opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK)
jsrsasign TOP | github | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL | AddOn | DONATE
The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token/Key in pure JavaScript.
Public page is https://kjur.github.io/jsrsasign .
Your bugfix and pull request contribution are always welcomed :)
The "jsrsasign" will reach end-of-support in a few months. Some unfixed vulnerabilities have been reported for now. Hopefully most of them are fixed until the end of support. GitHub Support for this project will also be closed in a few week. Thank you for your long-standing support of this project.
We will announce the end-of-support date here as soon as it is determined.
The "jsrsasign" library is a long lived JavaScript library from 2010 developed with old JavaScript style and backword compatibility. From coming release 11.0.0, following changes have been applied:
> npm install jsrsasign jsrsasign-util
> bower install jsrsasign
> <script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/8.0.20/jsrsasign-all-min.js"></script>
Loading encrypted PKCS#5 private key:
> var rs = require('jsrsasign');
> var rsu = require('jsrsasign-util');
> var pem = rsu.readFile('z1.prv.p5e.pem');
> var prvKey = rs.KEYUTIL.getKey(pem, 'passwd');
Sign string 'aaa' with the loaded private key:
> var sig = new a.Signature({alg: 'SHA1withRSA'});
> sig.init(prvKey);
> sig.updateString('aaa');
> var sigVal = sig.sign();
> sigVal
'd764dcacb...'
| published | fixed version | title/advisory | CVE | CVSS |
|---|---|---|---|---|
| 2024Jan16 | 11.0.0 | Marvin attack vulnerability for RSA and RSAOAEP decryption | CVE-2024-21484 | 7.5 |
| 2022Jun24 | 10.5.25 | JWS and JWT signature validation vulnerability with special characters | CVE-2022-25898 | ? |
| 2021Apr14 | 10.2.0 | RSA signature validation vulnerability on maleable encoded message | CVE-2021-30246 | 9.1 |
| 2020Jun22 | 8.0.19 | ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding | CVE-2020-14966 | 5.5 |
| 2020Jun22 | 8.0.18 | RSA RSAES-PKCS1-v1_5 and RSA-OAEP decryption vulnerability with prepending zeros | CVE-2020-14967 | 4.8 |
| 2020Jun22 | 8.0.17 | RSA-PSS signature validation vulnerability by prepending zeros | CVE-2020-14968 | 4.2 |