NodeJS: Validate certificate in DER format

2020-02-11 09:07发布

I'm using crypto module to validate a certificate, but both, my certificate and my public key are in DER format. It seems that crypto module does not accept this format.

Is there a way (or module) to convert DER to PEM format using NodeJS? I couldn't find any and cannot use command line to call openssl via shell.

UPDATE: It's not about HTTPS certificates. It's about general X.509 certificates. And if you mark the question as negative, please leave a comment to justify it. Don't be a stupid if you are not able to help.

3条回答
兄弟一词,经得起流年.
2楼-- · 2020-02-11 09:27

I think the PEM format is just the DER binary data that has been base64 encoded, split into 64 character lines, and wrapped between '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----'.

So you could do this:

var prefix = '-----BEGIN CERTIFICATE-----\n';
var postfix = '-----END CERTIFICATE-----';
var pemText = prefix + derBuffer.toString('base64').match(/.{0,64}/g).join('\n') + postfix;

You will not need to put a '\n' before the postfix because the last match of the der buffer should be an empty string '', so there will be a '\n' at the end of derBuffer.toString('base64').match(/.{0,64}/g).join('\n')

查看更多
淡お忘
3楼-- · 2020-02-11 09:42

Dominykas' answer was good, but in my case, I have a certificate that uses ECC and node-forge does not support it. So I've found a module called node-openssl-wrapper, which worked perfectly well because it encapsulates the openssl commands in a simple function call, like this:

co(function*() {
  var ossl = require('openssl-wrapper');
  var derCert = new Buffer('...'); // binary DER certificate
  var pemCert = yield ossl.qExec('x509', derCert, { inform: 'der', outform: 'pem' });
});
查看更多
做个烂人
4楼-- · 2020-02-11 09:43

Here's one way of doing it:

function derToPem(der) {
	var forge = require("node-forge");
	var derKey = forge.util.decode64(der);
	var asnObj = forge.asn1.fromDer(derKey);
	var asn1Cert = forge.pki.certificateFromAsn1(asnObj);
	return forge.pki.certificateToPem(asn1Cert);
};

查看更多
登录 后发表回答