opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK)

Downloads in past


2,8841510.5.26a month ago9 years agoMinified + gzip package size for jsrsasign in KB


jsrsasign ========= license bower npm version npm downloads jsdeliver downloads CDNJS githubsponsors cryptocurrency jsrsasign TOP | github | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL | AddOn | DONATE The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token/Key in pure JavaScript. Public page is https://kjur.github.io/jsrsasign . Your bugfix and pull request contribution are always welcomed :) NEWS ----
  • 2020-Sep-23: 10.0.0 released for CMS SignedData related class including timestamp and CAdES architecture update
  • 2020-Aug-24: 9.1.0 released to new CRL APIs align with certificate
  • 2020-Aug-19: 9.0.0 released for major update of certificate and CSR generation and parsing without backward compatibility. Please see migration guide in detail.
  • 2020-Aug-02: twitter account @jsrsasign started for announcement. please follow.
HIGHLIGHTS ----------
  • Swiss Army Knife style all in one package crypto and PKI library
  • Long live open source software from 2010
  • very easy API to use
  • powerful various format key loader and ASN.1 API
  • rich document and samples
  • no dependency to other library
  • no dependency on newer ECMAScirpt function. So old browsers also supported.
INSTALL -------

Node NPM

> npm install jsrsasign jsrsasign-util


> bower install jsrsasign

Or include in HTML from many CDN sites

> <script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/8.0.20/jsrsasign-all-min.js"></script>
USAGE ----- Loading encrypted PKCS#5 private key:
> var rs = require('jsrsasign');
> var rsu = require('jsrsasign-util');
> var pem = rsu.readFile('z1.prv.p5e.pem');
> var prvKey = rs.KEYUTIL.getKey(pem, 'passwd');
Sign string 'aaa' with the loaded private key:
> var sig = new a.Signature({alg: 'SHA1withRSA'});
> sig.init(prvKey);
> sig.updateString('aaa');
> var sigVal = sig.sign();
> sigVal
MORE TUTORIALS AND SAMPLES --------------------------


|published|fixed version|title/advisory|CVE|CVSS| |:---|:---|:---|:---|:---| |2022Jun24|10.5.25|JWS and JWT signature validation vulnerability with special characters|CVE-2022-25898|?| |2021Apr14|10.2.0|RSA signature validation vulnerability on maleable encoded message|CVE-2021-30246|9.1| |2020Jun22|8.0.19|ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding|CVE-2020-14966|5.5| |2020Jun22|8.0.18|RSA RSAES-PKCS1-v15 and RSA-OAEP decryption vulnerability with prepending zeros|CVE-2020-14967|4.8| |2020Jun22|8.0.17|RSA-PSS signature validation vulnerability by prepending zeros|CVE-2020-14968|4.2| Here is full published security advisory list.


If you like jsrsasign and my other project, you can support their development by donation through any of the platform/services below. Thank you as always.

Github Sponsors

You can sponsor jsrsasign with the GitHub Sponsors program.


You can donate cryptocurrency to jsrsasign using the following addresses:
  • Bitcoin Cash(BCH): bitcoincash:pq3hy08pc9vm57q6ddgsc06cqdffmfzwwqxd9yejyf