- crypto :
object
Native Node.js crypto interface
- createPrivateRsaKey([modulusLength]) ⇒
Promise.<buffer>
Generate a private RSA key
- createPrivateKey()
Alias of
createPrivateRsaKey()
- createPrivateEcdsaKey([namedCurve]) ⇒
Promise.<buffer>
Generate a private ECDSA key
- getPublicKey(keyPem) ⇒
buffer
Get a public key derived from a RSA or ECDSA key
- getJwk(keyPem) ⇒
object
Get a JSON Web Key derived from a RSA or ECDSA key
- splitPemChain(chainPem) ⇒
Array.<string>
Split chain of PEM encoded objects from string into array
- getPemBodyAsB64u(pem) ⇒
string
Parse body of PEM encoded object and return a Base64URL string If multiple objects are chained, the first body will be returned
- readCsrDomains(csrPem) ⇒
object
Read domains from a Certificate Signing Request
- readCertificateInfo(certPem) ⇒
object
Read information from a certificate If multiple certificates are chained, the first will be read
- createCsr(data, [keyPem]) ⇒
Promise.<Array.<buffer>>
Create a Certificate Signing Request
- createAlpnCertificate(authz, keyAuthorization, [keyPem]) ⇒
Promise.<Array.<buffer>>
Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
- isAlpnCertificateAuthorizationValid(certPem, keyAuthorization) ⇒
boolean
Validate that a ALPN certificate contains the expected key authorization
Native Node.js crypto interface
Generate a private RSA key
Kind: global function
Returns: Promise.<buffer>
- PEM encoded private RSA key
Param | Type | Default | Description |
---|---|---|---|
[modulusLength] | number |
2048 |
Size of the keys modulus in bits, default: 2048 |
Example
Generate private RSA key
const privateKey = await acme.crypto.createPrivateRsaKey();
Example
Private RSA key with modulus size 4096
const privateKey = await acme.crypto.createPrivateRsaKey(4096);
Alias of createPrivateRsaKey()
Generate a private ECDSA key
Kind: global function
Returns: Promise.<buffer>
- PEM encoded private ECDSA key
Param | Type | Description |
---|---|---|
[namedCurve] | string |
ECDSA curve name (P-256, P-384 or P-521), default P-256 |
Example
Generate private ECDSA key
const privateKey = await acme.crypto.createPrivateEcdsaKey();
Example
Private ECDSA key using P-384 curve
const privateKey = await acme.crypto.createPrivateEcdsaKey('P-384');
Get a public key derived from a RSA or ECDSA key
Kind: global function
Returns: buffer
- PEM encoded public key
Param | Type | Description |
---|---|---|
keyPem | buffer | string |
PEM encoded private or public key |
Example
Get public key
const publicKey = acme.crypto.getPublicKey(privateKey);
Get a JSON Web Key derived from a RSA or ECDSA key
https://datatracker.ietf.org/doc/html/rfc7517
Kind: global function
Returns: object
- JSON Web Key
Param | Type | Description |
---|---|---|
keyPem | buffer | string |
PEM encoded private or public key |
Example
Get JWK
const jwk = acme.crypto.getJwk(privateKey);
Split chain of PEM encoded objects from string into array
Kind: global function
Returns: Array.<string>
- Array of PEM objects including headers
Param | Type | Description |
---|---|---|
chainPem | buffer | string |
PEM encoded object chain |
Parse body of PEM encoded object and return a Base64URL string If multiple objects are chained, the first body will be returned
Kind: global function
Returns: string
- Base64URL-encoded body
Param | Type | Description |
---|---|---|
pem | buffer | string |
PEM encoded chain or object |
Read domains from a Certificate Signing Request
Kind: global function
Returns: object
- {commonName, altNames}
Param | Type | Description |
---|---|---|
csrPem | buffer | string |
PEM encoded Certificate Signing Request |
Example
Read Certificate Signing Request domains
const { commonName, altNames } = acme.crypto.readCsrDomains(certificateRequest);
console.log(`Common name: ${commonName}`);
console.log(`Alt names: ${altNames.join(', ')}`);
Read information from a certificate If multiple certificates are chained, the first will be read
Kind: global function
Returns: object
- Certificate info
Param | Type | Description |
---|---|---|
certPem | buffer | string |
PEM encoded certificate or chain |
Example
Read certificate information
const info = acme.crypto.readCertificateInfo(certificate);
const { commonName, altNames } = info.domains;
console.log(`Not after: ${info.notAfter}`);
console.log(`Not before: ${info.notBefore}`);
console.log(`Common name: ${commonName}`);
console.log(`Alt names: ${altNames.join(', ')}`);
Create a Certificate Signing Request
Kind: global function
Returns: Promise.<Array.<buffer>>
- [privateKey, certificateSigningRequest]
Param | Type | Description |
---|---|---|
data | object |
|
[data.keySize] | number |
Size of newly created RSA private key modulus in bits, default: 2048 |
[data.commonName] | string |
FQDN of your server |
[data.altNames] | Array.<string> |
SAN (Subject Alternative Names), default: [] |
[data.country] | string |
2 letter country code |
[data.state] | string |
State or province |
[data.locality] | string |
City |
[data.organization] | string |
Organization name |
[data.organizationUnit] | string |
Organizational unit name |
[data.emailAddress] | string |
Email address |
[keyPem] | buffer | string |
PEM encoded CSR private key |
Example
Create a Certificate Signing Request
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
});
Example
Certificate Signing Request with both common and alternative names
Warning: Certificate subject common name has been deprecated and its use is discouraged.
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
keySize: 4096,
commonName: 'test.example.com',
altNames: ['foo.example.com', 'bar.example.com'],
});
Example
Certificate Signing Request with additional information
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
country: 'US',
state: 'California',
locality: 'Los Angeles',
organization: 'The Company Inc.',
organizationUnit: 'IT Department',
emailAddress: '[email protected]',
});
Example
Certificate Signing Request with ECDSA private key
const certificateKey = await acme.crypto.createPrivateEcdsaKey();
const [, certificateRequest] = await acme.crypto.createCsr({
altNames: ['test.example.com'],
}, certificateKey);
Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
https://datatracker.ietf.org/doc/html/rfc8737
Kind: global function
Returns: Promise.<Array.<buffer>>
- [privateKey, certificate]
Param | Type | Description |
---|---|---|
authz | object |
Identifier authorization |
keyAuthorization | string |
Challenge key authorization |
[keyPem] | buffer | string |
PEM encoded CSR private key |
Example
Create a ALPN certificate
const [alpnKey, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization);
Example
Create a ALPN certificate with ECDSA private key
const alpnKey = await acme.crypto.createPrivateEcdsaKey();
const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
Validate that a ALPN certificate contains the expected key authorization
Kind: global function
Returns: boolean
- True when valid
Param | Type | Description |
---|---|---|
certPem | buffer | string |
PEM encoded certificate |
keyAuthorization | string |
Expected challenge key authorization |