{"id":18601563,"url":"https://github.com/peculiarventures/x509","last_synced_at":"2025-05-16T00:03:34.748Z","repository":{"id":38196935,"uuid":"297314159","full_name":"PeculiarVentures/x509","owner":"PeculiarVentures","description":"@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy","archived":false,"fork":false,"pushed_at":"2025-03-11T11:05:12.000Z","size":6477,"stargazers_count":101,"open_issues_count":21,"forks_count":17,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-09T12:51:19.678Z","etag":null,"topics":["certificate","cms","csr","ecc","pkcs10","pkcs7","rsa","x509"],"latest_commit_sha":null,"homepage":"https://peculiarventures.github.io/x509/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeculiarVentures.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-21T11:07:32.000Z","updated_at":"2025-04-20T12:41:05.000Z","dependencies_parsed_at":"2024-06-18T13:55:29.298Z","dependency_job_id":"faa970b7-ebaa-45be-a910-dc62b3396307","html_url":"https://github.com/PeculiarVentures/x509","commit_stats":{"total_commits":180,"total_committers":7,"mean_commits":"25.714285714285715","dds":0.08333333333333337,"last_synced_commit":"ebbefa71161d00b79bdafa526b60eeea4f9f568e"},"previous_names":[],"tags_count":52,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Fx509","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Fx509/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Fx509/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeculiarVentures%2Fx509/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeculiarVentures","download_url":"https://codeload.github.com/PeculiarVentures/x509/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254442854,"owners_count":22071878,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","cms","csr","ecc","pkcs10","pkcs7","rsa","x509"],"created_at":"2024-11-07T02:08:44.164Z","updated_at":"2025-05-16T00:03:33.237Z","avatar_url":"https://github.com/PeculiarVentures.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# @peculiar/x509\n\n[![License](https://img.shields.io/badge/license-MIT-green.svg?style=flat)](https://raw.githubusercontent.com/PeculiarVentures/webcrypto/master/LICENSE.md)\n![Node.js CI](https://github.com/PeculiarVentures/x509/workflows/Node.js%20CI/badge.svg)\n[![Coverage Status](https://coveralls.io/repos/github/PeculiarVentures/x509/badge.svg?branch=master)](https://coveralls.io/github/PeculiarVentures/x509?branch=master)\n[![npm version](https://badge.fury.io/js/%40peculiar%2Fx509.svg)](https://badge.fury.io/js/%40peculiar%2Fx509)\n\n- [About](#about)\n- [Installation](#installation)\n- [Documentation](#documentation)\n- [Usage](#usage)\n  - [Browser](#browser)\n  - [Set crypto provider for Node.js](#set-crypto-provider-for-nodejs)\n  - [Create a self-signed certificate](#create-a-self-signed-certificate)\n  - [Parse a X509 certificate](#parse-a-x509-certificate)\n  - [Create a PKCS#10 certificate request](#create-a-pkcs10-certificate-request)\n  - [Decoded X509 certificate](#decoded-x509-certificate)\n  - [Build a certificate chain](#build-a-certificate-chain)\n  - [Export a list of X509 certificates to PKCS#7 format](#export-a-list-of-x509-certificates-to-pkcs7-format)\n\n## About\n\n`@peculiar/x509` is an easy to use TypeScript/Javascript library based on `@peculiar/asn1-schema` that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy.\n\n## Installation\n\n```\nnpm install @peculiar/x509\n```\n\n## Documentation\n\n[https://peculiarventures.github.io/x509/](https://peculiarventures.github.io/x509/)\n\n## Usage\n\n### Browser\n\nEvery release of `@peculiar/x509` will have new build of `./build/x509.js` for use in the browser. To get access to module classes use `x509` global variable.\n\n\u003e WARN: We recommend hosting and controlling your own copy for security reasons\n\n```html\n\u003cscript src=\"https://unpkg.com/@peculiar/x509\"\u003e\u003c/script\u003e\n```\n\nA simple web application examples\n  - [Generate X509 certificate](https://codesandbox.io/s/generate-cert-fjwfh)\n  - [Generate PKCS#10 certificate request](https://codesandbox.io/s/generate-csr-0qhed)\n\n### Set crypto provider for Node.js\n\nIn some cases you may want to use a different cryptographic implementation, for example when you want to work with an object that supports a cryptographic algorithm not supported by the platform you are on.\n\nIn these cases you can set a custom provider, these providers need to be compatible with the WebCrypto API, for example on NodeJS you can use `@peculiar/webcrypto` to allow `@peculiar/x509` to work the same as it does in browser!\n\n```js\nimport * as x509 from \"@peculiar/x509\";\nimport { Crypto } from \"@peculiar/webcrypto\";\n\nconst crypto = new Crypto();\nx509.cryptoProvider.set(crypto);\n```\n\n### Create a self-signed certificate\n```js\nconst alg = {\n  name: \"RSASSA-PKCS1-v1_5\",\n  hash: \"SHA-256\",\n  publicExponent: new Uint8Array([1, 0, 1]),\n  modulusLength: 2048,\n};\nconst keys = await crypto.subtle.generateKey(alg, false, [\"sign\", \"verify\"]);\nconst cert = await x509.X509CertificateGenerator.createSelfSigned({\n  serialNumber: \"01\",\n  name: \"CN=Test\",\n  notBefore: new Date(\"2020/01/01\"),\n  notAfter: new Date(\"2020/01/02\"),\n  signingAlgorithm: alg,\n  keys,\n  extensions: [\n    new x509.BasicConstraintsExtension(true, 2, true),\n    new x509.ExtendedKeyUsageExtension([\"1.2.3.4.5.6.7\", \"2.3.4.5.6.7.8\"], true),\n    new x509.KeyUsagesExtension(x509.KeyUsageFlags.keyCertSign | x509.KeyUsageFlags.cRLSign, true),\n    await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),\n  ]\n});\n\nconsole.log(cert.toString(\"pem\")); // Certificate in PEM format\n```\n\n### Parse a x509 certificate\n```js\nconst base64 = \"MIIDljCCAn6gAwIBAgIOSETcxtRwD...S+kAFXIwugUGYEnTWp0m5bAn5NlD314IEOg4mnS8Q==\";\n\nconst cert = new x509.X509Certificate(base64);\nconsole.log(cert.subject); // CN=Test, O=PeculiarVentures LLC\n```\n\n### Create a PKCS#10 certificate request\n```js\nconst alg = {\n  name: \"ECDSA\",\n  namedCurve: \"P-384\",\n  hash: \"SHA-384\",\n}\nconst keys = await crypto.subtle.generateKey(alg, false, [\"sign\", \"verify\"]);\nconst csr = await x509.Pkcs10CertificateRequestGenerator.create({\n  name: \"CN=Test\",\n  keys,\n  signingAlgorithm: alg,\n  extensions: [\n    new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment),\n  ],\n  attributes: [\n    new x509.ChallengePasswordAttribute(\"password\"),\n  ]\n});\n\nconsole.log(csr.toString(\"base64\")); // Certificate request in Base64 format\n```\n\n### Decoded X509 certificate\n```js\nX509Certificate {\n  rawData: ArrayBuffer {\n    [Uint8Contents]: \u003c30 82 02 fc 30 82 01 e4 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 1e 17 0d 31 39 31 32 33 31 32 31 30 30 30 30 5a 17 0d 32 30 30 31 30 31 32 31 30 30 30 30 5a 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 82 01 ... 668 more bytes\u003e,\n    byteLength: 768\n  },\n  tbs: ArrayBuffer {\n    [Uint8Contents]: \u003c30 82 01 e4 a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 1e 17 0d 31 39 31 32 33 31 32 31 30 30 30 30 5a 17 0d 32 30 30 31 30 31 32 31 30 30 30 30 5a 30 0f 31 0d 30 0b 06 03 55 04 03 13 04 54 65 73 74 30 82 01 22 30 0d 06 ... 388 more bytes\u003e,\n    byteLength: 488\n  },\n  serialNumber: '01',\n  subject: 'CN=Test',\n  issuer: 'CN=Test',\n  signatureAlgorithm: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } },\n  signature: ArrayBuffer {\n    [Uint8Contents]: \u003c2e 78 fb 4b f6 c8 a1 9d b4 d1 8b 22 80 20 c1 68 46 39 a6 11 d1 a9 7a 13 03 8d 1e 0e 5e 87 b5 33 2a ba 44 1b 96 6d 91 e7 fd c0 ce b7 93 fe e4 df d3 d0 57 7c 9a eb 7e 3e 8b ed c6 07 ad 80 df fd 8f f7 ce 26 07 db 0e 9f af e6 cb 70 02 2d 17 9f f5 c1 0d ef d6 cf 1d ec 78 a0 dd 5d 46 2a 60 08 71 74 2c 26 ... 156 more bytes\u003e,\n    byteLength: 256\n  },\n  notBefore: 2019-12-31T21:00:00.000Z,\n  notAfter: 2020-01-01T21:00:00.000Z,\n  extensions: Extensions(4) [\n    BasicConstraintsExtension {\n      rawData: [ArrayBuffer],\n      type: '2.5.29.19',\n      critical: true,\n      value: [ArrayBuffer],\n      ca: true,\n      pathLength: 2\n    },\n    ExtendedKeyUsageExtension {\n      rawData: [ArrayBuffer],\n      type: '2.5.29.37',\n      critical: true,\n      value: [ArrayBuffer],\n      usages: [ExtendedKeyUsage]\n    },\n    KeyUsagesExtension {\n      rawData: [ArrayBuffer],\n      type: '2.5.29.15',\n      critical: true,\n      value: [ArrayBuffer],\n      usages: 96\n    },\n    SubjectKeyIdentifierExtension {\n      rawData: [ArrayBuffer],\n      type: '2.5.29.14',\n      critical: false,\n      value: [ArrayBuffer],\n      keyId: 'f525754650a3dee83f8bd777ee3b53ecc2c8d726'\n    }\n  ],\n  publicKey: PublicKey {\n    rawData: ArrayBuffer {\n      [Uint8Contents]: \u003c30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b6 f4 f1 cf dd 26 a1 23 45 b6 6e 4e ec 3e 20 8a 3f 90 ec 84 46 49 87 a2 05 c5 eb da ac 84 37 eb a3 bf 46 b5 8e 82 75 25 8a 80 19 10 79 13 c0 13 6c 29 df 56 44 1c ec f8 7b 34 0a f2 13 41 b5 53 98 e1 f5 ... 194 more bytes\u003e,\n      byteLength: 294\n    },\n    algorithm: {\n      name: 'RSASSA-PKCS1-v1_5',\n      publicExponent: [Uint8Array],\n      modulusLength: 2048\n    }\n  }\n}\n```\n\n### Build a certificate chain\n```js\nconst chain = new x509.X509ChainBuilder({\n  certificates: [\n    new x509.X509Certificate(raw1),\n    new x509.X509Certificate(raw2),\n    // ...\n    new x509.X509Certificate(rawN),\n  ],\n});\n\nconst cert = x509.X509Certificate(raw);\nconst items = await chain.build(cert);\nconsole.log(items); // [ X509Certificate, X509Certificate, X509Certificate ]\n```\n\n### Export a list of X509 certificates to PKCS#7 format\n```js\nconst certs = new x509.X509Certificates([\n  new x509.X509Certificate(\"MIIDljCCAn6gAwIBAgIOSETcxtRwD...S+kAFXIwugUGYEnTWp0m5bAn5NlD314IEOg4mnS8Q==\"),\n  new x509.X509Certificate(\"MIIDljCCAn6gAwIBAgIOSETcxtRwD...w8Y/o+hk3QzNBVa3ZUvzDhVAmamQflvw3lXMm/JG4U=\"),\n]);\n\nconsole.log(certs.export(\"base64\")); // \"MIICTAYJKoZIhvcNAQcCoIICPTCCAjkCAQAxADACBgCgggIq...F7EZPNo3pjbfznpIilRMRrmwf5dkgCdSKDdE94xAA==\");\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeculiarventures%2Fx509","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeculiarventures%2Fx509","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeculiarventures%2Fx509/lists"}