summaryrefslogtreecommitdiff
path: root/alarm/node_modules/node-forge/README.md
diff options
context:
space:
mode:
authorMinteck <contact@minteck.org>2023-01-10 14:54:04 +0100
committerMinteck <contact@minteck.org>2023-01-10 14:54:04 +0100
commit99c1d9af689e5325f3cf535c4007b3aeb8325229 (patch)
treee663b3c2ebdbd67c818ac0c5147f0ce1d2463cda /alarm/node_modules/node-forge/README.md
parent9871b03912fc28ad38b4037ebf26a78aa937baba (diff)
downloadpluralconnect-99c1d9af689e5325f3cf535c4007b3aeb8325229.tar.gz
pluralconnect-99c1d9af689e5325f3cf535c4007b3aeb8325229.tar.bz2
pluralconnect-99c1d9af689e5325f3cf535c4007b3aeb8325229.zip
Update - This is an automated commit
Diffstat (limited to 'alarm/node_modules/node-forge/README.md')
-rw-r--r--alarm/node_modules/node-forge/README.md1796
1 files changed, 0 insertions, 1796 deletions
diff --git a/alarm/node_modules/node-forge/README.md b/alarm/node_modules/node-forge/README.md
deleted file mode 100644
index 0130ef4..0000000
--- a/alarm/node_modules/node-forge/README.md
+++ /dev/null
@@ -1,1796 +0,0 @@
-# Forge
-
-[![Build Status][travis-ci-png]][travis-ci-site]
-[travis-ci-png]: https://travis-ci.org/digitalbazaar/forge.png?branch=master
-[travis-ci-site]: https://travis-ci.org/digitalbazaar/forge
-
-A native implementation of [TLS][] (and various other cryptographic tools) in
-[JavaScript][].
-
-## Introduction
-
-The Forge software is a fully native implementation of the [TLS][] protocol in
-JavaScript as well as a set of tools for developing Web Apps that utilize many
-network resources.
-
-## Performance
-
-Forge is fast. Benchmarks against other popular JavaScript cryptography
-libraries can be found here:
-
-http://dominictarr.github.io/crypto-bench/
-
-http://cryptojs.altervista.org/test/simulate-threading-speed_test.html
-
-## Getting Started
-------------------
-
-### Node.js ###
-
-If you want to use forge with [node.js][], it is available through `npm`:
-
-https://npmjs.org/package/node-forge
-
-Installation:
-
- npm install node-forge
-
-You can then use forge as a regular module:
-
- var forge = require('node-forge');
-
-### Requirements ###
-
-* General
- * Optional: GNU autotools for the build infrastructure if using Flash.
-* Building a Browser Bundle:
- * nodejs
- * npm
-* Testing
- * nodejs
- * Optional: Python and OpenSSL development environment to build
- * a special SSL module with session cache support for testing with flash.
- * http://www.python.org/dev/
- * http://www.openssl.org/
- * Debian users should install python-dev and libssl-dev.
-* Optional: Flash
- * A pre-built SocketPool.swf is included.
- * Adobe Flex 3 SDK to build the Flash socket code.
- * http://opensource.adobe.com/wiki/display/flexsdk/
-
-### Building a browser bundle ###
-
-To create a minimized JavaScript bundle, run the following:
-
-```
-npm install
-npm run minify
-```
-
-This will create a single minimized file that can be included in
-the browser:
-
-```
-js/forge.min.js
-```
-
-Include the file via:
-
-```html
-<script src="js/forge.min.js"></script>
-```
-
-Note that the minify script depends on the requirejs package,
-and that the requirejs binary 'r.js' assumes that the name of
-the node binary is 'node' not 'nodejs', as it is on some
-systems. You may need to change the hashbang line to use
-'nodejs' or run the command manually.
-
-To create a single non-minimized file that can be included in
-the browser:
-
-```
-npm install
-npm run bundle
-```
-
-This will create:
-
-```
-js/forge.bundle.js
-```
-
-Include the file via:
-
-```html
-<script src="js/forge.bundle.js"></script>
-```
-
-The above bundles will synchronously create a global 'forge' object.
-
-Keep in mind that these bundles will not include any WebWorker
-scripts (eg: prime.worker.js) or their dependencies, so these will
-need to be accessible from the browser if any WebWorkers are used.
-
-### Testing with NodeJS & RequireJS ###
-
-A test server for [node.js][] can be found at `./nodejs`. The following are included:
-
- * Example of how to use `forge` within NodeJS in the form of a [mocha](http://mochajs.org/) test.
- * Example of how to serve `forge` to the browser using [RequireJS](http://requirejs.org/).
-
-To run:
-
- cd nodejs
- npm install
- npm test
- npm start
-
-
-### Old build system that includes flash support ###
-
-To build the whole project, including Flash, run the following:
-
- $ ./build-setup
- $ make
-
-This will create the SWF, symlink all the JavaScript files, and build a Python
-SSL module for testing. To see configure options, run `./configure --help`.
-
-### Old test system including flash support ###
-
-A test server is provided which can be run in TLS mode and non-TLS mode. Use
-the --help option to get help for configuring ports. The server will print out
-the local URL you can vist to run tests.
-
-Some of the simplier tests should be run with just the non-TLS server::
-
- $ ./tests/server.py
-
-More advanced tests need TLS enabled::
-
- $ ./tests/server.py --tls
-
-## Contributing
----------------
-
-Any contributions (eg: PRs) that are accepted will be brought under the same
-license used by the rest of the Forge project. This license allows Forge to
-be used under the terms of either the BSD License or the GNU General Public
-License (GPL) Version 2.
-
-See: [LICENSE](https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE)
-
-If a contribution contains 3rd party source code with its own license, it
-may retain it, so long as that license is compatible with the Forge license.
-
-## Documentation
-----------------
-
-### Transports
-
-* [TLS](#tls)
-* [HTTP](#http)
-* [SSH](#ssh)
-* [XHR](#xhr)
-* [Sockets](#socket)
-
-### Ciphers
-
-* [CIPHER](#cipher)
-* [AES](#aes)
-* [DES](#des)
-* [RC2](#rc2)
-
-### PKI
-
-* [RSA](#rsa)
-* [RSA-KEM](#rsakem)
-* [X.509](#x509)
-* [PKCS#5](#pkcs5)
-* [PKCS#7](#pkcs7)
-* [PKCS#8](#pkcs8)
-* [PKCS#10](#pkcs10)
-* [PKCS#12](#pkcs12)
-* [ASN.1](#asn)
-
-### Message Digests
-
-* [SHA1](#sha1)
-* [SHA256](#sha256)
-* [SHA384](#sha384)
-* [SHA512](#sha512)
-* [MD5](#md5)
-* [HMAC](#hmac)
-
-### Utilities
-
-* [Prime](#prime)
-* [PRNG](#prng)
-* [Tasks](#task)
-* [Utilities](#util)
-* [Logging](#log)
-* [Debugging](#debug)
-* [Flash Socket Policy Module](#fsp)
-
----------------------------------------
-
-If at any time you wish to disable the use of native code, where available,
-for particular forge features like its secure random number generator, you
-may set the ```disableNativeCode``` flag on ```forge``` to ```true```. It
-is not recommended that you set this flag as native code is typically more
-performant and may have stronger security properties. It may be useful to
-set this flag to test certain features that you plan to run in environments
-that are different from your testing environment.
-
-To disable native code when including forge in the browser:
-
-```js
-forge = {disableNativeCode: true};
-// now include forge script file(s)
-// Note: with this approach, script files *must*
-// be included after initializing the global forge var
-
-// alternatively, include script files first and then call
-forge = forge({disableNativeCode: true});
-
-// Note: forge will be permanently reconfigured now;
-// to avoid this but use the same "forge" var name,
-// you can wrap your code in a function to shadow the
-// global var, eg:
-(function(forge) {
- // ...
-})(forge({disableNativeCode: true}));
-```
-
-To disable native code when using node.js:
-
-```js
-var forge = require('node-forge')({disableNativeCode: true});
-```
-
----------------------------------------
-## Transports
-
-<a name="tls" />
-### TLS
-
-Provides a native javascript client and server-side [TLS][] implementation.
-
-__Examples__
-
-```js
-// create TLS client
-var client = forge.tls.createConnection({
- server: false,
- caStore: /* Array of PEM-formatted certs or a CA store object */,
- sessionCache: {},
- // supported cipher suites in order of preference
- cipherSuites: [
- forge.tls.CipherSuites.TLS_RSA_WITH_AES_128_CBC_SHA,
- forge.tls.CipherSuites.TLS_RSA_WITH_AES_256_CBC_SHA],
- virtualHost: 'example.com',
- verify: function(connection, verified, depth, certs) {
- if(depth === 0) {
- var cn = certs[0].subject.getField('CN').value;
- if(cn !== 'example.com') {
- verified = {
- alert: forge.tls.Alert.Description.bad_certificate,
- message: 'Certificate common name does not match hostname.'
- };
- }
- }
- return verified;
- },
- connected: function(connection) {
- console.log('connected');
- // send message to server
- connection.prepare(forge.util.encodeUtf8('Hi server!'));
- /* NOTE: experimental, start heartbeat retransmission timer
- myHeartbeatTimer = setInterval(function() {
- connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
- }, 5*60*1000);*/
- },
- /* provide a client-side cert if you want
- getCertificate: function(connection, hint) {
- return myClientCertificate;
- },
- /* the private key for the client-side cert if provided */
- getPrivateKey: function(connection, cert) {
- return myClientPrivateKey;
- },
- tlsDataReady: function(connection) {
- // TLS data (encrypted) is ready to be sent to the server
- sendToServerSomehow(connection.tlsData.getBytes());
- // if you were communicating with the server below, you'd do:
- // server.process(connection.tlsData.getBytes());
- },
- dataReady: function(connection) {
- // clear data from the server is ready
- console.log('the server sent: ' +
- forge.util.decodeUtf8(connection.data.getBytes()));
- // close connection
- connection.close();
- },
- /* NOTE: experimental
- heartbeatReceived: function(connection, payload) {
- // restart retransmission timer, look at payload
- clearInterval(myHeartbeatTimer);
- myHeartbeatTimer = setInterval(function() {
- connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
- }, 5*60*1000);
- payload.getBytes();
- },*/
- closed: function(connection) {
- console.log('disconnected');
- },
- error: function(connection, error) {
- console.log('uh oh', error);
- }
-});
-
-// start the handshake process
-client.handshake();
-
-// when encrypted TLS data is received from the server, process it
-client.process(encryptedBytesFromServer);
-
-// create TLS server
-var server = forge.tls.createConnection({
- server: true,
- caStore: /* Array of PEM-formatted certs or a CA store object */,
- sessionCache: {},
- // supported cipher suites in order of preference
- cipherSuites: [
- forge.tls.CipherSuites.TLS_RSA_WITH_AES_128_CBC_SHA,
- forge.tls.CipherSuites.TLS_RSA_WITH_AES_256_CBC_SHA],
- // require a client-side certificate if you want
- verifyClient: true,
- verify: function(connection, verified, depth, certs) {
- if(depth === 0) {
- var cn = certs[0].subject.getField('CN').value;
- if(cn !== 'the-client') {
- verified = {
- alert: forge.tls.Alert.Description.bad_certificate,
- message: 'Certificate common name does not match expected client.'
- };
- }
- }
- return verified;
- },
- connected: function(connection) {
- console.log('connected');
- // send message to client
- connection.prepare(forge.util.encodeUtf8('Hi client!'));
- /* NOTE: experimental, start heartbeat retransmission timer
- myHeartbeatTimer = setInterval(function() {
- connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
- }, 5*60*1000);*/
- },
- getCertificate: function(connection, hint) {
- return myServerCertificate;
- },
- getPrivateKey: function(connection, cert) {
- return myServerPrivateKey;
- },
- tlsDataReady: function(connection) {
- // TLS data (encrypted) is ready to be sent to the client
- sendToClientSomehow(connection.tlsData.getBytes());
- // if you were communicating with the client above you'd do:
- // client.process(connection.tlsData.getBytes());
- },
- dataReady: function(connection) {
- // clear data from the client is ready
- console.log('the client sent: ' +
- forge.util.decodeUtf8(connection.data.getBytes()));
- // close connection
- connection.close();
- },
- /* NOTE: experimental
- heartbeatReceived: function(connection, payload) {
- // restart retransmission timer, look at payload
- clearInterval(myHeartbeatTimer);
- myHeartbeatTimer = setInterval(function() {
- connection.prepareHeartbeatRequest(forge.util.createBuffer('1234'));
- }, 5*60*1000);
- payload.getBytes();
- },*/
- closed: function(connection) {
- console.log('disconnected');
- },
- error: function(connection, error) {
- console.log('uh oh', error);
- }
-});
-
-// when encrypted TLS data is received from the client, process it
-server.process(encryptedBytesFromClient);
-```
-
-Connect to a TLS server using node's net.Socket:
-
-```js
-var socket = new net.Socket();
-
-var client = forge.tls.createConnection({
- server: false,
- verify: function(connection, verified, depth, certs) {
- // skip verification for testing
- console.log('[tls] server certificate verified');
- return true;
- },
- connected: function(connection) {
- console.log('[tls] connected');
- // prepare some data to send (note that the string is interpreted as
- // 'binary' encoded, which works for HTTP which only uses ASCII, use
- // forge.util.encodeUtf8(str) otherwise
- client.prepare('GET / HTTP/1.0\r\n\r\n');
- },
- tlsDataReady: function(connection) {
- // encrypted data is ready to be sent to the server
- var data = connection.tlsData.getBytes();
- socket.write(data, 'binary'); // encoding should be 'binary'
- },
- dataReady: function(connection) {
- // clear data from the server is ready
- var data = connection.data.getBytes();
- console.log('[tls] data received from the server: ' + data);
- },
- closed: function() {
- console.log('[tls] disconnected');
- },
- error: function(connection, error) {
- console.log('[tls] error', error);
- }
-});
-
-socket.on('connect', function() {
- console.log('[socket] connected');
- client.handshake();
-});
-socket.on('data', function(data) {
- client.process(data.toString('binary')); // encoding should be 'binary'
-});
-socket.on('end', function() {
- console.log('[socket] disconnected');
-});
-
-// connect to google.com
-socket.connect(443, 'google.com');
-
-// or connect to gmail's imap server (but don't send the HTTP header above)
-//socket.connect(993, 'imap.gmail.com');
-```
-
-<a name="http" />
-### HTTP
-
-Provides a native [JavaScript][] mini-implementation of an http client that
-uses pooled sockets.
-
-__Examples__
-
-```js
-// create an HTTP GET request
-var request = forge.http.createRequest({method: 'GET', path: url.path});
-
-// send the request somewhere
-sendSomehow(request.toString());
-
-// receive response
-var buffer = forge.util.createBuffer();
-var response = forge.http.createResponse();
-var someAsyncDataHandler = function(bytes) {
- if(!response.bodyReceived) {
- buffer.putBytes(bytes);
- if(!response.headerReceived) {
- if(response.readHeader(buffer)) {
- console.log('HTTP response header: ' + response.toString());
- }
- }
- if(response.headerReceived && !response.bodyReceived) {
- if(response.readBody(buffer)) {
- console.log('HTTP response body: ' + response.body);
- }
- }
- }
-};
-```
-
-<a name="ssh" />
-### SSH
-
-Provides some SSH utility functions.
-
-__Examples__
-
-```js
-// encodes (and optionally encrypts) a private RSA key as a Putty PPK file
-forge.ssh.privateKeyToPutty(privateKey, passphrase, comment);
-
-// encodes a public RSA key as an OpenSSH file
-forge.ssh.publicKeyToOpenSSH(key, comment);
-
-// encodes a private RSA key as an OpenSSH file
-forge.ssh.privateKeyToOpenSSH(privateKey, passphrase);
-
-// gets the SSH public key fingerprint in a byte buffer
-forge.ssh.getPublicKeyFingerprint(key);
-
-// gets a hex-encoded, colon-delimited SSH public key fingerprint
-forge.ssh.getPublicKeyFingerprint(key, {encoding: 'hex', delimiter: ':'});
-```
-
-<a name="xhr" />
-### XHR
-
-Provides an XmlHttpRequest implementation using forge.http as a backend.
-
-__Examples__
-
-```js
-```
-
-<a name="socket" />
-### Sockets
-
-Provides an interface to create and use raw sockets provided via Flash.
-
-__Examples__
-
-```js
-```
-
----------------------------------------
-## Ciphers
-
-<a name="cipher" />
-### CIPHER
-
-Provides a basic API for block encryption and decryption. There is built-in
-support for the ciphers: [AES][], [3DES][], and [DES][], and for the modes
-of operation: [ECB][], [CBC][], [CFB][], [OFB][], [CTR][], and [GCM][].
-
-These algorithms are currently supported:
-
-* AES-ECB
-* AES-CBC
-* AES-CFB
-* AES-OFB
-* AES-CTR
-* AES-GCM
-* 3DES-ECB
-* 3DES-CBC
-* DES-ECB
-* DES-CBC
-
-When using an [AES][] algorithm, the key size will determine whether
-AES-128, AES-192, or AES-256 is used (all are supported). When a [DES][]
-algorithm is used, the key size will determine whether [3DES][] or regular
-[DES][] is used. Use a [3DES][] algorithm to enforce Triple-DES.
-
-__Examples__
-
-```js
-// generate a random key and IV
-// Note: a key size of 16 bytes will use AES-128, 24 => AES-192, 32 => AES-256
-var key = forge.random.getBytesSync(16);
-var iv = forge.random.getBytesSync(16);
-
-/* alternatively, generate a password-based 16-byte key
-var salt = forge.random.getBytesSync(128);
-var key = forge.pkcs5.pbkdf2('password', salt, numIterations, 16);
-*/
-
-// encrypt some bytes using CBC mode
-// (other modes include: ECB, CFB, OFB, CTR, and GCM)
-var cipher = forge.cipher.createCipher('AES-CBC', key);
-cipher.start({iv: iv});
-cipher.update(forge.util.createBuffer(someBytes));
-cipher.finish();
-var encrypted = cipher.output;
-// outputs encrypted hex
-console.log(encrypted.toHex());
-
-// decrypt some bytes using CBC mode
-// (other modes include: CFB, OFB, CTR, and GCM)
-var decipher = forge.cipher.createDecipher('AES-CBC', key);
-decipher.start({iv: iv});
-decipher.update(encrypted);
-decipher.finish();
-// outputs decrypted hex
-console.log(decipher.output.toHex());
-
-// encrypt some bytes using GCM mode
-var cipher = forge.cipher.createCipher('AES-GCM', key);
-cipher.start({
- iv: iv, // should be a 12-byte binary-encoded string or byte buffer
- additionalData: 'binary-encoded string', // optional
- tagLength: 128 // optional, defaults to 128 bits
-});
-cipher.update(forge.util.createBuffer(someBytes));
-cipher.finish();
-var encrypted = cipher.output;
-var tag = cipher.mode.tag;
-// outputs encrypted hex
-console.log(encrypted.toHex());
-// outputs authentication tag
-console.log(tag.toHex());
-
-// decrypt some bytes using GCM mode
-var decipher = forge.cipher.createDecipher('AES-GCM', key);
-decipher.start({
- iv: iv,
- additionalData: 'binary-encoded string', // optional
- tagLength: 128, // optional, defaults to 128 bits
- tag: tag // authentication tag from encryption
-});
-decipher.update(encrypted);
-var pass = decipher.finish();
-// pass is false if there was a failure (eg: authentication tag didn't match)
-if(pass) {
- // outputs decrypted hex
- console.log(decipher.output.toHex());
-}
-```
-
-Using forge in node.js to match openssl's "enc" command line tool (**Note**: OpenSSL "enc" uses a non-standard file format with a custom key derivation function and a fixed iteration count of 1, which some consider less secure than alternatives such as [OpenPGP](https://tools.ietf.org/html/rfc4880)/[GnuPG](https://www.gnupg.org/)):
-
-```js
-var forge = require('node-forge');
-var fs = require('fs');
-
-// openssl enc -des3 -in input.txt -out input.enc
-function encrypt(password) {
- var input = fs.readFileSync('input.txt', {encoding: 'binary'});
-
- // 3DES key and IV sizes
- var keySize = 24;
- var ivSize = 8;
-
- // get derived bytes
- // Notes:
- // 1. If using an alternative hash (eg: "-md sha1") pass
- // "forge.md.sha1.create()" as the final parameter.
- // 2. If using "-nosalt", set salt to null.
- var salt = forge.random.getBytesSync(8);
- // var md = forge.md.sha1.create(); // "-md sha1"
- var derivedBytes = forge.pbe.opensslDeriveBytes(
- password, salt, keySize + ivSize/*, md*/);
- var buffer = forge.util.createBuffer(derivedBytes);
- var key = buffer.getBytes(keySize);
- var iv = buffer.getBytes(ivSize);
-
- var cipher = forge.cipher.createCipher('3DES-CBC', key);
- cipher.start({iv: iv});
- cipher.update(forge.util.createBuffer(input, 'binary'));
- cipher.finish();
-
- var output = forge.util.createBuffer();
-
- // if using a salt, prepend this to the output:
- if(salt !== null) {
- output.putBytes('Salted__'); // (add to match openssl tool output)
- output.putBytes(salt);
- }
- output.putBuffer(cipher.output);
-
- fs.writeFileSync('input.enc', output.getBytes(), {encoding: 'binary'});
-}
-
-// openssl enc -d -des3 -in input.enc -out input.dec.txt
-function decrypt(password) {
- var input = fs.readFileSync('input.enc', {encoding: 'binary'});
-
- // parse salt from input
- input = forge.util.createBuffer(input, 'binary');
- // skip "Salted__" (if known to be present)
- input.getBytes('Salted__'.length);
- // read 8-byte salt
- var salt = input.getBytes(8);
-
- // Note: if using "-nosalt", skip above parsing and use
- // var salt = null;
-
- // 3DES key and IV sizes
- var keySize = 24;
- var ivSize = 8;
-
- var derivedBytes = forge.pbe.opensslDeriveBytes(
- password, salt, keySize + ivSize);
- var buffer = forge.util.createBuffer(derivedBytes);
- var key = buffer.getBytes(keySize);
- var iv = buffer.getBytes(ivSize);
-
- var decipher = forge.cipher.createDecipher('3DES-CBC', key);
- decipher.start({iv: iv});
- decipher.update(input);
- var result = decipher.finish(); // check 'result' for true/false
-
- fs.writeFileSync(
- 'input.dec.txt', decipher.output.getBytes(), {encoding: 'binary'});
-}
-```
-
-<a name="aes" />
-### AES
-
-Provides [AES][] encryption and decryption in [CBC][], [CFB][], [OFB][],
-[CTR][], and [GCM][] modes. See [CIPHER](#cipher) for examples.
-
-<a name="des" />
-### DES
-
-Provides [3DES][] and [DES][] encryption and decryption in [ECB][] and
-[CBC][] modes. See [CIPHER](#cipher) for examples.
-
-<a name="rc2" />
-### RC2
-
-__Examples__
-
-```js
-// generate a random key and IV
-var key = forge.random.getBytesSync(16);
-var iv = forge.random.getBytesSync(8);
-
-// encrypt some bytes
-var cipher = forge.rc2.createEncryptionCipher(key);
-cipher.start(iv);
-cipher.update(forge.util.createBuffer(someBytes));
-cipher.finish();
-var encrypted = cipher.output;
-// outputs encrypted hex
-console.log(encrypted.toHex());
-
-// decrypt some bytes
-var cipher = forge.rc2.createDecryptionCipher(key);
-cipher.start(iv);
-cipher.update(encrypted);
-cipher.finish();
-// outputs decrypted hex
-console.log(cipher.output.toHex());
-```
----------------------------------------
-## PKI
-
-Provides [X.509][] certificate and RSA public and private key encoding,
-decoding, encryption/decryption, and signing/verifying.
-
-<a name="rsa" />
-### RSA
-
-__Examples__
-
-```js
-var rsa = forge.pki.rsa;
-
-// generate an RSA key pair synchronously
-var keypair = rsa.generateKeyPair({bits: 2048, e: 0x10001});
-
-// generate an RSA key pair asynchronously (uses web workers if available)
-// use workers: -1 to run a fast core estimator to optimize # of workers
-rsa.generateKeyPair({bits: 2048, workers: 2}, function(err, keypair) {
- // keypair.privateKey, keypair.publicKey
-});
-
-// generate an RSA key pair in steps that attempt to run for a specified period
-// of time on the main JS thread
-var state = rsa.createKeyPairGenerationState(2048, 0x10001);
-var step = function() {
- // run for 100 ms
- if(!rsa.stepKeyPairGenerationState(state, 100)) {
- setTimeout(step, 1);
- }
- else {
- // done, turn off progress indicator, use state.keys
- }
-};
-// turn on progress indicator, schedule generation to run
-setTimeout(step);
-
-// sign data with a private key and output DigestInfo DER-encoded bytes
-// (defaults to RSASSA PKCS#1 v1.5)
-var md = forge.md.sha1.create();
-md.update('sign this', 'utf8');
-var signature = privateKey.sign(md);
-
-// verify data with a public key
-// (defaults to RSASSA PKCS#1 v1.5)
-var verified = publicKey.verify(md.digest().bytes(), signature);
-
-// sign data using RSASSA-PSS where PSS uses a SHA-1 hash, a SHA-1 based
-// masking function MGF1, and a 20 byte salt
-var md = forge.md.sha1.create();
-md.update('sign this', 'utf8');
-var pss = forge.pss.create({
- md: forge.md.sha1.create(),
- mgf: forge.mgf.mgf1.create(forge.md.sha1.create()),
- saltLength: 20
- // optionally pass 'prng' with a custom PRNG implementation
- // optionalls pass 'salt' with a forge.util.ByteBuffer w/custom salt
-});
-var signature = privateKey.sign(md, pss);
-
-// verify RSASSA-PSS signature
-var pss = forge.pss.create({
- md: forge.md.sha1.create(),
- mgf: forge.mgf.mgf1.create(forge.md.sha1.create()),
- saltLength: 20
- // optionally pass 'prng' with a custom PRNG implementation
-});
-var md = forge.md.sha1.create();
-md.update('sign this', 'utf8');
-publicKey.verify(md.digest().getBytes(), signature, pss);
-
-// encrypt data with a public key (defaults to RSAES PKCS#1 v1.5)
-var encrypted = publicKey.encrypt(bytes);
-
-// decrypt data with a private key (defaults to RSAES PKCS#1 v1.5)
-var decrypted = privateKey.decrypt(encrypted);
-
-// encrypt data with a public key using RSAES PKCS#1 v1.5
-var encrypted = publicKey.encrypt(bytes, 'RSAES-PKCS1-V1_5');
-
-// decrypt data with a private key using RSAES PKCS#1 v1.5
-var decrypted = privateKey.decrypt(encrypted, 'RSAES-PKCS1-V1_5');
-
-// encrypt data with a public key using RSAES-OAEP
-var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP');
-
-// decrypt data with a private key using RSAES-OAEP
-var decrypted = privateKey.decrypt(encrypted, 'RSA-OAEP');
-
-// encrypt data with a public key using RSAES-OAEP/SHA-256
-var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP', {
- md: forge.md.sha256.create()
-});
-
-// decrypt data with a private key using RSAES-OAEP/SHA-256
-var decrypted = privateKey.decrypt(encrypted, 'RSA-OAEP', {
- md: forge.md.sha256.create()
-});
-
-// encrypt data with a public key using RSAES-OAEP/SHA-256/MGF1-SHA-1
-// compatible with Java's RSA/ECB/OAEPWithSHA-256AndMGF1Padding
-var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP', {
- md: forge.md.sha256.create(),
- mgf1: {
- md: forge.md.sha1.create()
- }
-});
-
-// decrypt data with a private key using RSAES-OAEP/SHA-256/MGF1-SHA-1
-// compatible with Java's RSA/ECB/OAEPWithSHA-256AndMGF1Padding
-var decrypted = privateKey.decrypt(encrypted, 'RSA-OAEP', {
- md: forge.md.sha256.create(),
- mgf1: {
- md: forge.md.sha1.create()
- }
-});
-
-```
-
-<a name="rsakem" />
-### RSA-KEM
-
-__Examples__
-
-```js
-// generate an RSA key pair asynchronously (uses web workers if available)
-// use workers: -1 to run a fast core estimator to optimize # of workers
-forge.rsa.generateKeyPair({bits: 2048, workers: -1}, function(err, keypair) {
- // keypair.privateKey, keypair.publicKey
-});
-
-// generate and encapsulate a 16-byte secret key
-var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
-var kem = forge.kem.rsa.create(kdf1);
-var result = kem.encrypt(keypair.publicKey, 16);
-// result has 'encapsulation' and 'key'
-
-// encrypt some bytes
-var iv = forge.random.getBytesSync(12);
-var someBytes = 'hello world!';
-var cipher = forge.cipher.createCipher('AES-GCM', result.key);
-cipher.start({iv: iv});
-cipher.update(forge.util.createBuffer(someBytes));
-cipher.finish();
-var encrypted = cipher.output.getBytes();
-var tag = cipher.mode.tag.getBytes();
-
-// send 'encrypted', 'iv', 'tag', and result.encapsulation to recipient
-
-// decrypt encapsulated 16-byte secret key
-var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
-var kem = forge.kem.rsa.create(kdf1);
-var key = kem.decrypt(keypair.privateKey, result.encapsulation, 16);
-
-// decrypt some bytes
-var decipher = forge.cipher.createDecipher('AES-GCM', key);
-decipher.start({iv: iv, tag: tag});
-decipher.update(forge.util.createBuffer(encrypted));
-var pass = decipher.finish();
-// pass is false if there was a failure (eg: authentication tag didn't match)
-if(pass) {
- // outputs 'hello world!'
- console.log(decipher.output.getBytes());
-}
-
-```
-
-<a name="x509" />
-### X.509
-
-__Examples__
-
-```js
-var pki = forge.pki;
-
-// convert a PEM-formatted public key to a Forge public key
-var publicKey = pki.publicKeyFromPem(pem);
-
-// convert a Forge public key to PEM-format
-var pem = pki.publicKeyToPem(publicKey);
-
-// convert an ASN.1 SubjectPublicKeyInfo to a Forge public key
-var publicKey = pki.publicKeyFromAsn1(subjectPublicKeyInfo);
-
-// convert a Forge public key to an ASN.1 SubjectPublicKeyInfo
-var subjectPublicKeyInfo = pki.publicKeyToAsn1(publicKey);
-
-// gets a SHA-1 RSAPublicKey fingerprint a byte buffer
-pki.getPublicKeyFingerprint(key);
-
-// gets a SHA-1 SubjectPublicKeyInfo fingerprint a byte buffer
-pki.getPublicKeyFingerprint(key, {type: 'SubjectPublicKeyInfo'});
-
-// gets a hex-encoded, colon-delimited SHA-1 RSAPublicKey public key fingerprint
-pki.getPublicKeyFingerprint(key, {encoding: 'hex', delimiter: ':'});
-
-// gets a hex-encoded, colon-delimited SHA-1 SubjectPublicKeyInfo public key fingerprint
-pki.getPublicKeyFingerprint(key, {
- type: 'SubjectPublicKeyInfo',
- encoding: 'hex',
- delimiter: ':'
-});
-
-// gets a hex-encoded, colon-delimited MD5 RSAPublicKey public key fingerprint
-pki.getPublicKeyFingerprint(key, {
- md: forge.md.md5.create(),
- encoding: 'hex',
- delimiter: ':'
-});
-
-// creates a CA store
-var caStore = pki.createCaStore([/* PEM-encoded cert */, ...]);
-
-// add a certificate to the CA store
-caStore.addCertificate(certObjectOrPemString);
-
-// gets the issuer (its certificate) for the given certificate
-var issuerCert = caStore.getIssuer(subjectCert);
-
-// verifies a certificate chain against a CA store
-pki.verifyCertificateChain(caStore, chain, customVerifyCallback);
-
-// signs a certificate using the given private key
-cert.sign(privateKey);
-
-// signs a certificate using SHA-256 instead of SHA-1
-cert.sign(privateKey, forge.md.sha256.create());
-
-// verifies an issued certificate using the certificates public key
-var verified = issuer.verify(issued);
-
-// generate a keypair and create an X.509v3 certificate
-var keys = pki.rsa.generateKeyPair(2048);
-var cert = pki.createCertificate();
-cert.publicKey = keys.publicKey;
-// alternatively set public key from a csr
-//cert.publicKey = csr.publicKey;
-cert.serialNumber = '01';
-cert.validity.notBefore = new Date();
-cert.validity.notAfter = new Date();
-cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);
-var attrs = [{
- name: 'commonName',
- value: 'example.org'
-}, {
- name: 'countryName',
- value: 'US'
-}, {
- shortName: 'ST',
- value: 'Virginia'
-}, {
- name: 'localityName',
- value: 'Blacksburg'
-}, {
- name: 'organizationName',
- value: 'Test'
-}, {
- shortName: 'OU',
- value: 'Test'
-}];
-cert.setSubject(attrs);
-// alternatively set subject from a csr
-//cert.setSubject(csr.subject.attributes);
-cert.setIssuer(attrs);
-cert.setExtensions([{
- name: 'basicConstraints',
- cA: true
-}, {
- name: 'keyUsage',
- keyCertSign: true,
- digitalSignature: true,
- nonRepudiation: true,
- keyEncipherment: true,
- dataEncipherment: true
-}, {
- name: 'extKeyUsage',
- serverAuth: true,
- clientAuth: true,
- codeSigning: true,
- emailProtection: true,
- timeStamping: true
-}, {
- name: 'nsCertType',
- client: true,
- server: true,
- email: true,
- objsign: true,
- sslCA: true,
- emailCA: true,
- objCA: true
-}, {
- name: 'subjectAltName',
- altNames: [{
- type: 6, // URI
- value: 'http://example.org/webid#me'
- }, {
- type: 7, // IP
- ip: '127.0.0.1'
- }]
-}, {
- name: 'subjectKeyIdentifier'
-}]);
-/* alternatively set extensions from a csr
-var extensions = csr.getAttribute({name: 'extensionRequest'}).extensions;
-// optionally add more extensions
-extensions.push.apply(extensions, [{
- name: 'basicConstraints',
- cA: true
-}, {
- name: 'keyUsage',
- keyCertSign: true,
- digitalSignature: true,
- nonRepudiation: true,
- keyEncipherment: true,
- dataEncipherment: true
-}]);
-cert.setExtensions(extensions);
-*/
-// self-sign certificate
-cert.sign(keys.privateKey);
-
-// convert a Forge certificate to PEM
-var pem = pki.certificateToPem(cert);
-
-// convert a Forge certificate from PEM
-var cert = pki.certificateFromPem(pem);
-
-// convert an ASN.1 X.509x3 object to a Forge certificate
-var cert = pki.certificateFromAsn1(obj);
-
-// convert a Forge certificate to an ASN.1 X.509v3 object
-var asn1Cert = pki.certificateToAsn1(cert);
-```
-
-<a name="pkcs5" />
-### PKCS#5
-
-Provides the password-based key-derivation function from [PKCS#5][].
-
-__Examples__
-
-```js
-// generate a password-based 16-byte key
-// note an optional message digest can be passed as the final parameter
-var salt = forge.random.getBytesSync(128);
-var derivedKey = forge.pkcs5.pbkdf2('password', salt, numIterations, 16);
-
-// generate key asynchronously
-// note an optional message digest can be passed before the callback
-forge.pkcs5.pbkdf2('password', salt, numIterations, 16, function(err, derivedKey) {
- // do something w/derivedKey
-});
-```
-
-<a name="pkcs7" />
-### PKCS#7
-
-Provides cryptographically protected messages from [PKCS#7][].
-
-__Examples__
-
-```js
-// convert a message from PEM
-var p7 = forge.pkcs7.messageFromPem(pem);
-// look at p7.recipients
-
-// find a recipient by the issuer of a certificate
-var recipient = p7.findRecipient(cert);
-
-// decrypt
-p7.decrypt(p7.recipients[0], privateKey);
-
-// create a p7 enveloped message
-var p7 = forge.pkcs7.createEnvelopedData();
-
-// add a recipient
-var cert = forge.pki.certificateFromPem(certPem);
-p7.addRecipient(cert);
-
-// set content
-p7.content = forge.util.createBuffer('Hello');
-
-// encrypt
-p7.encrypt();
-
-// convert message to PEM
-var pem = forge.pkcs7.messageToPem(p7);
-
-// create a degenerate PKCS#7 certificate container
-// (CRLs not currently supported, only certificates)
-var p7 = forge.pkcs7.createSignedData();
-p7.addCertificate(certOrCertPem1);
-p7.addCertificate(certOrCertPem2);
-var pem = forge.pkcs7.messageToPem(p7);
-```
-
-<a name="pkcs8" />
-### PKCS#8
-
-__Examples__
-
-```js
-var pki = forge.pki;
-
-// convert a PEM-formatted private key to a Forge private key
-var privateKey = pki.privateKeyFromPem(pem);
-
-// convert a Forge private key to PEM-format
-var pem = pki.privateKeyToPem(privateKey);
-
-// convert an ASN.1 PrivateKeyInfo or RSAPrivateKey to a Forge private key
-var privateKey = pki.privateKeyFromAsn1(rsaPrivateKey);
-
-// convert a Forge private key to an ASN.1 RSAPrivateKey
-var rsaPrivateKey = pki.privateKeyToAsn1(privateKey);
-
-// wrap an RSAPrivateKey ASN.1 object in a PKCS#8 ASN.1 PrivateKeyInfo
-var privateKeyInfo = pki.wrapRsaPrivateKey(rsaPrivateKey);
-
-// convert a PKCS#8 ASN.1 PrivateKeyInfo to PEM
-var pem = pki.privateKeyInfoToPem(privateKeyInfo);
-
-// encrypts a PrivateKeyInfo and outputs an EncryptedPrivateKeyInfo
-var encryptedPrivateKeyInfo = pki.encryptPrivateKeyInfo(
- privateKeyInfo, 'password', {
- algorithm: 'aes256', // 'aes128', 'aes192', 'aes256', '3des'
- });
-
-// decrypts an ASN.1 EncryptedPrivateKeyInfo
-var privateKeyInfo = pki.decryptPrivateKeyInfo(
- encryptedPrivateKeyInfo, 'password');
-
-// converts an EncryptedPrivateKeyInfo to PEM
-var pem = pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);
-
-// converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format
-var encryptedPrivateKeyInfo = pki.encryptedPrivateKeyFromPem(pem);
-
-// wraps and encrypts a Forge private key and outputs it in PEM format
-var pem = pki.encryptRsaPrivateKey(privateKey, 'password');
-
-// encrypts a Forge private key and outputs it in PEM format using OpenSSL's
-// proprietary legacy format + encapsulated PEM headers (DEK-Info)
-var pem = pki.encryptRsaPrivateKey(privateKey, 'password', {legacy: true});
-
-// decrypts a PEM-formatted, encrypted private key
-var privateKey = pki.decryptRsaPrivateKey(pem, 'password');
-
-// sets an RSA public key from a private key
-var publicKey = pki.setRsaPublicKey(privateKey.n, privateKey.e);
-```
-
-<a name="pkcs10" />
-### PKCS#10
-
-Provides certification requests or certificate signing requests (CSR) from
-[PKCS#10][].
-
-__Examples__
-
-```js
-// generate a key pair
-var keys = forge.pki.rsa.generateKeyPair(1024);
-
-// create a certification request (CSR)
-var csr = forge.pki.createCertificationRequest();
-csr.publicKey = keys.publicKey;
-csr.setSubject([{
- name: 'commonName',
- value: 'example.org'
-}, {
- name: 'countryName',
- value: 'US'
-}, {
- shortName: 'ST',
- value: 'Virginia'
-}, {
- name: 'localityName',
- value: 'Blacksburg'
-}, {
- name: 'organizationName',
- value: 'Test'
-}, {
- shortName: 'OU',
- value: 'Test'
-}]);
-// set (optional) attributes
-csr.setAttributes([{
- name: 'challengePassword',
- value: 'password'
-}, {
- name: 'unstructuredName',
- value: 'My Company, Inc.'
-}, {
- name: 'extensionRequest',
- extensions: [{
- name: 'subjectAltName',
- altNames: [{
- // 2 is DNS type
- type: 2,
- value: 'test.domain.com'
- }, {
- type: 2,
- value: 'other.domain.com',
- }, {
- type: 2,
- value: 'www.domain.net'
- }]
- }]
-}]);
-
-// sign certification request
-csr.sign(keys.privateKey);
-
-// verify certification request
-var verified = csr.verify();
-
-// convert certification request to PEM-format
-var pem = forge.pki.certificationRequestToPem(csr);
-
-// convert a Forge certification request from PEM-format
-var csr = forge.pki.certificationRequestFromPem(pem);
-
-// get an attribute
-csr.getAttribute({name: 'challengePassword'});
-
-// get extensions array
-csr.getAttribute({name: 'extensionRequest'}).extensions;
-
-```
-
-<a name="pkcs12" />
-### PKCS#12
-
-Provides the cryptographic archive file format from [PKCS#12][].
-
-__Examples__
-
-```js
-// decode p12 from base64
-var p12Der = forge.util.decode64(p12b64);
-// get p12 as ASN.1 object
-var p12Asn1 = forge.asn1.fromDer(p12Der);
-// decrypt p12 using the password 'password'
-var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, 'password');
-// decrypt p12 using non-strict parsing mode (resolves some ASN.1 parse errors)
-var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, false, 'password');
-// decrypt p12 using literally no password (eg: Mac OS X/apple push)
-var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1);
-// decrypt p12 using an "empty" password (eg: OpenSSL with no password input)
-var p12 = forge.pkcs12.pkcs12FromAsn1(p12Asn1, '');
-// p12.safeContents is an array of safe contents, each of
-// which contains an array of safeBags
-
-// get bags by friendlyName
-var bags = p12.getBags({friendlyName: 'test'});
-// bags are key'd by attribute type (here "friendlyName")
-// and the key values are an array of matching objects
-var cert = bags.friendlyName[0];
-
-// get bags by localKeyId
-var bags = p12.getBags({localKeyId: buffer});
-// bags are key'd by attribute type (here "localKeyId")
-// and the key values are an array of matching objects
-var cert = bags.localKeyId[0];
-
-// get bags by localKeyId (input in hex)
-var bags = p12.getBags({localKeyIdHex: '7b59377ff142d0be4565e9ac3d396c01401cd879'});
-// bags are key'd by attribute type (here "localKeyId", *not* "localKeyIdHex")
-// and the key values are an array of matching objects
-var cert = bags.localKeyId[0];
-
-// get bags by type
-var bags = p12.getBags({bagType: forge.pki.oids.certBag});
-// bags are key'd by bagType and each bagType key's value
-// is an array of matches (in this case, certificate objects)
-var cert = bags[forge.pki.oids.certBag][0];
-
-// get bags by friendlyName and filter on bag type
-var bags = p12.getBags({
- friendlyName: 'test',
- bagType: forge.pki.oids.certBag
-});
-
-// get key bags
-var bags = p12.getBags({bagType: forge.pki.oids.keyBag});
-// get key
-var bag = bags[forge.pki.oids.keyBag][0];
-var key = bag.key;
-// if the key is in a format unrecognized by forge then
-// bag.key will be `null`, use bag.asn1 to get the ASN.1
-// representation of the key
-if(bag.key === null) {
- var keyAsn1 = bag.asn1;
- // can now convert back to DER/PEM/etc for export
-}
-
-// generate a p12 using AES (default)
-var p12Asn1 = forge.pkcs12.toPkcs12Asn1(
- privateKey, certificateChain, 'password');
-
-// generate a p12 that can be imported by Chrome/Firefox
-// (requires the use of Triple DES instead of AES)
-var p12Asn1 = forge.pkcs12.toPkcs12Asn1(
- privateKey, certificateChain, 'password',
- {algorithm: '3des'});
-
-// base64-encode p12
-var p12Der = forge.asn1.toDer(p12Asn1).getBytes();
-var p12b64 = forge.util.encode64(p12Der);
-
-// create download link for p12
-var a = document.createElement('a');
-a.download = 'example.p12';
-a.setAttribute('href', 'data:application/x-pkcs12;base64,' + p12b64);
-a.appendChild(document.createTextNode('Download'));
-```
-
-<a name="asn" />
-### ASN.1
-
-Provides [ASN.1][] DER encoding and decoding.
-
-__Examples__
-
-```js
-var asn1 = forge.asn1;
-
-// create a SubjectPublicKeyInfo
-var subjectPublicKeyInfo =
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // AlgorithmIdentifier
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // algorithm
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
- asn1.oidToDer(pki.oids['rsaEncryption']).getBytes()),
- // parameters (null)
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
- ]),
- // subjectPublicKey
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [
- // RSAPublicKey
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
- // modulus (n)
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
- _bnToBytes(key.n)),
- // publicExponent (e)
- asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
- _bnToBytes(key.e))
- ])
- ])
- ]);
-
-// serialize an ASN.1 object to DER format
-var derBuffer = asn1.toDer(subjectPublicKeyInfo);
-
-// deserialize to an ASN.1 object from a byte buffer filled with DER data
-var object = asn1.fromDer(derBuffer);
-
-// convert an OID dot-separated string to a byte buffer
-var derOidBuffer = asn1.oidToDer('1.2.840.113549.1.1.5');
-
-// convert a byte buffer with a DER-encoded OID to a dot-separated string
-console.log(asn1.derToDer(derOidBuffer));
-// output: 1.2.840.113549.1.1.5
-
-// validates that an ASN.1 object matches a particular ASN.1 structure and
-// captures data of interest from that structure for easy access
-var publicKeyValidator = {
- name: 'SubjectPublicKeyInfo',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- captureAsn1: 'subjectPublicKeyInfo',
- value: [{
- name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- value: [{
- name: 'AlgorithmIdentifier.algorithm',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.OID,
- constructed: false,
- capture: 'publicKeyOid'
- }]
- }, {
- // subjectPublicKey
- name: 'SubjectPublicKeyInfo.subjectPublicKey',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.BITSTRING,
- constructed: false,
- value: [{
- // RSAPublicKey
- name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
- tagClass: asn1.Class.UNIVERSAL,
- type: asn1.Type.SEQUENCE,
- constructed: true,
- optional: true,
- captureAsn1: 'rsaPublicKey'
- }]
- }]
-};
-
-var capture = {};
-var errors = [];
-if(!asn1.validate(
- publicKeyValidator, subjectPublicKeyInfo, validator, capture, errors)) {
- throw 'ASN.1 object is not a SubjectPublicKeyInfo.';
-}
-// capture.subjectPublicKeyInfo contains the full ASN.1 object
-// capture.rsaPublicKey contains the full ASN.1 object for the RSA public key
-// capture.publicKeyOid only contains the value for the OID
-var oid = asn1.derToOid(capture.publicKeyOid);
-if(oid !== pki.oids['rsaEncryption']) {
- throw 'Unsupported OID.';
-}
-
-// pretty print an ASN.1 object to a string for debugging purposes
-asn1.prettyPrint(object);
-```
-
----------------------------------------
-## Message Digests
-
-<a name="sha1" />
-### SHA1
-
-Provides [SHA-1][] message digests.
-
-__Examples__
-
-```js
-var md = forge.md.sha1.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
-```
-
-<a name="sha256" />
-### SHA256
-
-Provides [SHA-256][] message digests.
-
-__Examples__
-
-```js
-var md = forge.md.sha256.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592
-```
-
-<a name="sha384" />
-### SHA384
-
-Provides [SHA-384][] message digests.
-
-__Examples__
-
-```js
-var md = forge.md.sha384.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1
-```
-
-<a name="sha512" />
-### SHA512
-
-Provides [SHA-512][] message digests.
-
-__Examples__
-
-```js
-// SHA-512
-var md = forge.md.sha512.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: 07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6
-
-// SHA-512/224
-var md = forge.md.sha512.sha224.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: 944cd2847fb54558d4775db0485a50003111c8e5daa63fe722c6aa37
-
-// SHA-512/256
-var md = forge.md.sha512.sha256.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: dd9d67b371519c339ed8dbd25af90e976a1eeefd4ad3d889005e532fc5bef04d
-```
-
-<a name="md5" />
-### MD5
-
-Provides [MD5][] message digests.
-
-__Examples__
-
-```js
-var md = forge.md.md5.create();
-md.update('The quick brown fox jumps over the lazy dog');
-console.log(md.digest().toHex());
-// output: 9e107d9d372bb6826bd81d3542a419d6
-```
-
-<a name="hmac" />
-### HMAC
-
-Provides [HMAC][] w/any supported message digest algorithm.
-
-__Examples__
-
-```js
-var hmac = forge.hmac.create();
-hmac.start('sha1', 'Jefe');
-hmac.update('what do ya want for nothing?');
-console.log(hmac.digest().toHex());
-// output: effcdf6ae5eb2fa2d27416d5f184df9c259a7c79
-```
-
----------------------------------------
-## Utilities
-
-<a name="prime" />
-### Prime
-
-Provides an API for generating large, random, probable primes.
-
-__Examples__
-
-```js
-// generate a random prime on the main JS thread
-var bits = 1024;
-forge.prime.generateProbablePrime(bits, function(err, num) {
- console.log('random prime', num.toString(16));
-});
-
-// generate a random prime using Web Workers (if available, otherwise
-// falls back to the main thread)
-var bits = 1024;
-var options = {
- algorithm: {
- name: 'PRIMEINC',
- workers: -1 // auto-optimize # of workers
- }
-};
-forge.prime.generateProbablePrime(bits, options, function(err, num) {
- console.log('random prime', num.toString(16));
-});
-```
-
-<a name="prng" />
-### PRNG
-
-Provides a [Fortuna][]-based cryptographically-secure pseudo-random number
-generator, to be used with a cryptographic function backend, e.g. [AES][]. An
-implementation using [AES][] as a backend is provided. An API for collecting
-entropy is given, though if window.crypto.getRandomValues is available, it will
-be used automatically.
-
-__Examples__
-
-```js
-// get some random bytes synchronously
-var bytes = forge.random.getBytesSync(32);
-console.log(forge.util.bytesToHex(bytes));
-
-// get some random bytes asynchronously
-forge.random.getBytes(32, function(err, bytes) {
- console.log(forge.util.bytesToHex(bytes));
-});
-
-// collect some entropy if you'd like
-forge.random.collect(someRandomBytes);
-jQuery().mousemove(function(e) {
- forge.random.collectInt(e.clientX, 16);
- forge.random.collectInt(e.clientY, 16);
-});
-
-// specify a seed file for use with the synchronous API if you'd like
-forge.random.seedFileSync = function(needed) {
- // get 'needed' number of random bytes from somewhere
- return fetchedRandomBytes;
-};
-
-// specify a seed file for use with the asynchronous API if you'd like
-forge.random.seedFile = function(needed, callback) {
- // get the 'needed' number of random bytes from somewhere
- callback(null, fetchedRandomBytes);
-});
-
-// register the main thread to send entropy or a Web Worker to receive
-// entropy on demand from the main thread
-forge.random.registerWorker(self);
-
-// generate a new instance of a PRNG with no collected entropy
-var myPrng = forge.random.createInstance();
-```
-
-<a name="task" />
-### Tasks
-
-Provides queuing and synchronizing tasks in a web application.
-
-__Examples__
-
-```js
-```
-
-<a name="util" />
-### Utilities
-
-Provides utility functions, including byte buffer support, base64,
-bytes to/from hex, zlib inflate/deflate, etc.
-
-__Examples__
-
-```js
-// encode/decode base64
-var encoded = forge.util.encode64(str);
-var str = forge.util.decode64(encoded);
-
-// encode/decode UTF-8
-var encoded = forge.util.encodeUtf8(str);
-var str = forge.util.decodeUtf8(encoded);
-
-// bytes to/from hex
-var bytes = forge.util.hexToBytes(hex);
-var hex = forge.util.bytesToHex(bytes);
-
-// create an empty byte buffer
-var buffer = forge.util.createBuffer();
-// create a byte buffer from raw binary bytes
-var buffer = forge.util.createBuffer(input, 'raw');
-// create a byte buffer from utf8 bytes
-var buffer = forge.util.createBuffer(input, 'utf8');
-
-// get the length of the buffer in bytes
-buffer.length();
-// put bytes into the buffer
-buffer.putBytes(bytes);
-// put a 32-bit integer into the buffer
-buffer.putInt32(10);
-// buffer to hex
-buffer.toHex();
-// get a copy of the bytes in the buffer
-bytes.bytes(/* count */);
-// empty this buffer and get its contents
-bytes.getBytes(/* count */);
-
-// convert a forge buffer into a node.js Buffer
-// make sure you specify the encoding as 'binary'
-var forgeBuffer = forge.util.createBuffer();
-var nodeBuffer = new Buffer(forgeBuffer.getBytes(), 'binary');
-
-// convert a node.js Buffer into a forge buffer
-// make sure you specify the encoding as 'binary'
-var nodeBuffer = new Buffer();
-var forgeBuffer = forge.util.createBuffer(nodeBuffer.toString('binary'));
-
-// parse a URL
-var parsed = forge.util.parseUrl('http://example.com/foo?bar=baz');
-// parsed.scheme, parsed.host, parsed.port, parsed.path, parsed.fullHost
-```
-
-<a name="log" />
-### Logging
-
-Provides logging to a javascript console using various categories and
-levels of verbosity.
-
-__Examples__
-
-```js
-```
-
-<a name="debug" />
-### Debugging
-
-Provides storage of debugging information normally inaccessible in
-closures for viewing/investigation.
-
-__Examples__
-
-```js
-```
-
-<a name="fsp" />
-### Flash Socket Policy Module
-
-Provides an [Apache][] module "mod_fsp" that can serve up a Flash Socket
-Policy. See `mod_fsp/README` for more details. This module makes it easy to
-modify an [Apache][] server to allow cross domain requests to be made to it.
-
-
-Library Details
----------------
-
-* http://digitalbazaar.com/2010/07/20/javascript-tls-1/
-* http://digitalbazaar.com/2010/07/20/javascript-tls-2/
-
-Contact
--------
-
-* Code: https://github.com/digitalbazaar/forge
-* Bugs: https://github.com/digitalbazaar/forge/issues
-* Email: support@digitalbazaar.com
-
-Donations welcome:
-
-* Donate: paypal@digitalbazaar.com
-
-[AES]: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
-[ASN.1]: http://en.wikipedia.org/wiki/ASN.1
-[Apache]: http://httpd.apache.org/
-[CFB]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[CBC]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[CTR]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[3DES]: http://en.wikipedia.org/wiki/Triple_DES
-[DES]: http://en.wikipedia.org/wiki/Data_Encryption_Standard
-[ECB]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[Fortuna]: http://en.wikipedia.org/wiki/Fortuna_(PRNG)
-[GCM]: http://en.wikipedia.org/wiki/GCM_mode
-[HMAC]: http://en.wikipedia.org/wiki/HMAC
-[JavaScript]: http://en.wikipedia.org/wiki/JavaScript
-[MD5]: http://en.wikipedia.org/wiki/MD5
-[OFB]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[PKCS#5]: http://en.wikipedia.org/wiki/PKCS
-[PKCS#7]: http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
-[PKCS#10]: http://en.wikipedia.org/wiki/Certificate_signing_request
-[PKCS#12]: http://en.wikipedia.org/wiki/PKCS_%E2%99%AF12
-[RC2]: http://en.wikipedia.org/wiki/RC2
-[SHA-1]: http://en.wikipedia.org/wiki/SHA-1
-[SHA-256]: http://en.wikipedia.org/wiki/SHA-256
-[SHA-384]: http://en.wikipedia.org/wiki/SHA-384
-[SHA-512]: http://en.wikipedia.org/wiki/SHA-512
-[TLS]: http://en.wikipedia.org/wiki/Transport_Layer_Security
-[X.509]: http://en.wikipedia.org/wiki/X.509
-[node.js]: http://nodejs.org/
© Floofi Systems, Some rights reserved. Powered by cgit.