Software zum Installieren eines Smart-Mirror Frameworks , zum Nutzen von hochschulrelevanten Informationen, auf einem Raspberry-Pi.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 24KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804
  1. sshpk
  2. =========
  3. Parse, convert, fingerprint and use SSH keys (both public and private) in pure
  4. node -- no `ssh-keygen` or other external dependencies.
  5. Supports RSA, DSA, ECDSA (nistp-\*) and ED25519 key types, in PEM (PKCS#1,
  6. PKCS#8) and OpenSSH formats.
  7. This library has been extracted from
  8. [`node-http-signature`](https://github.com/joyent/node-http-signature)
  9. (work by [Mark Cavage](https://github.com/mcavage) and
  10. [Dave Eddy](https://github.com/bahamas10)) and
  11. [`node-ssh-fingerprint`](https://github.com/bahamas10/node-ssh-fingerprint)
  12. (work by Dave Eddy), with additions (including ECDSA support) by
  13. [Alex Wilson](https://github.com/arekinath).
  14. Install
  15. -------
  16. ```
  17. npm install sshpk
  18. ```
  19. Examples
  20. --------
  21. ```js
  22. var sshpk = require('sshpk');
  23. var fs = require('fs');
  24. /* Read in an OpenSSH-format public key */
  25. var keyPub = fs.readFileSync('id_rsa.pub');
  26. var key = sshpk.parseKey(keyPub, 'ssh');
  27. /* Get metadata about the key */
  28. console.log('type => %s', key.type);
  29. console.log('size => %d bits', key.size);
  30. console.log('comment => %s', key.comment);
  31. /* Compute key fingerprints, in new OpenSSH (>6.7) format, and old MD5 */
  32. console.log('fingerprint => %s', key.fingerprint().toString());
  33. console.log('old-style fingerprint => %s', key.fingerprint('md5').toString());
  34. ```
  35. Example output:
  36. ```
  37. type => rsa
  38. size => 2048 bits
  39. comment => foo@foo.com
  40. fingerprint => SHA256:PYC9kPVC6J873CSIbfp0LwYeczP/W4ffObNCuDJ1u5w
  41. old-style fingerprint => a0:c8:ad:6c:32:9a:32:fa:59:cc:a9:8c:0a:0d:6e:bd
  42. ```
  43. More examples: converting between formats:
  44. ```js
  45. /* Read in a PEM public key */
  46. var keyPem = fs.readFileSync('id_rsa.pem');
  47. var key = sshpk.parseKey(keyPem, 'pem');
  48. /* Convert to PEM PKCS#8 public key format */
  49. var pemBuf = key.toBuffer('pkcs8');
  50. /* Convert to SSH public key format (and return as a string) */
  51. var sshKey = key.toString('ssh');
  52. ```
  53. Signing and verifying:
  54. ```js
  55. /* Read in an OpenSSH/PEM *private* key */
  56. var keyPriv = fs.readFileSync('id_ecdsa');
  57. var key = sshpk.parsePrivateKey(keyPriv, 'pem');
  58. var data = 'some data';
  59. /* Sign some data with the key */
  60. var s = key.createSign('sha1');
  61. s.update(data);
  62. var signature = s.sign();
  63. /* Now load the public key (could also use just key.toPublic()) */
  64. var keyPub = fs.readFileSync('id_ecdsa.pub');
  65. key = sshpk.parseKey(keyPub, 'ssh');
  66. /* Make a crypto.Verifier with this key */
  67. var v = key.createVerify('sha1');
  68. v.update(data);
  69. var valid = v.verify(signature);
  70. /* => true! */
  71. ```
  72. Matching fingerprints with keys:
  73. ```js
  74. var fp = sshpk.parseFingerprint('SHA256:PYC9kPVC6J873CSIbfp0LwYeczP/W4ffObNCuDJ1u5w');
  75. var keys = [sshpk.parseKey(...), sshpk.parseKey(...), ...];
  76. keys.forEach(function (key) {
  77. if (fp.matches(key))
  78. console.log('found it!');
  79. });
  80. ```
  81. Usage
  82. -----
  83. ## Public keys
  84. ### `parseKey(data[, format = 'auto'[, options]])`
  85. Parses a key from a given data format and returns a new `Key` object.
  86. Parameters
  87. - `data` -- Either a Buffer or String, containing the key
  88. - `format` -- String name of format to use, valid options are:
  89. - `auto`: choose automatically from all below
  90. - `pem`: supports both PKCS#1 and PKCS#8
  91. - `ssh`: standard OpenSSH format,
  92. - `pkcs1`, `pkcs8`: variants of `pem`
  93. - `rfc4253`: raw OpenSSH wire format
  94. - `openssh`: new post-OpenSSH 6.5 internal format, produced by
  95. `ssh-keygen -o`
  96. - `dnssec`: `.key` file format output by `dnssec-keygen` etc
  97. - `putty`: the PuTTY `.ppk` file format (supports truncated variant without
  98. all the lines from `Private-Lines:` onwards)
  99. - `options` -- Optional Object, extra options, with keys:
  100. - `filename` -- Optional String, name for the key being parsed
  101. (eg. the filename that was opened). Used to generate
  102. Error messages
  103. - `passphrase` -- Optional String, encryption passphrase used to decrypt an
  104. encrypted PEM file
  105. ### `Key.isKey(obj)`
  106. Returns `true` if the given object is a valid `Key` object created by a version
  107. of `sshpk` compatible with this one.
  108. Parameters
  109. - `obj` -- Object to identify
  110. ### `Key#type`
  111. String, the type of key. Valid options are `rsa`, `dsa`, `ecdsa`.
  112. ### `Key#size`
  113. Integer, "size" of the key in bits. For RSA/DSA this is the size of the modulus;
  114. for ECDSA this is the bit size of the curve in use.
  115. ### `Key#comment`
  116. Optional string, a key comment used by some formats (eg the `ssh` format).
  117. ### `Key#curve`
  118. Only present if `this.type === 'ecdsa'`, string containing the name of the
  119. named curve used with this key. Possible values include `nistp256`, `nistp384`
  120. and `nistp521`.
  121. ### `Key#toBuffer([format = 'ssh'])`
  122. Convert the key into a given data format and return the serialized key as
  123. a Buffer.
  124. Parameters
  125. - `format` -- String name of format to use, for valid options see `parseKey()`
  126. ### `Key#toString([format = 'ssh])`
  127. Same as `this.toBuffer(format).toString()`.
  128. ### `Key#fingerprint([algorithm = 'sha256'[, hashType = 'ssh']])`
  129. Creates a new `Fingerprint` object representing this Key's fingerprint.
  130. Parameters
  131. - `algorithm` -- String name of hash algorithm to use, valid options are `md5`,
  132. `sha1`, `sha256`, `sha384`, `sha512`
  133. - `hashType` -- String name of fingerprint hash type to use, valid options are
  134. `ssh` (the type of fingerprint used by OpenSSH, e.g. in
  135. `ssh-keygen`), `spki` (used by HPKP, some OpenSSL applications)
  136. ### `Key#createVerify([hashAlgorithm])`
  137. Creates a `crypto.Verifier` specialized to use this Key (and the correct public
  138. key algorithm to match it). The returned Verifier has the same API as a regular
  139. one, except that the `verify()` function takes only the target signature as an
  140. argument.
  141. Parameters
  142. - `hashAlgorithm` -- optional String name of hash algorithm to use, any
  143. supported by OpenSSL are valid, usually including
  144. `sha1`, `sha256`.
  145. `v.verify(signature[, format])` Parameters
  146. - `signature` -- either a Signature object, or a Buffer or String
  147. - `format` -- optional String, name of format to interpret given String with.
  148. Not valid if `signature` is a Signature or Buffer.
  149. ### `Key#createDiffieHellman()`
  150. ### `Key#createDH()`
  151. Creates a Diffie-Hellman key exchange object initialized with this key and all
  152. necessary parameters. This has the same API as a `crypto.DiffieHellman`
  153. instance, except that functions take `Key` and `PrivateKey` objects as
  154. arguments, and return them where indicated for.
  155. This is only valid for keys belonging to a cryptosystem that supports DHE
  156. or a close analogue (i.e. `dsa`, `ecdsa` and `curve25519` keys). An attempt
  157. to call this function on other keys will yield an `Error`.
  158. ## Private keys
  159. ### `parsePrivateKey(data[, format = 'auto'[, options]])`
  160. Parses a private key from a given data format and returns a new
  161. `PrivateKey` object.
  162. Parameters
  163. - `data` -- Either a Buffer or String, containing the key
  164. - `format` -- String name of format to use, valid options are:
  165. - `auto`: choose automatically from all below
  166. - `pem`: supports both PKCS#1 and PKCS#8
  167. - `ssh`, `openssh`: new post-OpenSSH 6.5 internal format, produced by
  168. `ssh-keygen -o`
  169. - `pkcs1`, `pkcs8`: variants of `pem`
  170. - `rfc4253`: raw OpenSSH wire format
  171. - `dnssec`: `.private` format output by `dnssec-keygen` etc.
  172. - `options` -- Optional Object, extra options, with keys:
  173. - `filename` -- Optional String, name for the key being parsed
  174. (eg. the filename that was opened). Used to generate
  175. Error messages
  176. - `passphrase` -- Optional String, encryption passphrase used to decrypt an
  177. encrypted PEM file
  178. ### `generatePrivateKey(type[, options])`
  179. Generates a new private key of a certain key type, from random data.
  180. Parameters
  181. - `type` -- String, type of key to generate. Currently supported are `'ecdsa'`
  182. and `'ed25519'`
  183. - `options` -- optional Object, with keys:
  184. - `curve` -- optional String, for `'ecdsa'` keys, specifies the curve to use.
  185. If ECDSA is specified and this option is not given, defaults to
  186. using `'nistp256'`.
  187. ### `PrivateKey.isPrivateKey(obj)`
  188. Returns `true` if the given object is a valid `PrivateKey` object created by a
  189. version of `sshpk` compatible with this one.
  190. Parameters
  191. - `obj` -- Object to identify
  192. ### `PrivateKey#type`
  193. String, the type of key. Valid options are `rsa`, `dsa`, `ecdsa`.
  194. ### `PrivateKey#size`
  195. Integer, "size" of the key in bits. For RSA/DSA this is the size of the modulus;
  196. for ECDSA this is the bit size of the curve in use.
  197. ### `PrivateKey#curve`
  198. Only present if `this.type === 'ecdsa'`, string containing the name of the
  199. named curve used with this key. Possible values include `nistp256`, `nistp384`
  200. and `nistp521`.
  201. ### `PrivateKey#toBuffer([format = 'pkcs1'])`
  202. Convert the key into a given data format and return the serialized key as
  203. a Buffer.
  204. Parameters
  205. - `format` -- String name of format to use, valid options are listed under
  206. `parsePrivateKey`. Note that ED25519 keys default to `openssh`
  207. format instead (as they have no `pkcs1` representation).
  208. ### `PrivateKey#toString([format = 'pkcs1'])`
  209. Same as `this.toBuffer(format).toString()`.
  210. ### `PrivateKey#toPublic()`
  211. Extract just the public part of this private key, and return it as a `Key`
  212. object.
  213. ### `PrivateKey#fingerprint([algorithm = 'sha256'])`
  214. Same as `this.toPublic().fingerprint()`.
  215. ### `PrivateKey#createVerify([hashAlgorithm])`
  216. Same as `this.toPublic().createVerify()`.
  217. ### `PrivateKey#createSign([hashAlgorithm])`
  218. Creates a `crypto.Sign` specialized to use this PrivateKey (and the correct
  219. key algorithm to match it). The returned Signer has the same API as a regular
  220. one, except that the `sign()` function takes no arguments, and returns a
  221. `Signature` object.
  222. Parameters
  223. - `hashAlgorithm` -- optional String name of hash algorithm to use, any
  224. supported by OpenSSL are valid, usually including
  225. `sha1`, `sha256`.
  226. `v.sign()` Parameters
  227. - none
  228. ### `PrivateKey#derive(newType)`
  229. Derives a related key of type `newType` from this key. Currently this is
  230. only supported to change between `ed25519` and `curve25519` keys which are
  231. stored with the same private key (but usually distinct public keys in order
  232. to avoid degenerate keys that lead to a weak Diffie-Hellman exchange).
  233. Parameters
  234. - `newType` -- String, type of key to derive, either `ed25519` or `curve25519`
  235. ## Fingerprints
  236. ### `parseFingerprint(fingerprint[, options])`
  237. Pre-parses a fingerprint, creating a `Fingerprint` object that can be used to
  238. quickly locate a key by using the `Fingerprint#matches` function.
  239. Parameters
  240. - `fingerprint` -- String, the fingerprint value, in any supported format
  241. - `options` -- Optional Object, with properties:
  242. - `algorithms` -- Array of strings, names of hash algorithms to limit
  243. support to. If `fingerprint` uses a hash algorithm not on
  244. this list, throws `InvalidAlgorithmError`.
  245. - `hashType` -- String, the type of hash the fingerprint uses, either `ssh`
  246. or `spki` (normally auto-detected based on the format, but
  247. can be overridden)
  248. - `type` -- String, the entity this fingerprint identifies, either `key` or
  249. `certificate`
  250. ### `Fingerprint.isFingerprint(obj)`
  251. Returns `true` if the given object is a valid `Fingerprint` object created by a
  252. version of `sshpk` compatible with this one.
  253. Parameters
  254. - `obj` -- Object to identify
  255. ### `Fingerprint#toString([format])`
  256. Returns a fingerprint as a string, in the given format.
  257. Parameters
  258. - `format` -- Optional String, format to use, valid options are `hex` and
  259. `base64`. If this `Fingerprint` uses the `md5` algorithm, the
  260. default format is `hex`. Otherwise, the default is `base64`.
  261. ### `Fingerprint#matches(keyOrCertificate)`
  262. Verifies whether or not this `Fingerprint` matches a given `Key` or
  263. `Certificate`. This function uses double-hashing to avoid leaking timing
  264. information. Returns a boolean.
  265. Note that a `Key`-type Fingerprint will always return `false` if asked to match
  266. a `Certificate` and vice versa.
  267. Parameters
  268. - `keyOrCertificate` -- a `Key` object or `Certificate` object, the entity to
  269. match this fingerprint against
  270. ## Signatures
  271. ### `parseSignature(signature, algorithm, format)`
  272. Parses a signature in a given format, creating a `Signature` object. Useful
  273. for converting between the SSH and ASN.1 (PKCS/OpenSSL) signature formats, and
  274. also returned as output from `PrivateKey#createSign().sign()`.
  275. A Signature object can also be passed to a verifier produced by
  276. `Key#createVerify()` and it will automatically be converted internally into the
  277. correct format for verification.
  278. Parameters
  279. - `signature` -- a Buffer (binary) or String (base64), data of the actual
  280. signature in the given format
  281. - `algorithm` -- a String, name of the algorithm to be used, possible values
  282. are `rsa`, `dsa`, `ecdsa`
  283. - `format` -- a String, either `asn1` or `ssh`
  284. ### `Signature.isSignature(obj)`
  285. Returns `true` if the given object is a valid `Signature` object created by a
  286. version of `sshpk` compatible with this one.
  287. Parameters
  288. - `obj` -- Object to identify
  289. ### `Signature#toBuffer([format = 'asn1'])`
  290. Converts a Signature to the given format and returns it as a Buffer.
  291. Parameters
  292. - `format` -- a String, either `asn1` or `ssh`
  293. ### `Signature#toString([format = 'asn1'])`
  294. Same as `this.toBuffer(format).toString('base64')`.
  295. ## Certificates
  296. `sshpk` includes basic support for parsing certificates in X.509 (PEM) format
  297. and the OpenSSH certificate format. This feature is intended to be used mainly
  298. to access basic metadata about certificates, extract public keys from them, and
  299. also to generate simple self-signed certificates from an existing key.
  300. Notably, there is no implementation of CA chain-of-trust verification, and only
  301. very minimal support for key usage restrictions. Please do the security world
  302. a favour, and DO NOT use this code for certificate verification in the
  303. traditional X.509 CA chain style.
  304. ### `parseCertificate(data, format)`
  305. Parameters
  306. - `data` -- a Buffer or String
  307. - `format` -- a String, format to use, one of `'openssh'`, `'pem'` (X.509 in a
  308. PEM wrapper), or `'x509'` (raw DER encoded)
  309. ### `createSelfSignedCertificate(subject, privateKey[, options])`
  310. Parameters
  311. - `subject` -- an Identity, the subject of the certificate
  312. - `privateKey` -- a PrivateKey, the key of the subject: will be used both to be
  313. placed in the certificate and also to sign it (since this is
  314. a self-signed certificate)
  315. - `options` -- optional Object, with keys:
  316. - `lifetime` -- optional Number, lifetime of the certificate from now in
  317. seconds
  318. - `validFrom`, `validUntil` -- optional Dates, beginning and end of
  319. certificate validity period. If given
  320. `lifetime` will be ignored
  321. - `serial` -- optional Buffer, the serial number of the certificate
  322. - `purposes` -- optional Array of String, X.509 key usage restrictions
  323. ### `createCertificate(subject, key, issuer, issuerKey[, options])`
  324. Parameters
  325. - `subject` -- an Identity, the subject of the certificate
  326. - `key` -- a Key, the public key of the subject
  327. - `issuer` -- an Identity, the issuer of the certificate who will sign it
  328. - `issuerKey` -- a PrivateKey, the issuer's private key for signing
  329. - `options` -- optional Object, with keys:
  330. - `lifetime` -- optional Number, lifetime of the certificate from now in
  331. seconds
  332. - `validFrom`, `validUntil` -- optional Dates, beginning and end of
  333. certificate validity period. If given
  334. `lifetime` will be ignored
  335. - `serial` -- optional Buffer, the serial number of the certificate
  336. - `purposes` -- optional Array of String, X.509 key usage restrictions
  337. ### `Certificate#subjects`
  338. Array of `Identity` instances describing the subject of this certificate.
  339. ### `Certificate#issuer`
  340. The `Identity` of the Certificate's issuer (signer).
  341. ### `Certificate#subjectKey`
  342. The public key of the subject of the certificate, as a `Key` instance.
  343. ### `Certificate#issuerKey`
  344. The public key of the signing issuer of this certificate, as a `Key` instance.
  345. May be `undefined` if the issuer's key is unknown (e.g. on an X509 certificate).
  346. ### `Certificate#serial`
  347. The serial number of the certificate. As this is normally a 64-bit or wider
  348. integer, it is returned as a Buffer.
  349. ### `Certificate#purposes`
  350. Array of Strings indicating the X.509 key usage purposes that this certificate
  351. is valid for. The possible strings at the moment are:
  352. * `'signature'` -- key can be used for digital signatures
  353. * `'identity'` -- key can be used to attest about the identity of the signer
  354. (X.509 calls this `nonRepudiation`)
  355. * `'codeSigning'` -- key can be used to sign executable code
  356. * `'keyEncryption'` -- key can be used to encrypt other keys
  357. * `'encryption'` -- key can be used to encrypt data (only applies for RSA)
  358. * `'keyAgreement'` -- key can be used for key exchange protocols such as
  359. Diffie-Hellman
  360. * `'ca'` -- key can be used to sign other certificates (is a Certificate
  361. Authority)
  362. * `'crl'` -- key can be used to sign Certificate Revocation Lists (CRLs)
  363. ### `Certificate#getExtension(nameOrOid)`
  364. Retrieves information about a certificate extension, if present, or returns
  365. `undefined` if not. The string argument `nameOrOid` should be either the OID
  366. (for X509 extensions) or the name (for OpenSSH extensions) of the extension
  367. to retrieve.
  368. The object returned will have the following properties:
  369. * `format` -- String, set to either `'x509'` or `'openssh'`
  370. * `name` or `oid` -- String, only one set based on value of `format`
  371. * `data` -- Buffer, the raw data inside the extension
  372. ### `Certificate#getExtensions()`
  373. Returns an Array of all present certificate extensions, in the same manner and
  374. format as `getExtension()`.
  375. ### `Certificate#isExpired([when])`
  376. Tests whether the Certificate is currently expired (i.e. the `validFrom` and
  377. `validUntil` dates specify a range of time that does not include the current
  378. time).
  379. Parameters
  380. - `when` -- optional Date, if specified, tests whether the Certificate was or
  381. will be expired at the specified time instead of now
  382. Returns a Boolean.
  383. ### `Certificate#isSignedByKey(key)`
  384. Tests whether the Certificate was validly signed by the given (public) Key.
  385. Parameters
  386. - `key` -- a Key instance
  387. Returns a Boolean.
  388. ### `Certificate#isSignedBy(certificate)`
  389. Tests whether this Certificate was validly signed by the subject of the given
  390. certificate. Also tests that the issuer Identity of this Certificate and the
  391. subject Identity of the other Certificate are equivalent.
  392. Parameters
  393. - `certificate` -- another Certificate instance
  394. Returns a Boolean.
  395. ### `Certificate#fingerprint([hashAlgo])`
  396. Returns the X509-style fingerprint of the entire certificate (as a Fingerprint
  397. instance). This matches what a web-browser or similar would display as the
  398. certificate fingerprint and should not be confused with the fingerprint of the
  399. subject's public key.
  400. Parameters
  401. - `hashAlgo` -- an optional String, any hash function name
  402. ### `Certificate#toBuffer([format])`
  403. Serializes the Certificate to a Buffer and returns it.
  404. Parameters
  405. - `format` -- an optional String, output format, one of `'openssh'`, `'pem'` or
  406. `'x509'`. Defaults to `'x509'`.
  407. Returns a Buffer.
  408. ### `Certificate#toString([format])`
  409. - `format` -- an optional String, output format, one of `'openssh'`, `'pem'` or
  410. `'x509'`. Defaults to `'pem'`.
  411. Returns a String.
  412. ## Certificate identities
  413. ### `identityForHost(hostname)`
  414. Constructs a host-type Identity for a given hostname.
  415. Parameters
  416. - `hostname` -- the fully qualified DNS name of the host
  417. Returns an Identity instance.
  418. ### `identityForUser(uid)`
  419. Constructs a user-type Identity for a given UID.
  420. Parameters
  421. - `uid` -- a String, user identifier (login name)
  422. Returns an Identity instance.
  423. ### `identityForEmail(email)`
  424. Constructs an email-type Identity for a given email address.
  425. Parameters
  426. - `email` -- a String, email address
  427. Returns an Identity instance.
  428. ### `identityFromDN(dn)`
  429. Parses an LDAP-style DN string (e.g. `'CN=foo, C=US'`) and turns it into an
  430. Identity instance.
  431. Parameters
  432. - `dn` -- a String
  433. Returns an Identity instance.
  434. ### `identityFromArray(arr)`
  435. Constructs an Identity from an array of DN components (see `Identity#toArray()`
  436. for the format).
  437. Parameters
  438. - `arr` -- an Array of Objects, DN components with `name` and `value`
  439. Returns an Identity instance.
  440. Supported attributes in DNs:
  441. | Attribute name | OID |
  442. | -------------- | --- |
  443. | `cn` | `2.5.4.3` |
  444. | `o` | `2.5.4.10` |
  445. | `ou` | `2.5.4.11` |
  446. | `l` | `2.5.4.7` |
  447. | `s` | `2.5.4.8` |
  448. | `c` | `2.5.4.6` |
  449. | `sn` | `2.5.4.4` |
  450. | `postalCode` | `2.5.4.17` |
  451. | `serialNumber` | `2.5.4.5` |
  452. | `street` | `2.5.4.9` |
  453. | `x500UniqueIdentifier` | `2.5.4.45` |
  454. | `role` | `2.5.4.72` |
  455. | `telephoneNumber` | `2.5.4.20` |
  456. | `description` | `2.5.4.13` |
  457. | `dc` | `0.9.2342.19200300.100.1.25` |
  458. | `uid` | `0.9.2342.19200300.100.1.1` |
  459. | `mail` | `0.9.2342.19200300.100.1.3` |
  460. | `title` | `2.5.4.12` |
  461. | `gn` | `2.5.4.42` |
  462. | `initials` | `2.5.4.43` |
  463. | `pseudonym` | `2.5.4.65` |
  464. ### `Identity#toString()`
  465. Returns the identity as an LDAP-style DN string.
  466. e.g. `'CN=foo, O=bar corp, C=us'`
  467. ### `Identity#type`
  468. The type of identity. One of `'host'`, `'user'`, `'email'` or `'unknown'`
  469. ### `Identity#hostname`
  470. ### `Identity#uid`
  471. ### `Identity#email`
  472. Set when `type` is `'host'`, `'user'`, or `'email'`, respectively. Strings.
  473. ### `Identity#cn`
  474. The value of the first `CN=` in the DN, if any. It's probably better to use
  475. the `#get()` method instead of this property.
  476. ### `Identity#get(name[, asArray])`
  477. Returns the value of a named attribute in the Identity DN. If there is no
  478. attribute of the given name, returns `undefined`. If multiple components
  479. of the DN contain an attribute of this name, an exception is thrown unless
  480. the `asArray` argument is given as `true` -- then they will be returned as
  481. an Array in the same order they appear in the DN.
  482. Parameters
  483. - `name` -- a String
  484. - `asArray` -- an optional Boolean
  485. ### `Identity#toArray()`
  486. Returns the Identity as an Array of DN component objects. This looks like:
  487. ```js
  488. [ {
  489. "name": "cn",
  490. "value": "Joe Bloggs"
  491. },
  492. {
  493. "name": "o",
  494. "value": "Organisation Ltd"
  495. } ]
  496. ```
  497. Each object has a `name` and a `value` property. The returned objects may be
  498. safely modified.
  499. Errors
  500. ------
  501. ### `InvalidAlgorithmError`
  502. The specified algorithm is not valid, either because it is not supported, or
  503. because it was not included on a list of allowed algorithms.
  504. Thrown by `Fingerprint.parse`, `Key#fingerprint`.
  505. Properties
  506. - `algorithm` -- the algorithm that could not be validated
  507. ### `FingerprintFormatError`
  508. The fingerprint string given could not be parsed as a supported fingerprint
  509. format, or the specified fingerprint format is invalid.
  510. Thrown by `Fingerprint.parse`, `Fingerprint#toString`.
  511. Properties
  512. - `fingerprint` -- if caused by a fingerprint, the string value given
  513. - `format` -- if caused by an invalid format specification, the string value given
  514. ### `KeyParseError`
  515. The key data given could not be parsed as a valid key.
  516. Properties
  517. - `keyName` -- `filename` that was given to `parseKey`
  518. - `format` -- the `format` that was trying to parse the key (see `parseKey`)
  519. - `innerErr` -- the inner Error thrown by the format parser
  520. ### `KeyEncryptedError`
  521. The key is encrypted with a symmetric key (ie, it is password protected). The
  522. parsing operation would succeed if it was given the `passphrase` option.
  523. Properties
  524. - `keyName` -- `filename` that was given to `parseKey`
  525. - `format` -- the `format` that was trying to parse the key (currently can only
  526. be `"pem"`)
  527. ### `CertificateParseError`
  528. The certificate data given could not be parsed as a valid certificate.
  529. Properties
  530. - `certName` -- `filename` that was given to `parseCertificate`
  531. - `format` -- the `format` that was trying to parse the key
  532. (see `parseCertificate`)
  533. - `innerErr` -- the inner Error thrown by the format parser
  534. Friends of sshpk
  535. ----------------
  536. * [`sshpk-agent`](https://github.com/arekinath/node-sshpk-agent) is a library
  537. for speaking the `ssh-agent` protocol from node.js, which uses `sshpk`