@platynum/rocatest

Test jsrsasign keys for the ROCA vulnerability

Usage no npm install needed!

<script type="module">
  import platynumRocatest from 'https://cdn.skypack.dev/@platynum/rocatest';
</script>

README

Javascript ROCA test

This module enables you to check RSA public keys for the ROCA vulnerability. For more information on the vulnerability, please check https://crocs.fi.muni.cz/public/papers/rsa_ccs17.

NOTE: This module is based on https://github.com/fotisl/rocatest

Download module

This module is availbale via npm

$ npm install @platynum/rocatest

Technical details

The test is based on the original moduli test. It can detect vulnerable keys loaded using the jsrsasign https://github.com/kjur/jsrsasign library.

Sample usage

var jsrsasign = require('jsrsasign');
var roca = require('../rocatest');

var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 512);
if (roca.check(key.pubKeyObj) === true)
    console.log('Key is vulnerable');