Skip to content

omggga/crypto_pro_api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
plugin
plugin
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
cadesplugin_api.js
cadesplugin_api.js
 
 
cryptopro.js
cryptopro.js
 
 
package.json
package.json
 
 

Repository files navigation

crypto_pro_api

Modern ES module wrapper for CryptoPro CAdES Browser plug-in.

The package loads the official cadesplugin_api.js lazily, waits until window.cadesplugin is ready, and returns an importable API object instead of writing a generic window.plugin global.

Install

npm install crypto_pro_api

Usage

import loadPlugin, {
	getCertificateList,
	signBase64,
	verify,
	HASH_ALGORITHMS
} from 'crypto_pro_api'

await loadPlugin()

const certificates = await getCertificateList()
const certificate = certificates[0]

const signature = await signBase64(certificate.thumbprint, base64Data, {
	detached: true
})

const isValid = await verify(base64Data, signature)

API

  • loadPlugin(options) loads cadesplugin_api.js when needed and waits for CryptoPro initialization.
  • about() returns the raw CAdESCOM.About object.
  • version() returns plugin and CSP version information.
  • getCertificateList() returns valid current-user certificates with private keys.
  • getCertificate(thumbprint) returns a raw certificate object by SHA-1 thumbprint.
  • getCertificateKeyAlgorithm(certificate) returns detected provider/key/hash metadata.
  • getHash(data, options) computes a GOST hash.
  • signHash(thumbprint, hash, options) signs a precomputed hash.
  • signHashData(thumbprint, hash, options) signs a precomputed hash and verifies the result.
  • signHashDataNoVerify(thumbprint, hash, options) signs a precomputed hash without self-check.
  • signBase64(thumbprint, base64, options) signs Base64-encoded content.
  • signString(thumbprint, value, options) signs string content.
  • verify(data, signature, options) verifies CAdES-BES and returns true or false.
  • verifyWithInfo(data, signature, options) verifies and returns signer certificate details.
  • verifyHash(hash, signature, options) verifies a signature over a precomputed hash.

Hash Algorithms

CryptoPro supports both GOST R 34.11-2012 256-bit and 512-bit hashes for CAdESCOM.HashedData. For signing precomputed hashes the wrapper defaults to hashAlgorithm: 'auto': it inspects the certificate provider type/OID and selects HASH_ALGORITHMS.GOST_2012_256 or HASH_ALGORITHMS.GOST_2012_512.

You can override it explicitly:

await signHash(thumbprint, hashHex, {
	hashAlgorithm: HASH_ALGORITHMS.GOST_2012_512
})

If the explicit algorithm conflicts with the detected certificate/provider algorithm, the wrapper throws. To force a non-matching algorithm, pass allowAlgorithmMismatch: true.

The wrapper validates hash length before calling CryptoPro:

  • GOST 2012 256 expects a 32-byte hash, or 64 hex characters.
  • GOST 2012 512 expects a 64-byte hash, or 128 hex characters.

Global Export

By default no wrapper API is written to window. If a legacy integration still needs a global, opt in explicitly:

await loadPlugin({ exposeGlobal: true })
window.cryptoProApi.signBase64(...)

Notes

  • This package is browser-only at runtime because CryptoPro CAdES Browser plug-in is exposed through browser globals and extension/native messaging.
  • The bundled cadesplugin_api.js is the official CryptoPro script with Manifest V3 extension support.
  • Official CryptoPro guidance says Manifest V3 support requires updating cadesplugin_api.js in web applications.

License

MIT

About

CryptoPro Plugin Api

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages