Is your feature request related to a problem? Please describe
Currently createCsr doesn't allow parameterized generation of Private/Public Key pair, where Public Key is used in CSR extensions. the interface looks like this:
export async function createCsr(params: {
keySize?: number
commonName: string
altNames: string[]
country?: string
state?: string
locality?: string
organization?: string
organizationUnit?: string
emailAddress?: string
}): Promise<{ pkcs10Ber: ArrayBuffer; keys: Required<CryptoKeyPair> }> {
// TODO: allow to provide keys in addition to always generating one
const { privateKey, publicKey } =
(await generateKey()) as Required<CryptoKeyPair>
....
addSubjectAttributes(pkcs10.subject.typesAndValues, params)
await addExtensions(pkcs10, params, publicKey)
await signCsr(pkcs10, privateKey)So we need to provide a way to allow using existing Key pair and/or allow parameterized algo generation of the pair.
This would allow to generate keys with EC for example, as RSA is hard coded for now as the following:
export async function generateKey(): Promise<CryptoKey | CryptoKeyPair> {
const keys = await crypto.subtle.generateKey({
name: 'RSASSA-PKCS1-v1_5',
hash: 'SHA-256',
publicExponent: new Uint8Array([1, 0, 1]),
modulusLength: 2048,
}, true, [
'sign',
'verify',
])
return keys
}Additional context
Currently people can't use their own public/public keys (e.g. password protected).
Is your feature request related to a problem? Please describe
Currently
createCsrdoesn't allow parameterized generation of Private/Public Key pair, where Public Key is used in CSR extensions. the interface looks like this:So we need to provide a way to allow using existing Key pair and/or allow parameterized algo generation of the pair.
This would allow to generate keys with EC for example, as RSA is hard coded for now as the following:
Additional context
Currently people can't use their own public/public keys (e.g. password protected).