Skip to content

fix: support non-RSA certificates in decoder (EC, Ed25519, etc.)#7

Merged
dehydr8 merged 4 commits into
masterfrom
fix/certificate-decoder-non-rsa-keys
Jan 25, 2026
Merged

fix: support non-RSA certificates in decoder (EC, Ed25519, etc.)#7
dehydr8 merged 4 commits into
masterfrom
fix/certificate-decoder-non-rsa-keys

Conversation

@dehydr8
Copy link
Copy Markdown
Member

@dehydr8 dehydr8 commented Jan 22, 2026
edited
Loading

Summary

Fixes certificate decoder failing with "Cannot read public key. OID is not RSA" when decoding certificates using non-RSA key algorithms (EC, Ed25519, Ed448, etc.).

Changes

  • Replace node-forge with @peculiar/x509 for certificate parsing
    • Modern TypeScript-native library with full support for all certificate types
    • Cleaner API with proper type definitions
  • Restore detailed extension parsing with all fields:
    • Display critical flag for each extension
    • Parse subjectKeyIdentifier, authorityKeyIdentifier values
    • Parse keyUsage flags (digitalSignature, keyEncipherment, etc.)
    • Parse extKeyUsage purposes (serverAuth, clientAuth, etc.)
    • Parse basicConstraints (cA flag, pathLength)
    • Parse authorityInfoAccess (OCSP, CA issuer URLs)
  • Display OID alongside extension names when they differ from friendly names
  • Display key algorithm (RSA, Ed25519, EC, etc.) next to public key
  • Add comprehensive tests for both RSA and Ed25519 certificates

Testing

  • ✅ All tests pass (39 tests)
  • ✅ Type-check passes
  • ✅ Lint passes
  • ✅ Build succeeds
  • ✅ Tested with RSA and Ed25519 certificates

@vercel
Copy link
Copy Markdown

vercel Bot commented Jan 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
good-tools Ready Ready Preview, Comment Jan 25, 2026 2:37am

@dehydr8
fix: support non-RSA certificates in decoder (EC, Ed25519, etc.)
c614b09 
Replace node-forge with @peculiar/x509 library which properly supports
all certificate types including RSA, EC, Ed25519, Ed448, etc.

The previous implementation using node-forge failed with 'Cannot read
public key. OID is not RSA' when decoding certificates using non-RSA
key algorithms.

- Replace node-forge with @peculiar/x509 for certificate parsing
- Cleaner, simpler implementation with proper TypeScript types
- Display key algorithm (RSA, Ed25519, etc.) alongside the public key
- Add tests for RSA and Ed25519 certificate parsing
- Update tools.config.tsx to reference new dependency
@dehydr8 dehydr8 force-pushed the fix/certificate-decoder-non-rsa-keys branch from 30df17e to c614b09 Compare January 23, 2026 01:45
@dehydr8
feat: restore detailed extension parsing in certificate decoder
4b14a51 
Add full extension details including:
- critical flag for all extensions
- subjectKeyIdentifier value
- authorityKeyIdentifier keyIdentifier
- subjectAltName altNames list
- keyUsage flags (digitalSignature, keyEncipherment, etc.)
- extKeyUsage purposes (serverAuth, clientAuth, etc.)
- basicConstraints cA flag and pathLength
- authorityInfoAccess OCSP and CA issuer URLs
@dehydr8
fix: add eslint-disable for @peculiar/x509 toString false positives
883e4f5 
The @peculiar/x509 library's PublicKey class has a proper toString(format)
method that returns PEM-encoded strings, but ESLint's no-base-to-string
rule doesn't recognize it.
@dehydr8
feat: display OID alongside extension name
1b8b479 
Show the OID in parentheses next to the extension name when it differs
from the friendly name (e.g., 'authorityInfoAccess (1.3.6.1.5.5.7.1.1)')
@dehydr8 dehydr8 merged commit 3c44b17 into master Jan 25, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dehydr8