PKI.js | pure JavaScript library implementing the formats | TLS library
kandi X-RAY | PKI.js Summary
kandi X-RAY | PKI.js Summary
First of all a few words about what the PKI itself is. The PKI is a set of many related RFCs (Request For Comment, All PKI data initially are in binary format, called ASN.1. Each ASN.1 PKI-related structure has its "ASN.1 schema" - textual representation in ASN.1 notation language. Inside PKI documentation you would find something like this (example from RFC5280):.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Creates a bidi text
- compile a code string
- parse code array
- Decode the scan information .
- Read a table table .
- Font constructor .
- Process a symbol .
- Reads a CURL
- Sanitize the table
- Calculates the inverse of the block .
PKI.js Key Features
PKI.js Examples and Code Snippets
Community Discussions
Trending Discussions on PKI.js
QUESTION
tldr:
Is there a way to create CMS Enveloped Data when i have already encrypted content with AES and secret key which is already encrypted with public key?
Long version:
I have an application which encrypts and decrypts data with AES (CBC and GCM mode). Symetric key is encrypted/decrypted with RSA key pairs. When user requests for data we decrypt it in backend (Java) and send it to the browser
Usually we have public key and private key but there is requirement that in some cases we dont have private key and the decryption should take place in browser (user provides PFX with privatkey). The solution for this is PKI.js which can decrypt data using PFX and CMS Enveloped Data.
The problem is that we already encrypted the data and dont have access to plain data which we can use to build CMS Enveloped Data.
Edit: @dave_thompson_085 thank you for reply! I have an follow-up question. I dont hold certificates in system so only thing i have is public key. Is there a way to adjust your code to this requirement?
Before your answer i was encrypting data for second time just for CMS Enveloped Object. In this code i used only public key for generating reciepents. Is there a way to adjust your code to generate reciepent with public key only? My previous code:
...ANSWER
Answered 2021-Sep-17 at 09:44FWIW you can use BouncyCastle only to do the DER formatting (plus set the versions, a minor convenience), plus PEM if you want that (also a minor convenience), after you do all the rest of the work yourself. Example:
QUESTION
- Sign a PDF in the browser using cliets certificate store or Smart Card
- For accessing the local cert store I use FortifyApp.
- Pdf is pre-signed on the server using iText(Sharp), then sent to the client via Ajax. Relevant code:
ANSWER
Answered 2020-Jun-29 at 08:51So I figured it out.
Can I achieve my goal without having to manually upload a p12/pfx file, is it even possible?
Yes, it is. (See below on what needs to be changed.)
Is the server-side implementation of the deferred signature correct, do I need something else?
Yes, the code above is fine.
Is the pdf manipulation in javascript correct?
Also fine.
Can I transform the native CrytpoKey to forge or pkijs?
Yes, see below.
What is wrong with the last signature?
@mkl answered it in a comment, thank you.
FortifyApp has a CMS demo now. Although it didn't work with the version I was using, it works with version 1.3.4.
So I went with the pki.js implementation. The code changes need for the signing to be successful are the following:
- Export the certificate:
QUESTION
For some reasons, I have to process apple pay payment token without a payment platform. According to official document, I need to "verify the signature" first. And the signature is a detached PKCS #7 signature in base64 encoding. I wanted to validate it with node.js or openssl.
Since node-forge, a very handy crypto tool, doesn't support "ECDSA with sha256" yet (link), and I can't find other replacement. I turned to openssl. With some investigation, It seems the signature is packaged in "CMS signed data" format. So I found this command from openssl manual should be able to do the job:
openssl cms -verify -inform DER -in signature.der -content content.txt
Apple document says "ensure that the signature is a valid ECDSA signature of the concatenated values of the ephemeralPublicKey, data, transactionId, and applicationData keys". So I generate my test content by concating those fields from my test token. But the result is:
...ANSWER
Answered 2020-May-26 at 02:07The code snippet below from PKI.js example shows how to parse an existing CMSSignedData.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install PKI.js
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page