GithubHelp home page GithubHelp logo

pem's Introduction

pem

Create private keys and certificates with node.js

Build Status npm version

Installation

Install with npm

npm install pem

Examples

Here are some examples for creating an SSL key/cert on the fly, and running an HTTPS server on port 443. 443 is the standard HTTPS port, but requires root permissions on most systems. To get around this, you could use a higher port number, like 4300, and use https://localhost:4300 to access your server.

Basic https

var https = require('https'),
    pem = require('pem');

pem.createCertificate({days:1, selfSigned:true}, function(err, keys){
    https.createServer({key: keys.serviceKey, cert: keys.certificate}, function(req, res){
        res.end('o hai!')
    }).listen(443);
});

Express

var https = require('https'),
    pem = require('pem'),
    express = require('express');

pem.createCertificate({days:1, selfSigned:true}, function(err, keys){
  var app = express();

  app.get('/',  requireAuth, function(req, res){
    res.send('o hai!');
  });

  https.createServer({key: keys.serviceKey, cert: keys.certificate}, app).listen(443);
});

API

Create a dhparam key

Use createDhparam for creating dhparam keys

pem.createDhparam(keyBitsize, callback)

Where

  • keyBitsize is an optional size of the key, defaults to 512 (bit)
  • callback is a callback function with an error object and {dhparam}

Create a private key

Use createPrivateKey for creating private keys

pem.createPrivateKey(keyBitsize, [options,] callback)

Where

  • keyBitsize is an optional size of the key, defaults to 2048 (bit)
  • options is an optional object of the cipher and password (both required for encryption), defaults {cipher:'',password:''} (ciphers:["aes128", "aes192", "aes256", "camellia128", "camellia192", "camellia256", "des", "des3", "idea"])
  • callback is a callback function with an error object and {key}

Create a Certificate Signing Request

Use createCSR for creating certificate signing requests

pem.createCSR(options, callback)

Where

  • options is an optional options object
  • callback is a callback function with an error object and {csr, clientKey}

Possible options are the following

  • clientKey is an optional client key to use
  • clientKeyPassword the optional password for clientKey
  • keyBitsize - if clientKey is undefined, bit size to use for generating a new key (defaults to 2048)
  • hash is a hash function to use (either md5, sha1 or sha256, defaults to sha256)
  • country is a CSR country field
  • state is a CSR state field
  • locality is a CSR locality field
  • organization is a CSR organization field
  • organizationUnit is a CSR organizational unit field
  • commonName is a CSR common name field (defaults to localhost)
  • altNames is a list (Array) of subjectAltNames in the subjectAltName field (optional)
  • emailAddress is a CSR email address field
  • csrConfigFile is a CSR config file

Create a certificate

Use createCertificate for creating private keys

pem.createCertificate(options, callback)

Where

  • options is an optional options object
  • callback is a callback function with an error object and {certificate, csr, clientKey, serviceKey}

Possible options include all the options for createCSR - in case csr parameter is not defined and a new CSR needs to be generated.

In addition, possible options are the following

  • serviceKey is a private key for signing the certificate, if not defined a new one is generated
  • serviceKeyPassword Password of the service key
  • serviceCertificate is the optional certificate for the serviceKey
  • serial is the unique serial number for the signed certificate, required if serviceCertificate is defined
  • selfSigned - if set to true and serviceKey is not defined, use clientKey for signing
  • csr is a CSR for the certificate, if not defined a new one is generated
  • days is the certificate expire time in days
  • extFile extension config file - without -extensions v3_req
  • config extension config file - with -extensions v3_req

Export a public key

Use getPublicKey for exporting a public key from a private key, CSR or certificate

pem.getPublicKey(certificate, callback)

Where

  • certificate is a PEM encoded private key, CSR or certificate
  • callback is a callback function with an error object and {publicKey}

Read certificate info

Use readCertificateInfo for reading subject data from a certificate or a CSR

pem.readCertificateInfo(certificate, callback)

Where

  • certificate is a PEM encoded CSR or a certificate
  • callback is a callback function with an error object and {serial, country, state, locality, organization, organizationUnit, commonName, emailAddress, validity{start, end}, san{dns, ip}?, issuer{country, state, locality, organization, organizationUnit} }

? san is only present if the CSR or certificate has SAN entries.

Get fingerprint

Use getFingerprint to get the default SHA1 fingerprint for a certificate

pem.getFingerprint(certificate, [hash,] callback)

Where

  • certificate is a PEM encoded certificate
  • hash is a hash function to use (either md5, sha1 or sha256, defaults to sha1)
  • callback is a callback function with an error object and {fingerprint}

Get modulus

Use getModulus to get the modulus for a certificate, a CSR or a private key. Modulus can be useful to check that a Private Key Matches a Certificate

pem.getModulus(certificate, callback)

Where

  • certificate is a PEM encoded certificate, CSR or private key
  • callback is a callback function with an error object and {modulus}

Get DH parameter information

Use getDhparamInfo to get the size and prime of DH parameters.

pem.getDhparamInfo(dhparam, callback)

Where

  • dhparam is a PEM encoded DH parameters string
  • callback is a callback function with an error object and {size, prime}

Export to a PKCS12 keystore

Use createPkcs12 to export a certificate, the private key and optionally any signing or intermediate CA certificates to a PKCS12 keystore.

pem.createPkcs12(clientKey, certificate, p12Password, [options], callback)

Where

  • clientKey is a PEM encoded private key
  • certificate is a PEM encoded certificate
  • p12Password is the password of the exported keystore
  • options is an optional options object with cipher, (one of "aes128", "aes192", "aes256", "camellia128", "camellia192", "camellia256", "des", "des3" or "idea"), clientKeyPassword and certFiles (an array of additional certificates to include - e.g. CA certificates)
  • callback is a callback function with an error object and {pkcs12} (binary)

Read a PKCS12 keystore

Use readPkcs12 to read a certificate, private key and CA certificates from a PKCS12 keystore.

pem.readPkcs12(bufferOrPath, [options], callback)

Where

  • bufferOrPath is a PKCS12 keystore as a Buffer or the path to a file
  • options is an optional options object with clientKeyPassword which will be used to encrypt the stored key and p12Password which will be used to open the keystore
  • callback is a callback function with an error object and {key: String, cert: String, ca: Array}

### Verify a certificate signing chain

Use verifySigningChain to assert that a given certificate has a valid signing chain.

pem.verifySigningChain(certificate, ca, callback)

Where

  • certificate is a PEM encoded certificate string
  • ca is a PEM encoded CA certificate string or an array of certificate strings
  • callback is a callback function with an error object and a boolean as arguments

Setting openssl location

In some systems the openssl executable might not be available by the default name or it is not included in $PATH. In this case you can define the location of the executable yourself as a one time action after you have loaded the pem module:

var pem = require('pem');
pem.config({
    pathOpenSSL: '/usr/local/bin/openssl'
});
...
// do something with the pem module

License

MIT

pem's People

Contributors

achingbrain avatar adetante avatar andris9 avatar apatil avatar astra137 avatar darren avatar debonair avatar dexus avatar dodo avatar hildjj avatar itkoren avatar jasonfill avatar joshbetz avatar jpage-godaddy avatar lllama avatar nickdaugherty avatar noamokman avatar pauloasilva avatar polymorf avatar scaret avatar shugigo avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.