{"library":"node-forge","title":"Node Forge Cryptography and TLS Library","description":"Node Forge is a comprehensive JavaScript library providing native implementations of cryptographic tools, network transports (like TLS, HTTP, SSH), and PKI components. It supports a wide array of ciphers (AES, DES), message digests (SHA-1, SHA-256, MD5), and PKI standards (X.509, PKCS# series). The current stable version is 1.4.0, which continues to build on its CommonJS module structure for Node.js and UMD bundles for browser environments. Its key differentiators include its entirely JavaScript-native implementation, which avoids native dependencies, and its extensive feature set for both client-side and server-side cryptographic operations, from generating RSA key pairs to parsing X.509 certificates.","language":"javascript","status":"active","last_verified":"Sun Apr 19","install":{"commands":["npm install node-forge"],"cli":null},"imports":["import forge from 'node-forge';\n// or for CommonJS:\nconst forge = require('node-forge');","import forge from 'node-forge';\nconst pki = forge.pki;","import forge from 'node-forge';\nconst sha256 = forge.md.sha256.create();"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import forge from 'node-forge';\n\nasync function generateAndExportRSAKeypair() {\n  console.log('Generating RSA key pair...');\n  const keys = await new Promise((resolve) => {\n    forge.pki.rsa.generateKeyPair({ bits: 2048, workers: -1 }, (err, keypair) => {\n      if (err) throw err;\n      resolve(keypair);\n    });\n  });\n\n  const publicKeyPem = forge.pki.publicKeyToPem(keys.publicKey);\n  const privateKeyPem = forge.pki.privateKeyToPem(keys.privateKey);\n\n  console.log('\\n--- Public Key PEM ---');\n  console.log(publicKeyPem);\n  console.log('\\n--- Private Key PEM ---');\n  console.log(privateKeyPem);\n\n  // Example of creating a self-signed certificate\n  const cert = forge.pki.createCertificate();\n  cert.publicKey = keys.publicKey;\n  cert.serialNumber = '01';\n  cert.validity.notBefore = new Date();\n  cert.validity.notAfter = new Date();\n  cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 1);\n\n  const attrs = [\n    { name: 'commonName', value: 'example.org' },\n    { name: 'countryName', value: 'US' },\n    { shortName: 'ST', value: 'Virginia' },\n    { name: 'organizationName', value: 'Example' }\n  ];\n  cert.setSubject(attrs);\n  cert.setIssuer(attrs);\n  cert.setExtensions([\n    { name: 'basicConstraints', cA: true },\n    { name: 'keyUsage', digitalSignature: true, keyEncipherment: true, dataEncipherment: true },\n    { name: 'extKeyUsage', serverAuth: true, clientAuth: true, codeSigning: true, emailProtection: true },\n    { name: 'nsCertType', sslCPS: true, sslBSS: true, emailCA: true },\n    { name: 'subjectAltName', altNames: [{ type: 6, value: 'http://example.org/' }, { type: 7, ip: '127.0.0.1' }]},\n    { name: 'subjectKeyIdentifier' }\n  ]);\n\n  // Sign the certificate with the private key\n  cert.sign(keys.privateKey, forge.md.sha256.create());\n\n  const pem = forge.pki.certificateToPem(cert);\n  console.log('\\n--- Self-Signed Certificate PEM ---');\n  console.log(pem);\n}\n\ngenerateAndExportRSAKeypair().catch(console.error);\n","lang":"typescript","description":"Generates an RSA key pair, exports public and private keys in PEM format, and then creates a self-signed X.509 certificate using these keys.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}