igcv3 - v1.1.0
    Preparing search index...

    Class PkiService

    PKI Service for cryptographic operations including key generation and CSR creation.

    Uses dependency injection pattern. The EccProvider dependency must be passed to the constructor. Instantiate via composition root or directly for testing.

    const eccProvider = new EccProvider();
    const pkiService = new PkiService(eccProvider);
    const keyPair = await pkiService.generateKeyPair({ algo: 'rsa', size: 2048 });
    Index

    Constructors

    constructor

    Properties

    eccProvider

    Methods

    generateKeyPair generateRsaKeyPair generateEcdsaKeyPair generateEd25519KeyPair createCsr createRsaCsr createEccCsr savePrivateKey savePublicDoc saveFile loadPrivateKey parseSANsForForge parseSingleSAN parseIPToBytes

    Constructors

    Properties

    eccProvider: EccProvider

    Methods

    • Create a Certificate Signing Request (CSR) Routes to RSA (node-forge) or ECC (@peculiar/x509) based on key type

      Parameters

      Returns Promise<string | Buffer>

    • Create CSR with RSA key (node-forge) - synchronous for backward compatibility.

      Parameters

      • options: CsrOptions

        CSR generation options including subject, extensions, and key pair

      Returns string | Buffer

      PEM string or DER Buffer depending on options.encoding

      If key pair is not RSA type

      If SAN contains invalid IP address

    • Create CSR with ECC key (ECDSA or Ed25519) via @peculiar/x509.

      Parameters

      • options: CsrOptions

        CSR generation options including subject, extensions, and key pair

      Returns Promise<string | Buffer>

      PEM string or DER Buffer depending on options.encoding

      If key pair is RSA type (use createRsaCsr instead)

    • Save a Private Key to disk with secure permissions (400)

      Parameters

      • filePath: string
      • key: string | PrivateKey
      • encoding: "pem" | "der" = 'pem'

      Returns Promise<void>

    • Save a Public Key / Certificate / CSR to disk with read-only permissions (444)

      Parameters

      • filePath: string
      • content: string | Buffer

      Returns Promise<void>

    • Parameters

      • filePath: string
      • content: string | Buffer
      • mode: number

      Returns Promise<void>

    • Load a Private Key from a file (PEM format).

      Parameters

      • filePath: string

        Path to the PEM-encoded private key file

      Returns PrivateKey

      Parsed private key object

      If file does not exist

      If file cannot be read or parsed as PEM

    • Parse Subject Alternative Names into node-forge format. Supports DNS, IP (v4/v6), URI, and EMAIL types.

      Parameters

      • sans: string[]

      Returns { type: number; value: string }[]

    • Parse a single SAN entry (e.g., "DNS:example.com", "IP:192.168.1.1").

      Parameters

      • san: string

      Returns { type: number; value: string }

    • Convert an IP address (v4 or v6) to binary string for node-forge.

      Parameters

      • ip: string

        IP address string (IPv4 or IPv6)

      Returns string

      Binary string representation for node-forge SAN

      If IP address is empty or invalid

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Methods