Hi, Ryan.
The following is SHECA's response to your question:
Technology Used
SHECA uses JavaScript code to implement the relevant encryption functions.
The relevant core code is attached for your reference.
Code Execution Environment
All encryption-related operations are performed using JavaScript in the
client browser. Specifically, when the client submits a certificate
request, JavaScript code is called to generate the required encrypted data.
Therefore, no JavaScript server-side processing is involved.
The core code is attached for further review and optimization as needed.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/c3da349d-3c96-4a6e-8ae9-29e6eaf302b7n%40mozilla.org.
/*
* Generate CSR method
* By introducing an open-source library jsrsasign
* const KJUR = require('jsrsasign')
* const KEYUTIL = KJUR.KEYUTIL
* By invoking the generateKeypair method in KEYUTIL
*/
const jsCreatCsr = (values: any) => {
setCsrInfo({})
let modal = GlobalMessage(
{
content: <div style={{display: 'flex', justifyContent: 'center',
alignContent: 'center'}}><Spin tip="loading"/>
</div>,
}
);
const { keyParameter, signAlgorithm, encryptAlgorithm, commonName, orgName,
orgCountry, orgRegion, orgCity } = values;
let keypair: any, csr: any, privateKeyPEM: any
let subject: any = {
}
if (orgCountry) subject.C = orgCountry
if (orgRegion) subject.ST = orgRegion
if (orgCity) subject.L = orgCity
if (orgName) subject.O = orgName
if (commonName) subject.CN = commonName
setTimeout(() => {
if (encryptAlgorithm === 'RSA') {
keypair = KEYUTIL.generateKeypair("RSA", Number(keyParameter));
csr = KJUR.asn1.csr.CSRUtil.newCSRPEM({
subject,
sbjpubkey: keypair.pubKeyObj,
sigalg: `${signAlgorithm}withRSA`,
sbjprvkey: keypair.prvKeyObj
});
} else if (encryptAlgorithm === 'ECC') {
let newKey
if (keyParameter.indexOf('256') > -1) {
newKey = 'secp256r1'
} else if (keyParameter.indexOf('384') > -1) {
newKey = 'secp384r1'
} else if (keyParameter.indexOf('521') > -1) {
newKey = 'secp521r1'
}
keypair = KEYUTIL.generateKeypair("EC", newKey);
csr = KJUR.asn1.csr.CSRUtil.newCSRPEM({
subject,
sbjpubkey: keypair.pubKeyObj,
sigalg: `${signAlgorithm}withECDSA`,
sbjprvkey: keypair.prvKeyObj
});
} else if (encryptAlgorithm === 'SM2') {
keypair = KEYUTIL.generateKeypair("EC", 'sm2p256v1')
csr = KJUR.asn1.csr.CSRUtil.newCSRPEM({
subject,
sbjpubkey: keypair.pubKeyObj,
sigalg: 'SM3withSM2',
sbjprvkey: keypair.prvKeyObj
});
}
let ppp = KEYUTIL.getPEM(keypair?.prvKeyObj, "PKCS1PRV")
if (['ECC', 'SM2'].includes(encryptAlgorithm)) {
let index = ppp.indexOf('-----BEGIN EC PRIVATE KEY-----')
if (index > -1) {
privateKeyPEM = ppp.substring(index)
}
} else {
privateKeyPEM = ppp
}
setCsrInfo({
csr,
privateKey: privateKeyPEM
})
modal?.destroy();
downloadZipFile({
commonName, csr, privateKeyPEM
})
}, 500)
}
