search

PeculiarVentures / PKI.js

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
http://pkijs.org
Other
1.25k stars 204 forks source link

Deserialize a certificate or ASN1 LocalBaseBlock #322

Open maganuk opened 2 years ago

maganuk commented 2 years ago

Hi,

We have bunch of certificates in our trust store and a user certificate needs to be validated against this trust store dynamically, which means that with every request we need to reload all certificates into the trust store. Currently just loading 4 certificates by doing const asn1 = fromBER(ber) and then new Certificate({ schema: asn1.result }) is taking about 250ms.

I see there is a toJSON extension available for both Certificates and for asn1.result. Is there any extension available to deserialize this json output to convert back into a Certificate or a ASN1 LocalBaseBlock object? This will help reduce the load times significantly.

Thanks Vishal

microshine commented 2 years ago

We have bunch of certificates in our trust store and a user certificate needs to be validated against this trust store dynamically, which means that with every request we need to reload all certificates into the trust store. Currently just loading 4 certificates by doing const asn1 = fromBER(ber) and then new Certificate({ schema: asn1.result }) is taking about 250ms.

Would it be better to keep parsed certificates in a global variable without parsing them for each incoming request?

I see there is a toJSON extension available for both Certificates and for asn1.result. Is there any extension available to deserialize this json output to convert back into a Certificate or a ASN1 LocalBaseBlock object?

I think it's impossible