8.6 KiB
Objects
- crypto :
object Native Node.js crypto interface
Functions
- createPrivateRsaKey([modulusLength]) ⇒
Promise.<buffer> Generate a private RSA key
- createPrivateKey()
Alias of
createPrivateRsaKey()- createPrivateEcdsaKey([namedCurve]) ⇒
Promise.<buffer> Generate a private ECDSA key
- getPublicKey(keyPem) ⇒
buffer Get a public key derived from a RSA or ECDSA key
- getJwk(keyPem) ⇒
object Get a JSON Web Key derived from a RSA or ECDSA key
- splitPemChain(chainPem) ⇒
array Split chain of PEM encoded objects from string into array
- getPemBodyAsB64u(pem) ⇒
string Parse body of PEM encoded object and return a Base64URL string If multiple objects are chained, the first body will be returned
- readCsrDomains(csrPem) ⇒
object Read domains from a Certificate Signing Request
- readCertificateInfo(certPem) ⇒
object Read information from a certificate If multiple certificates are chained, the first will be read
- createCsr(data, [keyPem]) ⇒
Promise.<Array.<buffer>> Create a Certificate Signing Request
crypto : object
Native Node.js crypto interface
createPrivateRsaKey([modulusLength]) ⇒ Promise.<buffer>
Generate a private RSA key
Kind: global function
Returns: Promise.<buffer> - PEM encoded private RSA key
| Param | Type | Default | Description |
|---|---|---|---|
| [modulusLength] | number |
2048 |
Size of the keys modulus in bits, default: 2048 |
Example
Generate private RSA key
const privateKey = await acme.crypto.createPrivateRsaKey();
Example
Private RSA key with modulus size 4096
const privateKey = await acme.crypto.createPrivateRsaKey(4096);
createPrivateKey()
Alias of createPrivateRsaKey()
createPrivateEcdsaKey([namedCurve]) ⇒ Promise.<buffer>
Generate a private ECDSA key
Kind: global function
Returns: Promise.<buffer> - PEM encoded private ECDSA key
| Param | Type | Description |
|---|---|---|
| [namedCurve] | string |
ECDSA curve name (P-256, P-384 or P-521), default P-256 |
Example
Generate private ECDSA key
const privateKey = await acme.crypto.createPrivateEcdsaKey();
Example
Private ECDSA key using P-384 curve
const privateKey = await acme.crypto.createPrivateEcdsaKey('P-384');
getPublicKey(keyPem) ⇒ buffer
Get a public key derived from a RSA or ECDSA key
Kind: global function
Returns: buffer - PEM encoded public key
| Param | Type | Description |
|---|---|---|
| keyPem | buffer | string |
PEM encoded private or public key |
Example
Get public key
const publicKey = acme.crypto.getPublicKey(privateKey);
getJwk(keyPem) ⇒ object
Get a JSON Web Key derived from a RSA or ECDSA key
https://datatracker.ietf.org/doc/html/rfc7517
Kind: global function
Returns: object - JSON Web Key
| Param | Type | Description |
|---|---|---|
| keyPem | buffer | string |
PEM encoded private or public key |
Example
Get JWK
const jwk = acme.crypto.getJwk(privateKey);
splitPemChain(chainPem) ⇒ array
Split chain of PEM encoded objects from string into array
Kind: global function
Returns: array - Array of PEM objects including headers
| Param | Type | Description |
|---|---|---|
| chainPem | buffer | string |
PEM encoded object chain |
getPemBodyAsB64u(pem) ⇒ string
Parse body of PEM encoded object and return a Base64URL string If multiple objects are chained, the first body will be returned
Kind: global function
Returns: string - Base64URL-encoded body
| Param | Type | Description |
|---|---|---|
| pem | buffer | string |
PEM encoded chain or object |
readCsrDomains(csrPem) ⇒ object
Read domains from a Certificate Signing Request
Kind: global function
Returns: object - {commonName, altNames}
| Param | Type | Description |
|---|---|---|
| csrPem | buffer | string |
PEM encoded Certificate Signing Request |
Example
Read Certificate Signing Request domains
const { commonName, altNames } = acme.crypto.readCsrDomains(certificateRequest);
console.log(`Common name: ${commonName}`);
console.log(`Alt names: ${altNames.join(', ')}`);
readCertificateInfo(certPem) ⇒ object
Read information from a certificate If multiple certificates are chained, the first will be read
Kind: global function
Returns: object - Certificate info
| Param | Type | Description |
|---|---|---|
| certPem | buffer | string |
PEM encoded certificate or chain |
Example
Read certificate information
const info = acme.crypto.readCertificateInfo(certificate);
const { commonName, altNames } = info.domains;
console.log(`Not after: ${info.notAfter}`);
console.log(`Not before: ${info.notBefore}`);
console.log(`Common name: ${commonName}`);
console.log(`Alt names: ${altNames.join(', ')}`);
createCsr(data, [keyPem]) ⇒ Promise.<Array.<buffer>>
Create a Certificate Signing Request
Kind: global function
Returns: Promise.<Array.<buffer>> - [privateKey, certificateSigningRequest]
| Param | Type | Description |
|---|---|---|
| data | object |
|
| [data.keySize] | number |
Size of newly created RSA private key modulus in bits, default: 2048 |
| [data.commonName] | string |
FQDN of your server |
| [data.altNames] | array |
SAN (Subject Alternative Names), default: [] |
| [data.country] | string |
2 letter country code |
| [data.state] | string |
State or province |
| [data.locality] | string |
City |
| [data.organization] | string |
Organization name |
| [data.organizationUnit] | string |
Organizational unit name |
| [data.emailAddress] | string |
Email address |
| [keyPem] | string |
PEM encoded CSR private key |
Example
Create a Certificate Signing Request
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
commonName: 'test.example.com'
});
Example
Certificate Signing Request with both common and alternative names
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
keySize: 4096,
commonName: 'test.example.com',
altNames: ['foo.example.com', 'bar.example.com']
});
Example
Certificate Signing Request with additional information
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
commonName: 'test.example.com',
country: 'US',
state: 'California',
locality: 'Los Angeles',
organization: 'The Company Inc.',
organizationUnit: 'IT Department',
emailAddress: 'contact@example.com'
});
Example
Certificate Signing Request with ECDSA private key
const certificateKey = await acme.crypto.createPrivateEcdsaKey();
const [, certificateRequest] = await acme.crypto.createCsr({
commonName: 'test.example.com'
}, certificateKey);