To generate self-signed x.509 certificates and private keys from within an application, modules like pem have to rely on spawning the system's OpenSSL, which is problematic as it can be out of date or worse, not available at all (Windows).
I think it would make sense to expose the following APIs from the bundled OpenSSL through crypto:
- generate a private key
- generate a self-signed certificate
- generate dh parameters
Accompaning the above, I could also see the following:
- read a private key's size
- read certificate fields
- read dh parameters's key size
To generate self-signed x.509 certificates and private keys from within an application, modules like pem have to rely on spawning the system's OpenSSL, which is problematic as it can be out of date or worse, not available at all (Windows).
I think it would make sense to expose the following APIs from the bundled OpenSSL through
crypto:Accompaning the above, I could also see the following: