NodeJS: Validate certificate in DER format

Question

I'm using crypto module to validate a certificate, but both, my certificate and my public key are in DER format. It seems that crypto module does not accept this format.

Is there a way (or module) to convert DER to PEM format using NodeJS? I couldn't find any and cannot use command line to call openssl via shell.

UPDATE: It's not about HTTPS certificates. It's about general X.509 certificates. And if you mark the question as negative, please leave a comment to justify it. Don't be a stupid if you are not able to help.

I'd leave out the "UPDATE" part if I were you. – Dominykas Blyžė Aug 15 '15 at 19:07 — Dominykas Blyžė, Aug 15 '15 at 19:07

score 19 · Answer 1 · answered Jan 17 '18 at 20:52

19

I think the PEM format is just the DER binary data that has been base64 encoded, split into 64 character lines, and wrapped between '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----'.

So you could do this:

var prefix = '-----BEGIN CERTIFICATE-----\n';
var postfix = '-----END CERTIFICATE-----';
var pemText = prefix + derBuffer.toString('base64').match(/.{0,64}/g).join('\n') + postfix;

You will not need to put a '\n' before the postfix because the last match of the der buffer should be an empty string '', so there will be a '\n' at the end of derBuffer.toString('base64').match(/.{0,64}/g).join('\n')

answered Jan 17 '18 at 20:52

Nick Sotiros

2,194
1
22
18

2

Fantastic, this should be the answer. Works with any DER to PEM, e.g X509 CRL – John B Nov 28 '19 at 03:16
I was looking for a library to convert DER to PEM and felt like looking for [is-odd](https://www.npmjs.com/package/is-odd) after seeing this. – Ali Tou Mar 13 '22 at 16:49
1

@JohnB this should be the answer if it had been posted 3 years earlier. – blzn Mar 31 '22 at 12:35

score 4 · Answer 2 · answered Aug 15 '15 at 19:06

4

Here's one way of doing it:

function derToPem(der) {
 var forge = require("node-forge");
 var derKey = forge.util.decode64(der);
 var asnObj = forge.asn1.fromDer(derKey);
 var asn1Cert = forge.pki.certificateFromAsn1(asnObj);
 return forge.pki.certificateToPem(asn1Cert);
};

answered Aug 15 '15 at 19:06

Dominykas Blyžė

149
3

1

Good try, but it doesn't support ECDSA for public keys. – blzn Sep 01 '15 at 17:14

score 2 · Accepted Answer · answered Oct 20 '15 at 17:25

2

Dominykas' answer was good, but in my case, I have a certificate that uses ECC and node-forge does not support it. So I've found a module called node-openssl-wrapper, which worked perfectly well because it encapsulates the openssl commands in a simple function call, like this:

co(function*() {
  var ossl = require('openssl-wrapper');
  var derCert = new Buffer('...'); // binary DER certificate
  var pemCert = yield ossl.qExec('x509', derCert, { inform: 'der', outform: 'pem' });
});

answered Oct 20 '15 at 17:25

blzn

342
1
3
15

I think this answer works for me, but when I use this pemCert in crypto.publicDecrypt(pemkey, cipherText) and it says: (pemkey) is not a buffer. Any idea? Thanks a lot in advance. @blzn – leonsPAPA May 09 '16 at 16:18
1

Maybe you should try `crypto.publicDecrypt(new Buffer(pemkey), cipherText)`. – blzn May 16 '17 at 17:51

NodeJS: Validate certificate in DER format

3 Answers3

Linked