{"id":13471710,"url":"https://github.com/kjur/jsrsasign","last_synced_at":"2026-01-28T04:34:08.552Z","repository":{"id":3150552,"uuid":"4180355","full_name":"kjur/jsrsasign","owner":"kjur","description":"The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.","archived":false,"fork":false,"pushed_at":"2024-02-01T22:53:30.000Z","size":23649,"stargazers_count":3306,"open_issues_count":26,"forks_count":646,"subscribers_count":92,"default_branch":"master","last_synced_at":"2025-02-24T01:40:58.582Z","etag":null,"topics":["3des","aes","asn1","certificate","cms","crl","decryption","dsa","ecdsa","encryption","ocsp","rsa","sha1","sha2","signature","timestamp","x509"],"latest_commit_sha":null,"homepage":"https://kjur.github.io/jsrsasign","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kjur.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.txt","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"kjur"}},"created_at":"2012-04-30T06:18:56.000Z","updated_at":"2025-02-23T12:00:37.000Z","dependencies_parsed_at":"2024-02-02T00:08:21.323Z","dependency_job_id":null,"html_url":"https://github.com/kjur/jsrsasign","commit_stats":{"total_commits":438,"total_committers":41,"mean_commits":"10.682926829268293","dds":"0.15753424657534243","last_synced_commit":"58bb24192f501927014b67911bbde8ef27532319"},"previous_names":[],"tags_count":186,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kjur%2Fjsrsasign","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kjur%2Fjsrsasign/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kjur%2Fjsrsasign/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kjur%2Fjsrsasign/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kjur","download_url":"https://codeload.github.com/kjur/jsrsasign/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244038324,"owners_count":20387826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["3des","aes","asn1","certificate","cms","crl","decryption","dsa","ecdsa","encryption","ocsp","rsa","sha1","sha2","signature","timestamp","x509"],"created_at":"2024-07-31T16:00:48.512Z","updated_at":"2026-01-28T04:34:03.520Z","avatar_url":"https://github.com/kjur.png","language":"HTML","funding_links":["https://github.com/sponsors/kjur"],"categories":["HTML","Repository","encryption","Frameworks and Libs","Packages","Cryptography \u0026 TLS","Libraries"],"sub_categories":["Crypto","JavaScript","Encryption/Decryption"],"readme":"jsrsasign\r\n=========\r\n\r\n[![license](https://img.shields.io/badge/license-MIT-green.svg?style=flat)](https://github.com/kjur/jsrsasign/blob/master/LICENSE.txt)\r\n[![npm version](https://badge.fury.io/js/jsrsasign.svg)](https://badge.fury.io/js/jsrsasign)\r\n[![npm downloads](https://img.shields.io/npm/dm/jsrsasign.svg)](https://www.npmjs.com/package/jsrsasign)\r\n[![jsdeliver downloads](https://data.jsdelivr.com/v1/package/npm/jsrsasign/badge)](https://www.jsdelivr.com/package/npm/jsrsasign)\r\n[![CDNJS](https://img.shields.io/cdnjs/v/jsrsasign.svg)](https://cdnjs.com/libraries/jsrsasign)\r\n[![githubsponsors](https://img.shields.io/badge/github-donate-yellow.svg)](https://github.com/sponsors/kjur)\r\n[![cryptocurrency](https://img.shields.io/badge/crypto-donate-yellow.svg)](https://github.com/kjur/jsrsasign#cryptocurrency)\r\n\r\njsrsasign [TOP](https://kjur.github.io/jsrsasign/) | [github](https://github.com/kjur/jsrsasign) | [Wiki](https://github.com/kjur/jsrsasign/wiki) | [DOWNLOADS](https://github.com/kjur/jsrsasign/releases) | [TUTORIALS](https://github.com/kjur/jsrsasign/wiki#programming-tutorial) | [API REFERENCE](https://kjur.github.io/jsrsasign/api/) | [Online Tool](https://github.com/kjur/jsrsasign/wiki/jsrsasign-Online-Tools) | [DEMO](https://github.com/kjur/jsrsasign/wiki/jsrsasign-Demo) | [NODE TOOL](https://github.com/kjur/jsrsasign/wiki/Sample-Node-Tool-List) | [AddOn](https://github.com/kjur/jsrsasign/wiki/jsrsasign-Add-On) | [DONATE](https://github.com/kjur/jsrsasign#donations)\r\n\r\nThe 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token/Key in pure JavaScript.\r\n\r\nPublic page is https://kjur.github.io/jsrsasign .\r\n\r\nYour bugfix and pull request contribution are always welcomed :)\r\n\r\nNOTICE FOR COMMING 11.0.0 RELEASE\r\n---------------------------------\r\nThe \"jsrsasign\" library is a long lived JavaScript library from 2010 developed with old JavaScript style and backword compatibility. From coming release 11.0.0, following are planed and suport them gradually:\r\n- Stop to support Internet Explorer.\r\n- Stop to support bower.\r\n- Modern ECMA functions will be introduced such as Promise, let, Array methods or class.\r\n- API document generator will be changed from Jsdoc Toolkit to JSDoc3.\r\n- Module bandler will be used such as browserify or webpack.\r\n- Not to use YUI compressor.\r\n- Unit test framework will be changed from QUnit and mocha to jest.\r\n- W3C Web Crypto API support.\r\n- split into some modules besides jsrsasign have been all in package before 11.0.0.\r\n\r\nNEWS\r\n----\r\n- 2024-Jan-16: [Security advisory](https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf) and [update](https://github.com/kjur/jsrsasign/releases/tag/11.0.0) for Marvin attack vulnerability published. Due to this vulnerability, RSA PKCS#1.5 and RSAOAEP encryption/decryption no longer be supported.\r\n- 2023-Mar-12: [10.7.0 Release](https://github.com/kjur/jsrsasign/releases/tag/10.7.0). Now supports custom X.509 extension and custom OIDs by new \"Add-on\" architecture. ([See here in detail](https://github.com/kjur/jsrsasign/wiki/jsrsasign-Add-On2))\r\n- 2021-Nov-21: [10.5.0 Release](https://github.com/kjur/jsrsasign/releases/tag/10.5.0). Now supports secp521r1(P-521) ECDSA.\r\n- 2021-Apr-14: [Security advisory](https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg) and [update](https://github.com/kjur/jsrsasign/releases/tag/10.2.0) for CVE-2021-30246 RSA signature validation vulnerability published\r\n- 2020-Oct-05: jsrsasign won [Google Open Source Peer Bonus Award](https://opensource.googleblog.com/2020/10/announcing-latest-google-open-source.html). Thank you Google.\r\n- 2020-Sep-23: 10.0.0 released for CMS SignedData related class including timestamp and CAdES architecture update\r\n- 2020-Aug-24: 9.1.0 released to new CRL APIs align with certificate\r\n- 2020-Aug-19: 9.0.0 released for major update of certificate and CSR generation and parsing without backward compatibility. Please see [migration guide](https://github.com/kjur/jsrsasign/wiki/NOTE-jsrsasign-8.0.x-to-9.0.0-Certificate-and-CSR-API-migration-guide) in detail.\r\n- 2020-Aug-02: twitter account [@jsrsasign](https://twitter.com/jsrsasign) started for announcement. please follow.\r\n\r\nHIGHLIGHTS\r\n----------\r\n- Swiss Army Knife style all in one package crypto and PKI library\r\n- available on [Node.js](https://www.npmjs.com/package/jsrsasign) and browsers\r\n- Long live open source software from 2010\r\n- very easy API to use\r\n- powerful various format key loader and ASN.1 API\r\n- rich document and samples\r\n- no dependency to other library\r\n- no dependency to [W3C Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) nor [OpenSSL](https://www.openssl.org/)\r\n- no dependency on newer ECMAScirpt function. So old browsers also supported. \r\n- very popular crypto library with [1M+ npm downloads/month](https://npm-stat.com/charts.html?package=jsrsasign\u0026from=2016-05-01\u0026to=2023-04-20)\r\n- supports \"Add-on\" architecture\r\n\r\nINSTALL\r\n-------\r\n### Node NPM\r\n    \u003e npm install jsrsasign jsrsasign-util\r\n### Bower\r\n    \u003e bower install jsrsasign\r\n### Or include in HTML from many CDN sites\r\n    \u003e \u003cscript src=\"https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/8.0.20/jsrsasign-all-min.js\"\u003e\u003c/script\u003e\r\n\r\nUSAGE\r\n-----\r\n\r\nLoading encrypted PKCS#5 private key:\r\n\r\n    \u003e var rs = require('jsrsasign');\r\n    \u003e var rsu = require('jsrsasign-util');\r\n    \u003e var pem = rsu.readFile('z1.prv.p5e.pem');\r\n    \u003e var prvKey = rs.KEYUTIL.getKey(pem, 'passwd');\r\n\r\nSign string 'aaa' with the loaded private key:\r\n\r\n    \u003e var sig = new a.Signature({alg: 'SHA1withRSA'});\r\n    \u003e sig.init(prvKey);\r\n    \u003e sig.updateString('aaa');\r\n    \u003e var sigVal = sig.sign();\r\n    \u003e sigVal\r\n    'd764dcacb...'\r\n\r\nMORE TUTORIALS AND SAMPLES\r\n--------------------------\r\n- [Tutorials in GitHub Wiki](https://github.com/kjur/jsrsasign/wiki)\r\n- [Sample Node Scripts](https://github.com/kjur/jsrsasign/tree/master/sample_node)\r\n\r\n## RECENT SECURITY ADVISORY\r\n\r\n|published|fixed version|title/advisory|CVE|CVSS|\r\n|:---|:---|:---|:---|:---|\r\n|2024Jan16|11.0.0|[Marvin attack vulnerability for RSA and RSAOAEP decryption](https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf)|CVE-2024-21484|7.5|\r\n|2022Jun24|10.5.25|[JWS and JWT signature validation vulnerability with special characters](https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf)|CVE-2022-25898|?|\r\n|2021Apr14|10.2.0|[RSA signature validation vulnerability on maleable encoded message](https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg)|CVE-2021-30246|9.1|\r\n|2020Jun22|8.0.19|[ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding](https://github.com/kjur/jsrsasign/security/advisories/GHSA-p8c3-7rj8-q963)|CVE-2020-14966|5.5|\r\n|2020Jun22|8.0.18|[RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros](https://github.com/kjur/jsrsasign/security/advisories/GHSA-xxxq-chmp-67g4)|CVE-2020-14967|4.8|\r\n|2020Jun22|8.0.17|[RSA-PSS signature validation vulnerability by prepending zeros](https://github.com/kjur/jsrsasign/security/advisories/GHSA-q3gh-5r98-j4h3)|CVE-2020-14968|4.2|\r\n\r\nHere is [full published security advisory list](https://github.com/kjur/jsrsasign/security/advisories?state=published).\r\n\r\n## DONATIONS\r\n\r\nIf you like jsrsasign and my other project, you can support their development by donation through any of the platform/services below. Thank you as always.\r\n\r\n### Github Sponsors\r\nYou can sponsor jsrsasign with the [GitHub Sponsors](https://github.com/sponsors/kjur) program.\r\n\r\n### Cryptocurrency\r\nYou can donate cryptocurrency to jsrsasign using the following addresses:\r\n- Bitcoin(BTC): [34vSRe7XHoMy78HKgps9YJ5BrBLYJLeM22](https://en.cryptobadges.io/donate/34vSRe7XHoMy78HKgps9YJ5BrBLYJLeM22)\r\n- Ethereum(ETH): [0x9c4cdbb531e5b84796ff5f91a9f652704761e64e](https://en.cryptobadges.io/donate/0x9c4cdbb531e5b84796ff5f91a9f652704761e64e)\r\n- Litecoin(LTC): [LPf3VDJVamwPcNJNjjVtrUQuJQ17ZyWzeU](https://en.cryptobadges.io/donate/LPf3VDJVamwPcNJNjjVtrUQuJQ17ZyWzeU)\r\n- Bitcoin Cash(BCH): bitcoincash:pq3hy08pc9vm57q6ddgsc06cqdffmfzwwqxd9yejyf\r\n\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkjur%2Fjsrsasign","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkjur%2Fjsrsasign","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkjur%2Fjsrsasign/lists"}