forge
forge copied to clipboard
digitalbazaar
Generating x509 cert with ed25519
I am trying to create x509 certs by following code mentioned in x.509 but for generating keys instead of RSA, I am using ed25519
However, line cert.sign(keys.privateKey); fails with below call stack:
TypeError: Cannot read property 'toString' of undefined
at _bnToBytes (/opt/hive/services/hive-fabric/node_modules/node-forge/lib/rsa.js:1737:15)
at Object.pki.publicKeyToRSAPublicKey (/opt/hive/services/hive-fabric/node_modules/node-forge/lib/rsa.js:1446:7)
at Object.pki.publicKeyToAsn1.pki.publicKeyToSubjectPublicKeyInfo (/opt/hive/services/hive-fabric/node_modules/node-forge/lib/rsa.js:1429:11)
at Object.pki.getTBSCertificate (/opt/hive/services/hive-fabric/node_modules/node-forge/lib/x509.js:2548:9)
at Object.cert.sign (/opt/hive/services/hive-fabric/node_modules/node-forge/lib/x509.js:1046:31)
env: Node 10
Thanks in advance.
Hi, I've forked PR 851 to my own repository. I can successfully build EdDsa25519 CSRs, sign certificates and save private keys to PEM (encrypted or not). I hacked my way through all of it though, and yes that includes the SubjectPublicKeyInfo.
This all works with openssl 1.1.1f. I'm using these cert chains successfully on RabbitMQ, nginx and MongoDB for client authentication. But this is all proof of concept. Comments welcome. Looking forward to hardening and merging this code once PR 851 is resolved.
My fork : https://github.com/dugrema/forge/tree/ed25519
Note: This is not all that well integrated into pki (x509.js). Check operations in the file ed25519.js if you want to try it out (like loading, saving Ed25519 PEMs). I'd need some help/ideas on how to properly integrate into the pki module.
