@avieldr/react-native-rsa 1.0.0

package/LICENSE

@@ -0,0 +1,20 @@
+MIT License
+
+Copyright (c) 2026 Aviel Drori
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,453 @@
+# @avieldr/react-native-rsa
+
+High-performance native RSA cryptography for React Native. Uses platform-native crypto libraries (Android `KeyPairGenerator`, iOS `Security` framework) for fast, secure operations.
+
+## Features
+
+- **Native RSA key generation** on both iOS and Android
+- **Encrypt/Decrypt** with OAEP or PKCS#1 padding
+- **Sign/Verify** with PSS or PKCS#1 padding
+- **Key sizes**: 1024, 2048, 4096 bit
+- **Hash algorithms**: SHA-1, SHA-256, SHA-384, SHA-512
+- **Output formats**: PKCS#1 and PKCS#8 (private key), SPKI/X.509 (public key)
+- **Key format conversion** between PKCS#1 and PKCS#8
+- **Public key extraction** from private key
+- **Key validation** (JS-only, no bridge call)
+- **Turbo Module** (New Architecture required)
+
+## Why This Package?
+
+### Performance
+
+Uses platform-native crypto APIs (`KeyPairGenerator` on Android, `Security.framework` on iOS) instead of JavaScript implementations or slow bridge calls:
+
+| Operation       | Native (this package) |
+| --------------- | --------------------- |
+| 2048-bit keygen | ~200ms                |
+| Encrypt/Decrypt | < 10ms                |
+| Sign/Verify     | < 10ms                |
+
+> Note: Pure JS implementations are significantly less efficient for RSA operations.
+
+### Security
+
+- Uses **OS-hardened cryptographic APIs** — battle-tested implementations maintained by Apple and Google
+- No bundled crypto libraries that could become outdated or vulnerable
+- Supports modern padding schemes (OAEP, PSS) recommended by security standards
+
+### Lightweight
+
+Zero runtime dependencies — only peer dependencies on React and React Native.
+
+### Flexibility
+
+- Multiple **padding modes**: OAEP/PKCS#1 for encryption, PSS/PKCS#1 for signatures
+- Multiple **hash algorithms**: SHA-1, SHA-256, SHA-384, SHA-512
+- Multiple **key formats**: PKCS#1 and PKCS#8, with conversion between them
+- Full **TypeScript support** with typed errors and options
+
+### Compatibility
+
+- Requires **New Architecture** (Turbo Modules) — React Native **0.71+**
+- Android **API 24+** (Android 7.0)
+- iOS **13.4+**
+
+## Installation
+
+```sh
+npm install @avieldr/react-native-rsa
+# or
+yarn add @avieldr/react-native-rsa
+```
+
+For iOS:
+
+```sh
+cd ios && pod install
+```
+
+> **💡 Tip:** Check out the [`example/`](./example) app in this repository for complete working demonstrations of all features, including key generation, encryption, signing, and error handling.
+
+## Quick Start
+
+```typescript
+import RSA, { base64ToUtf8 } from '@avieldr/react-native-rsa';
+
+// Generate a key pair
+const { publicKey, privateKey } = await RSA.generateKeyPair(2048);
+
+// Encrypt and decrypt
+const encrypted = await RSA.encrypt('Hello, World!', publicKey);
+const decryptedBase64 = await RSA.decrypt(encrypted, privateKey);
+const decrypted = base64ToUtf8(decryptedBase64); // "Hello, World!"
+
+// Sign and verify
+const signature = await RSA.sign('Message to sign', privateKey);
+const isValid = await RSA.verify('Message to sign', signature, publicKey); // true
+```
+
+## API
+
+### `generateKeyPair(keySize?, options?)`
+
+Generate an RSA key pair using native platform crypto.
+
+```typescript
+import RSA from '@avieldr/react-native-rsa';
+
+const { publicKey, privateKey } = await RSA.generateKeyPair(2048);
+
+// With PKCS#8 format
+const { publicKey, privateKey } = await RSA.generateKeyPair(2048, {
+  format: 'pkcs8',
+});
+```
+
+| Parameter        | Type                 | Default   | Description                             |
+| ---------------- | -------------------- | --------- | --------------------------------------- |
+| `keySize`        | `number`             | `2048`    | RSA key size in bits (1024, 2048, 4096) |
+| `options.format` | `'pkcs1' \| 'pkcs8'` | `'pkcs1'` | Private key output format               |
+
+**Returns:** `Promise<RSAKeyPair>`
+
+```typescript
+interface RSAKeyPair {
+  publicKey: string; // PEM (SPKI/X.509): -----BEGIN PUBLIC KEY-----
+  privateKey: string; // PEM (PKCS#1): -----BEGIN RSA PRIVATE KEY-----
+  // or (PKCS#8): -----BEGIN PRIVATE KEY-----
+}
+```
+
+---
+
+### `encrypt(data, publicKeyPEM, options?)`
+
+Encrypt data with an RSA public key.
+
+```typescript
+// Basic encryption (UTF-8 text)
+const encrypted = await RSA.encrypt('Hello, World!', publicKey);
+
+// With options
+const encrypted = await RSA.encrypt('Hello, World!', publicKey, {
+  padding: 'oaep', // or 'pkcs1'
+  hash: 'sha256', // or 'sha1', 'sha384', 'sha512'
+});
+
+// Binary data (already base64-encoded)
+const encrypted = await RSA.encrypt(binaryDataBase64, publicKey, {
+  encoding: 'base64',
+});
+```
+
+| Parameter          | Type                 | Default    | Description                              |
+| ------------------ | -------------------- | ---------- | ---------------------------------------- |
+| `data`             | `string`             | —          | Data to encrypt (UTF-8 string or base64) |
+| `publicKeyPEM`     | `string`             | —          | Public key in SPKI PEM format            |
+| `options.padding`  | `'oaep' \| 'pkcs1'`  | `'oaep'`   | Padding mode (OAEP recommended)          |
+| `options.hash`     | `HashAlgorithm`      | `'sha256'` | Hash algorithm (used with OAEP)          |
+| `options.encoding` | `'utf8' \| 'base64'` | `'utf8'`   | How to interpret the input string        |
+
+**Returns:** `Promise<string>` — Base64-encoded ciphertext
+
+---
+
+### `decrypt(encrypted, privateKeyPEM, options?)`
+
+Decrypt ciphertext with an RSA private key.
+
+```typescript
+import RSA, { base64ToUtf8 } from '@avieldr/react-native-rsa';
+
+const decryptedBase64 = await RSA.decrypt(encrypted, privateKey);
+const plaintext = base64ToUtf8(decryptedBase64); // Convert back to UTF-8
+
+// With options (must match encryption options)
+const decryptedBase64 = await RSA.decrypt(encrypted, privateKey, {
+  padding: 'oaep',
+  hash: 'sha256',
+});
+```
+
+| Parameter         | Type                | Default    | Description                               |
+| ----------------- | ------------------- | ---------- | ----------------------------------------- |
+| `encrypted`       | `string`            | —          | Base64-encoded ciphertext                 |
+| `privateKeyPEM`   | `string`            | —          | Private key in PEM format (PKCS#1/PKCS#8) |
+| `options.padding` | `'oaep' \| 'pkcs1'` | `'oaep'`   | Padding mode (must match encryption)      |
+| `options.hash`    | `HashAlgorithm`     | `'sha256'` | Hash algorithm (must match encryption)    |
+
+**Returns:** `Promise<string>` — Base64-encoded plaintext (use `base64ToUtf8()` to convert)
+
+---
+
+### `sign(data, privateKeyPEM, options?)`
+
+Sign data with an RSA private key.
+
+```typescript
+const signature = await RSA.sign('Message to sign', privateKey);
+
+// With options
+const signature = await RSA.sign('Message to sign', privateKey, {
+  padding: 'pss', // or 'pkcs1'
+  hash: 'sha256',
+});
+```
+
+| Parameter          | Type                 | Default    | Description                               |
+| ------------------ | -------------------- | ---------- | ----------------------------------------- |
+| `data`             | `string`             | —          | Data to sign (UTF-8 string or base64)     |
+| `privateKeyPEM`    | `string`             | —          | Private key in PEM format (PKCS#1/PKCS#8) |
+| `options.padding`  | `'pss' \| 'pkcs1'`   | `'pss'`    | Padding mode (PSS recommended)            |
+| `options.hash`     | `HashAlgorithm`      | `'sha256'` | Hash algorithm                            |
+| `options.encoding` | `'utf8' \| 'base64'` | `'utf8'`   | How to interpret the input string         |
+
+**Returns:** `Promise<string>` — Base64-encoded signature
+
+---
+
+### `verify(data, signature, publicKeyPEM, options?)`
+
+Verify a signature against data using an RSA public key.
+
+```typescript
+const isValid = await RSA.verify('Message to sign', signature, publicKey);
+// true if signature is valid, false otherwise
+
+// With options (must match signing options)
+const isValid = await RSA.verify('Message to sign', signature, publicKey, {
+  padding: 'pss',
+  hash: 'sha256',
+});
+```
+
+| Parameter          | Type                 | Default    | Description                         |
+| ------------------ | -------------------- | ---------- | ----------------------------------- |
+| `data`             | `string`             | —          | Original data that was signed       |
+| `signature`        | `string`             | —          | Base64-encoded signature            |
+| `publicKeyPEM`     | `string`             | —          | Public key in SPKI PEM format       |
+| `options.padding`  | `'pss' \| 'pkcs1'`   | `'pss'`    | Padding mode (must match signing)   |
+| `options.hash`     | `HashAlgorithm`      | `'sha256'` | Hash algorithm (must match signing) |
+| `options.encoding` | `'utf8' \| 'base64'` | `'utf8'`   | How to interpret the input string   |
+
+**Returns:** `Promise<boolean>` — `true` if valid, `false` otherwise
+
+---
+
+### `getPublicKeyFromPrivate(privateKeyPEM)`
+
+Extract the public key from an RSA private key.
+
+```typescript
+const publicKey = await RSA.getPublicKeyFromPrivate(privateKey);
+```
+
+Accepts both PKCS#1 and PKCS#8 private key formats.
+
+**Returns:** `Promise<string>` — Public key in SPKI PEM format
+
+---
+
+### `convertPrivateKey(pem, targetFormat)`
+
+Convert a private key between PKCS#1 and PKCS#8 formats.
+
+```typescript
+// Convert PKCS#1 to PKCS#8
+const pkcs8Key = await RSA.convertPrivateKey(pkcs1Key, 'pkcs8');
+
+// Convert PKCS#8 to PKCS#1
+const pkcs1Key = await RSA.convertPrivateKey(pkcs8Key, 'pkcs1');
+```
+
+| Parameter      | Type                 | Description                  |
+| -------------- | -------------------- | ---------------------------- |
+| `pem`          | `string`             | Private key in PEM format    |
+| `targetFormat` | `'pkcs1' \| 'pkcs8'` | Target format for conversion |
+
+**Returns:** `Promise<string>` — Private key in the target format
+
+---
+
+### `getKeyInfo(keyString)`
+
+Analyze a PEM key string and return metadata. Runs entirely in JS — no native bridge call.
+
+```typescript
+import { getKeyInfo } from '@avieldr/react-native-rsa';
+
+const info = getKeyInfo(privateKey);
+// {
+//   isValid: true,
+//   format: 'pkcs1',
+//   keyType: 'private',
+//   pemLineCount: 13,
+//   derByteLength: 609,
+//   errors: []
+// }
+```
+
+**Returns:** `RSAKeyInfo`
+
+```typescript
+interface RSAKeyInfo {
+  isValid: boolean;
+  format: 'pkcs1' | 'pkcs8' | 'public' | 'unknown';
+  keyType: 'private' | 'public' | 'unknown';
+  pemLineCount: number;
+  derByteLength: number;
+  errors: string[];
+}
+```
+
+---
+
+## Encoding Utilities
+
+The library provides pure-JS encoding utilities that work in all React Native JS engines.
+
+```typescript
+import { utf8ToBase64, base64ToUtf8 } from '@avieldr/react-native-rsa';
+
+// Encode UTF-8 text to base64
+const encoded = utf8ToBase64('Hello, 世界! 🎉');
+
+// Decode base64 back to UTF-8
+const decoded = base64ToUtf8(encoded);
+```
+
+These are useful for:
+
+- Converting decrypted data back to readable text
+- Preparing binary data for encryption
+- Handling Unicode and emoji correctly
+
+---
+
+## Error Handling
+
+The library throws `RsaError` for invalid inputs and native failures with specific error codes:
+
+```typescript
+import RSA, { RsaError } from '@avieldr/react-native-rsa';
+
+try {
+  await RSA.encrypt('data', 'invalid-key');
+} catch (error) {
+  if (error instanceof RsaError) {
+    console.log(error.code); // 'INVALID_KEY'
+    console.log(error.message); // Detailed error message
+    console.log(error.cause); // Original error (if from native layer)
+  }
+}
+```
+
+### Validation Errors
+
+These are thrown **before** calling native code when inputs are invalid:
+
+| Error Code         | Description                               |
+| ------------------ | ----------------------------------------- |
+| `INVALID_INPUT`    | Required parameter is missing or empty    |
+| `INVALID_KEY`      | Key format is wrong or key type mismatch  |
+| `INVALID_KEY_SIZE` | Unsupported key size (not 1024/2048/4096) |
+| `INVALID_PADDING`  | Unknown padding mode                      |
+| `INVALID_HASH`     | Unknown hash algorithm                    |
+| `INVALID_FORMAT`   | Unknown key format                        |
+| `INVALID_ENCODING` | Unknown encoding type                     |
+
+### Native Operation Errors
+
+These are thrown when the platform crypto operation fails:
+
+| Error Code              | Description                                    |
+| ----------------------- | ---------------------------------------------- |
+| `KEY_GENERATION_FAILED` | Native key generation failed                   |
+| `KEY_EXTRACTION_FAILED` | Failed to extract public key from private key  |
+| `KEY_CONVERSION_FAILED` | Failed to convert key between formats          |
+| `ENCRYPTION_FAILED`     | Encryption failed (e.g., data too large)       |
+| `DECRYPTION_FAILED`     | Decryption failed (e.g., wrong key or padding) |
+| `SIGNING_FAILED`        | Signing operation failed                       |
+| `VERIFICATION_FAILED`   | Signature verification failed                  |
+
+### TypeScript Support
+
+The error code type is exported for TypeScript users:
+
+```typescript
+import type { RsaErrorCode } from '@avieldr/react-native-rsa';
+
+function handleError(code: RsaErrorCode) {
+  switch (code) {
+    case 'INVALID_KEY':
+      // Handle invalid key
+      break;
+    case 'DECRYPTION_FAILED':
+      // Handle decryption failure
+      break;
+    // ...
+  }
+}
+```
+
+---
+
+## Types
+
+All types are exported for TypeScript users:
+
+```typescript
+import type {
+  RSAKeyPair,
+  RSAKeyInfo,
+  GenerateKeyPairOptions,
+  KeyFormat,
+  EncryptOptions,
+  DecryptOptions,
+  SignOptions,
+  VerifyOptions,
+  EncryptionPadding,
+  SignaturePadding,
+  HashAlgorithm,
+  InputEncoding,
+  RsaErrorCode,
+} from '@avieldr/react-native-rsa';
+```
+
+| Type                | Values                                       |
+| ------------------- | -------------------------------------------- |
+| `KeyFormat`         | `'pkcs1' \| 'pkcs8'`                         |
+| `RsaErrorCode`      | See [Error Handling](#error-handling)        |
+| `EncryptionPadding` | `'oaep' \| 'pkcs1'`                          |
+| `SignaturePadding`  | `'pss' \| 'pkcs1'`                           |
+| `HashAlgorithm`     | `'sha1' \| 'sha256' \| 'sha384' \| 'sha512'` |
+| `InputEncoding`     | `'utf8' \| 'base64'`                         |
+
+---
+
+## Benchmarks
+
+Typical key generation times on modern devices:
+
+| Key Size | Time     |
+| -------- | -------- |
+| 1024-bit | ~50ms    |
+| 2048-bit | ~200ms   |
+| 4096-bit | ~2,000ms |
+
+_Times vary by device. Measured on mid-range Android and iPhone devices._
+
+---
+
+## Security Recommendations
+
+- **Use OAEP padding** for encryption (default) — PKCS#1 v1.5 is vulnerable to padding oracle attacks
+- **Use PSS padding** for signatures (default) — more secure than PKCS#1 v1.5
+- **Use SHA-256 or higher** — SHA-1 is deprecated for new applications
+- **Use 2048-bit keys minimum** — 1024-bit is considered weak
+
+---
+
+## License
+
+MIT

package/Rsa.podspec

@@ -0,0 +1,23 @@
+require "json"
+
+package = JSON.parse(File.read(File.join(__dir__, "package.json")))
+
+Pod::Spec.new do |s|
+  s.name         = "Rsa"
+  s.version      = package["version"]
+  s.summary      = package["description"]
+  s.homepage     = package["homepage"]
+  s.license      = package["license"]
+  s.authors      = package["author"]
+
+  s.platforms    = { :ios => min_ios_version_supported }
+  s.source       = { :git => "https://github.com/avieldr/react-native-rsa-turbo.git", :tag => "#{s.version}" }
+
+  s.source_files = "ios/**/*.{h,m,mm,swift,cpp}"
+  s.private_header_files = "ios/**/*.h"
+
+  s.swift_version = "5.0"
+  s.frameworks   = "Security"
+
+  install_modules_dependencies(s)
+end

package/android/build.gradle

@@ -0,0 +1,69 @@
+buildscript {
+  ext.Rsa = [
+    kotlinVersion: "2.0.21",
+    minSdkVersion: 24,
+    compileSdkVersion: 36,
+    targetSdkVersion: 36
+  ]
+
+  ext.getExtOrDefault = { prop ->
+    if (rootProject.ext.has(prop)) {
+      return rootProject.ext.get(prop)
+    }
+
+    return Rsa[prop]
+  }
+
+  repositories {
+    google()
+    mavenCentral()
+  }
+
+  dependencies {
+    classpath "com.android.tools.build:gradle:8.7.2"
+    // noinspection DifferentKotlinGradleVersion
+    classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:${getExtOrDefault('kotlinVersion')}"
+  }
+}
+
+
+apply plugin: "com.android.library"
+apply plugin: "kotlin-android"
+
+apply plugin: "com.facebook.react"
+
+android {
+  namespace "com.rsa"
+
+  compileSdkVersion getExtOrDefault("compileSdkVersion")
+
+  defaultConfig {
+    minSdkVersion getExtOrDefault("minSdkVersion")
+    targetSdkVersion getExtOrDefault("targetSdkVersion")
+  }
+
+  buildFeatures {
+    buildConfig true
+  }
+
+  buildTypes {
+    release {
+      minifyEnabled false
+    }
+  }
+
+  lint {
+    disable "GradleCompatible"
+  }
+
+  compileOptions {
+    sourceCompatibility JavaVersion.VERSION_1_8
+    targetCompatibility JavaVersion.VERSION_1_8
+  }
+}
+
+dependencies {
+  implementation "com.facebook.react:react-android"
+  implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3"
+  implementation "org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3"
+}

package/android/src/main/AndroidManifest.xml

@@ -0,0 +1,2 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+</manifest>

package/android/src/main/java/com/rsa/RsaModule.kt

@@ -0,0 +1,129 @@
+package com.rsa
+
+import com.facebook.react.bridge.Arguments
+import com.facebook.react.bridge.Promise
+import com.facebook.react.bridge.ReactApplicationContext
+import com.rsa.core.RSACipher
+import com.rsa.core.RSAKeyGenerator
+import com.rsa.core.RSASigner
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.SupervisorJob
+import kotlinx.coroutines.cancel
+import kotlinx.coroutines.launch
+
+/**
+ * React Native TurboModule bridging RSA operations to JavaScript.
+ *
+ * Each method launches a coroutine on Dispatchers.Default (background thread pool)
+ * to keep crypto operations off the main thread, and resolves/rejects the JS promise.
+ *
+ * Dispatches to:
+ *   - [RSAKeyGenerator] for key generation, public key extraction, and format conversion
+ *   - [RSACipher] for encrypt/decrypt
+ *   - [RSASigner] for sign/verify
+ */
+class RsaModule(reactContext: ReactApplicationContext) :
+  NativeRsaSpec(reactContext) {
+
+  private val supervisorJob = SupervisorJob()
+  private val moduleScope = CoroutineScope(Dispatchers.Default + supervisorJob)
+  private val keyGenerator = RSAKeyGenerator.getInstance()
+
+  override fun invalidate() {
+    supervisorJob.cancel("RsaModule invalidated")
+    super.invalidate()
+  }
+
+  // --- Key Generation ---
+
+  override fun generateKeyPair(keySize: Double, format: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val result = keyGenerator.generateKeyPair(keySize.toInt(), format)
+        val map = Arguments.createMap()
+        map.putString("publicKey", result.publicKey)
+        map.putString("privateKey", result.privateKey)
+        promise.resolve(map)
+      } catch (e: Exception) {
+        promise.reject("RSAKeyGenerationError", e.message, e)
+      }
+    }
+  }
+
+  override fun getPublicKeyFromPrivate(privateKeyPEM: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val publicKeyPEM = keyGenerator.getPublicKeyFromPrivate(privateKeyPEM)
+        promise.resolve(publicKeyPEM)
+      } catch (e: Exception) {
+        promise.reject("RSAKeyExtractionError", e.message, e)
+      }
+    }
+  }
+
+  // --- Encrypt / Decrypt ---
+
+  override fun encrypt(dataBase64: String, publicKeyPEM: String, padding: String, hash: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val result = RSACipher.encrypt(dataBase64, publicKeyPEM, padding, hash)
+        promise.resolve(result)
+      } catch (e: Exception) {
+        promise.reject("RSAEncryptError", e.message, e)
+      }
+    }
+  }
+
+  override fun decrypt(dataBase64: String, privateKeyPEM: String, padding: String, hash: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val result = RSACipher.decrypt(dataBase64, privateKeyPEM, padding, hash)
+        promise.resolve(result)
+      } catch (e: Exception) {
+        promise.reject("RSADecryptError", e.message, e)
+      }
+    }
+  }
+
+  // --- Sign / Verify ---
+
+  override fun sign(dataBase64: String, privateKeyPEM: String, padding: String, hash: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val result = RSASigner.sign(dataBase64, privateKeyPEM, padding, hash)
+        promise.resolve(result)
+      } catch (e: Exception) {
+        promise.reject("RSASignError", e.message, e)
+      }
+    }
+  }
+
+  override fun verify(dataBase64: String, signatureBase64: String, publicKeyPEM: String, padding: String, hash: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val result = RSASigner.verify(dataBase64, signatureBase64, publicKeyPEM, padding, hash)
+        promise.resolve(result)
+      } catch (e: Exception) {
+        promise.reject("RSAVerifyError", e.message, e)
+      }
+    }
+  }
+
+  // --- Key Format Conversion ---
+
+  override fun convertPrivateKey(pem: String, targetFormat: String, promise: Promise) {
+    moduleScope.launch {
+      try {
+        val result = keyGenerator.convertPrivateKey(pem, targetFormat)
+        promise.resolve(result)
+      } catch (e: Exception) {
+        promise.reject("RSAConvertKeyError", e.message, e)
+      }
+    }
+  }
+
+  companion object {
+    const val NAME = NativeRsaSpec.NAME
+  }
+}