Peter Bielak Peter Bielak - 1 year ago 134
Javascript Question

Generate RSA key pair using WebCrypto API and protect it with passphrase

title says it all. I was wondering how do I generate RSA key pair using WebCrypto API and how do I secure it with a passphrase so I can store it in a database.

Answer Source

You can generate an RSA key pair with WebCrypto and export it as jwk (Json Web Key), pkcs#8 (private) or spki (public). See SubtleCrypto.exportKey() and the example code bellow

To export the key to an external system in a protected way you could use an standard like:

  • PKCS#8: The PKCS#8 private key format defined at IETF Public Key-Cryptographic Standard Encryption #8. allow encryption with a passphrase, but WebCryptography exportKey does not support it. It provides PrivateKeyInfo

  • PKCS#12: PKCS#12 is a keystore exchange format. It can contain private keys, certificates with the public key and the certification chain. The content is 3DES encrypted with a passphrase. Files are usually found with extension .pfx or .p12

Unfortunately WebCrypto does not support exporting in a common format with encryption such as PKCS#8 - encrypted or PKCS#12. You could export the keys in one of these formats using a third party library like forge

Example code

WebCrypto RSASSA-PKCS1-v1_5 - generateKey

        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 2048, //can be 1024, 2048, or 4096
        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
        hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
    true, //whether the key is extractable (i.e. can be used in exportKey)
    ["sign", "verify"] //can be any combination of "sign" and "verify"
    //returns a keypair object

WebCrypto RSASSA-PKCS1-v1_5 - exportKey

    "pkcs8", //can be "jwk" (public or private), "spki" (public only), or "pkcs8" (private only)
    privateKey //can be a publicKey or privateKey, as long as extractable was true
    //returns the exported key data

Forge -PKCS#8

//needed: wrap webcrypto pkcs#8 to forge privateKey (see doc)

// encrypts a PrivateKeyInfo and outputs an EncryptedPrivateKeyInfo
var encryptedPrivateKeyInfo = pki.encryptPrivateKeyInfo(
  privateKeyInfo, 'password', {
    algorithm: 'aes256', // 'aes128', 'aes192', 'aes256', '3des'

// converts an EncryptedPrivateKeyInfo to PEM var pem = pki.encryptedPrivateKeyToPem(encryptedPrivateKeyInfo);

Forge - PKCS#12

//needed: wrap webcrypto pkcs#8 to forge privateKey (see doc)

// generate a p12 that can be imported by Chrome/Firefox
// (requires the use of Triple DES instead of AES)
var p12Asn1 = forge.pkcs12.toPkcs12Asn1(privateKey, certChain, password,  {algorithm: '3des'});

// base64-encode p12
var p12Der = forge.asn1.toDer(p12Asn1).getBytes();
var p12b64 = forge.util.encode64(p12Der);