var asn1 = require('./asn1') var aesid = require('./aesid.json') var fixProc = require('./fixProc') var ciphers = require('browserify-aes') var compat = require('pbkdf2') var Buffer = require('safe-buffer').Buffer module.exports = parseKeys function parseKeys (buffer) { var password if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) { password = buffer.passphrase buffer = buffer.key } if (typeof buffer === 'string') { buffer = Buffer.from(buffer) } var stripped = fixProc(buffer, password) var type = stripped.tag var data = stripped.data var subtype, ndata switch (type) { case 'CERTIFICATE': ndata = asn1.certificate.decode(data, 'der').tbsCertificate.subjectPublicKeyInfo // falls through case 'PUBLIC KEY': if (!ndata) { ndata = asn1.PublicKey.decode(data, 'der') } subtype = ndata.algorithm.algorithm.join('.') switch (subtype) { case '1.2.840.113549.1.1.1': return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der') case '1.2.840.10045.2.1': ndata.subjectPrivateKey = ndata.subjectPublicKey return { type: 'ec', data: ndata } case '1.2.840.10040.4.1': ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data, 'der') return { type: 'dsa', data: ndata.algorithm.params } default: throw new Error('unknown key id ' + subtype) } // throw new Error('unknown key type ' + type) case 'ENCRYPTED PRIVATE KEY': data = asn1.EncryptedPrivateKey.decode(data, 'der') data = decrypt(data, password) // falls through case 'PRIVATE KEY': ndata = asn1.PrivateKey.decode(data, 'der') subtype = ndata.algorithm.algorithm.join('.') switch (subtype) { case '1.2.840.113549.1.1.1': return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der') case '1.2.840.10045.2.1': return { curve: ndata.algorithm.curve, privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey } case '1.2.840.10040.4.1': ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey, 'der') return { type: 'dsa', params: ndata.algorithm.params } default: throw new Error('unknown key id ' + subtype) } // throw new Error('unknown key type ' + type) case 'RSA PUBLIC KEY': return asn1.RSAPublicKey.decode(data, 'der') case 'RSA PRIVATE KEY': return asn1.RSAPrivateKey.decode(data, 'der') case 'DSA PRIVATE KEY': return { type: 'dsa', params: asn1.DSAPrivateKey.decode(data, 'der') } case 'EC PRIVATE KEY': data = asn1.ECPrivateKey.decode(data, 'der') return { curve: data.parameters.value, privateKey: data.privateKey } default: throw new Error('unknown key type ' + type) } } parseKeys.signature = asn1.signature function decrypt (data, password) { var salt = data.algorithm.decrypt.kde.kdeparams.salt var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(), 10) var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')] var iv = data.algorithm.decrypt.cipher.iv var cipherText = data.subjectPrivateKey var keylen = parseInt(algo.split('-')[1], 10) / 8 var key = compat.pbkdf2Sync(password, salt, iters, keylen, 'sha1') var cipher = ciphers.createDecipheriv(algo, key, iv) var out = [] out.push(cipher.update(cipherText)) out.push(cipher.final()) return Buffer.concat(out) }