Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

jks-js

lenchv820.4kMIT1.1.4TypeScript support: included

jks-js is a converter of Java Key Store (JKS) to PEM certificates in order to securely connect to Java based servers using node js.

jks, java, keystore, truststore, nodejs, js, javascript

readme

JKS-JS

npm test codecov

Description

jks-js is a converter of Java Keystore to PEM certificates in order to securely connect to Java based servers using node js.

Installation

npm install jks-js

Usage

...
const jks = require('jks-js');

const keystore = jks.toPem(
    fs.readFileSync('keystore.jks'),
    'password'
);

const { cert, key } = keystore['alias'];

after extraction you may use cert and key in your connection settings:

tls.connect('<port>', '<host>', {
    key: key,
    cert: cert,
});

more details

API

const {
    /**
     * Extracts certificates from java keystore or truststore
     * and decrypts private key 
     * 
     * @param keystore content of java keystore or truststore file
     * @param keystorePassword password for verification and decryption
     * @param pemPassword (optional) password that is used for decryption, in case it is different from keystorePassword. If not specified, keystorePassword is used
     * @return {
     *     <alias name>: {
     *         cert: string // compound certificates chain
     *         key: string // decrypted private key 
     *     } | {
     *         ca: string // trusted certificate
     *     }
     * }
     */
    toPem,

    /**
     * The raw function to extract certificates
     * @param keystore
     * @param password
     * @return { <alias name>: KeyEntry | TrustedKeyEntry }
     */
    parseJks,

    /**
     * Decrypts private key from DER to PEM
     *
     * @param protectedPrivateKey DER encoded private key
     * @param password password for PKCS8 decryption
     * @return decoded private key 
     */
    decrypt,

    /**
     * The function that parses keystore/truststore in PKCS12 format
     * 
     * @param {Buffer} keystore
     * @param {String} password
     */
    parsePkcs12,
} = require('jks-js');

How it works

The implementaion is based on JavaKeystore.java logic, which is internally used for creation of java keystore, including keytool.

It is supposed the keystore contains X.509 certificates.

But you may use the library to extract any of certificates.

The decryption constrained by alghorithms that implemented in the crypto module of Node.js.

Issues

If you find any troubles feel free to create an issue.

License

MIT License

Copyright (c) 2020 Volodymyr Liench

changelog

1.1.4 2024-09-30

  • Corrected types for typescripts #22
  • Fixed codecov and updated mocha

1.1.3 2024-04-20

  • Add npm provenance

1.1.2 2024-04-20

  • Added index.d.ts with declared types for typescript
  • Added polyfill for deprecated Buffer.slice

1.1.1 2024-03-18

  • Fix dependency vulnerabilities

1.1.0 2022-08-20

  • Updated libraries

  • Added ability to set different password for decryption key than for keystore

1.0.1 2021-07-05

  • Fix parse pkcs12 method

1.0.0 2021-14-03

  • In java 11 implementation of JKS was changed to PKCS12. These changes add support of extracting certificates from pkcs12 using node-forge library.

0.1.3 2020-24-03

  • Add using node-int64 in order to present long numbers from stream in nodejs version that do not support big numbers

  • Use node-rsa to export private key in node js versions that do not support crypto.createPrivateKey

0.1.2 2020-24-03

  • Hexadecimal values changed to decimal for compatibility with older nodejs versions

  • Improved error handling when encrypted algorithm is not supported

0.1.1 2020-01-03

  • Removed CLI from package.json

0.1.0 2020-01-03

  • Implemented parsing of java keystore and truststore

  • Implemented password verification

  • Implemented decryption DER encoded private key