{{ csr.trim() }}
Public-key infrastructure guards digital trust by binding identities to cryptographic keys through certificates. The journey starts with a Certificate Signing Request (CSR), a structured, signed message that bundles the applicant’s public key alongside identifying attributes and optional subject-alternative names.
This client-side decoder validates a pasted or uploaded PEM-encoded CSR, verifies its internal signature, extracts key algorithm, key size and signature scheme, and lists every identity field in both human-readable and JSON formats. All processing occurs entirely within your browser, preserving confidentiality.
Paste or drop a CSR to confirm its contents before sending it to a certificate authority—perfect for DevOps pipelines and security audits. Never share the associated private key; keep it offline and protected.
A CSR is encoded with ASN.1, distilled to DER, then wrapped in PEM boundaries for transport. Inside, a distinguished-name object describes the subject, whereas an extensions container may hold subject-alternative names and key-usage hints. The public key and metadata are hashed, signed with the applicant’s private key and carried alongside the unsigned metadata. Signature verification recreates the hash, raises it to the public exponent in modular arithmetic and compares results, proving possession of the private key without exposing it.
| Symbol | Meaning | Unit | Typical Range | Sensitivity |
|---|---|---|---|---|
| s | Signature integer | bits | 2048-8192 | High |
| e | Public exponent | — | 65 537 | Low |
| n | Modulus | bits | 2048-8192 | High |
| m | Signed metadata | bytes | ≈ 350-2 000 | Medium |
| H | Hash function | — | SHA-256+ | Medium |
Example — verifying a 2048-bit RSA CSR
Given e=65 537, n=…2048 bits, and SHA-256 digest H(m)=0x2f…af, raise the signature integer s to e modulo n. The result matches H(m), confirming the request’s integrity and the signer’s key ownership.
Decoding runs entirely in the browser through a lightweight cryptographic library, completing typical CSRs in under 2 ms (O(n) with respect to key length). All calculations use native big-int arithmetic where available. No network calls occur, ensuring predictable latency and compliance with air-gapped workflows.
Follow these steps to inspect a CSR quickly and export its details.
Inspecting a CSR confirms its subject, key strength and extensions before submission, preventing costly issuance mistakes.
No. All parsing occurs locally in your browser and never leaves your device.
The decoder accepts PEM-encoded text and common file extensions such as .pem, .csr and .txt.
Yes. It reconstructs the digest from CSR fields and compares it with the embedded signature to prove authenticity.
Use the Info tab’s CSV actions or download the full JSON model for integration with audit or pipeline scripts.