array Split chain of PEM encoded objects from string into array **Kind**: global function **Returns**: array - Array of PEM objects including headers | Param | Type | Description | | --- | --- | --- | | chainPem | buffer \| string | PEM encoded object chain | ## getPemBodyAsB64u(pem) ⇒ string Parse body of PEM encoded object and return a Base64URL string If multiple objects are chained, the first body will be returned **Kind**: global function **Returns**: string - Base64URL-encoded body | Param | Type | Description | | --- | --- | --- | | pem | buffer \| string | PEM encoded chain or object | ## readCsrDomains(csrPem) ⇒ object Read domains from a Certificate Signing Request **Kind**: global function **Returns**: object - {commonName, altNames} | Param | Type | Description | | --- | --- | --- | | csrPem | buffer \| string | PEM encoded Certificate Signing Request | **Example** Read Certificate Signing Request domains ```js const { commonName, altNames } = acme.crypto.readCsrDomains(certificateRequest); console.log(`Common name: ${commonName}`); console.log(`Alt names: ${altNames.join(', ')}`); ``` ## readCertificateInfo(certPem) ⇒ object Read information from a certificate If multiple certificates are chained, the first will be read **Kind**: global function **Returns**: object - Certificate info | Param | Type | Description | | --- | --- | --- | | certPem | buffer \| string | PEM encoded certificate or chain | **Example** Read certificate information ```js const info = acme.crypto.readCertificateInfo(certificate); const { commonName, altNames } = info.domains; console.log(`Not after: ${info.notAfter}`); console.log(`Not before: ${info.notBefore}`); console.log(`Common name: ${commonName}`); console.log(`Alt names: ${altNames.join(', ')}`); ``` ## createCsr(data, [keyPem]) ⇒ Promise.<Array.<buffer>> Create a Certificate Signing Request **Kind**: global function **Returns**: Promise.<Array.<buffer>> - [privateKey, certificateSigningRequest] | Param | Type | Description | | --- | --- | --- | | data | object | | | [data.keySize] | number | Size of newly created RSA private key modulus in bits, default: `2048` | | [data.commonName] | string | FQDN of your server | | [data.altNames] | array | SAN (Subject Alternative Names), default: `[]` | | [data.country] | string | 2 letter country code | | [data.state] | string | State or province | | [data.locality] | string | City | | [data.organization] | string | Organization name | | [data.organizationUnit] | string | Organizational unit name | | [data.emailAddress] | string | Email address | | [keyPem] | string | PEM encoded CSR private key | **Example** Create a Certificate Signing Request ```js const [certificateKey, certificateRequest] = await acme.crypto.createCsr({ commonName: 'test.example.com' }); ``` **Example** Certificate Signing Request with both common and alternative names ```js const [certificateKey, certificateRequest] = await acme.crypto.createCsr({ keySize: 4096, commonName: 'test.example.com', altNames: ['foo.example.com', 'bar.example.com'] }); ``` **Example** Certificate Signing Request with additional information ```js const [certificateKey, certificateRequest] = await acme.crypto.createCsr({ commonName: 'test.example.com', country: 'US', state: 'California', locality: 'Los Angeles', organization: 'The Company Inc.', organizationUnit: 'IT Department', emailAddress: 'contact@example.com' }); ``` **Example** Certificate Signing Request with ECDSA private key ```js const certificateKey = await acme.crypto.createPrivateEcdsaKey(); const [, certificateRequest] = await acme.crypto.createCsr({ commonName: 'test.example.com' }, certificateKey);