如何使用 rsa 公钥验证文件 [英] How to verify file using rsa public key

问题描述

我的工作基于这个答案

我正在尝试使用公钥验证文件.这是我的代码:

I'm trying to verify a file using a public key. Here is my code:

var hash = crypto.createHash("sha256");
hash.setEncoding("hex");
var fd = fs.createReadStream("path/to/my/file");
fd.on("end", function() {
    hash.end();
    var fileHash = hash.read();    
    const publicKey = fs.readFileSync('keys/public_key.pem');
    const verifier = crypto.createVerify('RSA-SHA256');
    const testSignature = verifier.verify(publicKey, fileSignature, 'base64');
    console.log("testSignature: \n" + testSignature);
    if (testSignature === fileHash)
        console.log("ok");
    else
        console.log("not ok");
});
fd.pipe(hash);

我不知道这段代码是否正确，但是当我在控制台中打印它时 testSignature 等于false".为什么 ?

I don't know if this code is correct, but testSignature is equal to "false" when i printed it in the console. Why ?

testSignature:
false

加密的哈希(fileSignature 变量)是正确的.base64 字符串和我预期的一样.

The encrypted hash (the fileSignature variable) is correct. The base64 string is the same as I expect.

知道我的代码有什么问题吗?谢谢

Any idea about what is wrong in my code ? Thanks

编辑

这是生成签名的代码:

var hash = crypto.createHash("sha256");
hash.setEncoding("hex");
var fd = fs.createReadStream("path/to/file");
fd.on("end", function() {
    hash.end();
    var fileHash = hash.read();
    var privateKey = fs.readFileSync('keys/private_key.pem');
    var signer = crypto.createSign('RSA-SHA256');
    signer.update(fileHash);
    fileSignature = signer.sign(privateKey, 'base64');
});
fd.pipe(hash);

推荐答案

假设 path/to/my/file 是你需要验证内容的文件，你必须提供它的内容给verifier.update().请尝试以下操作:

Assuming path/to/my/file is the file of which contents you need to verify, you have to provide its contents to verifier.update(). Try the following:

const input = fs.readFileSync('path/to/my/file'); // load data contents
const publicKey = fs.readFileSync('keys/public_key.pem').toString(); // load the signature, as a string!
const verifier = crypto.createVerify('RSA-SHA256');
verifier.update(input); // provide data contents to the verifier
const testSignature = verifier.verify(publicKey, fileSignature, 'base64');
console.log("testSignature: \n" + testSignature);

另外，请确保 fileSignature 是字符串值而不是 缓冲.出于某种原因，我仍在试图弄清楚为什么，如果您将 Buffer 对象传递给 verifier.verify 它将不起作用:

Also, make sure that fileSignature is a string value and not a Buffer. For some reason, which I am still trying to figure why, if you pass a Buffer object to verifier.verify it will not work:

const fileSignatureBuffer = fs.readFileSync('signature.sha256');
const fileSignatureString = fileSignatureBuffer.toString();
// load public key, create the verifier, provide data contents to verifier, etc.
const testSignature = verifier.verify(publicKey, fileSignatureBuffer); // false
const testSignature = verifier.verify(publicKey, fileSignatureString, 'base64'); // true

如果您使用散列作为签名步骤的输入，那么您必须在验证步骤中传递相同的散列.然后代码将如下所示:

If you are using a hash as input to the signing step, then you have to pass the same hash in the verify step. Then code would look as follows:

const publicKey = fs.readFileSync('keys/public_key.pem').toString(); // load the signature, as a string!
const verifier = crypto.createVerify('RSA-SHA256');
verifier.update(fileSignature); // provide the file signature to the verifier
const testSignature = verifier.verify(publicKey, fileSignature, 'base64');
console.log("testSignature: \n" + testSignature);

这篇关于如何使用 rsa 公钥验证文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！