Node.js crypto.publicEncrypt:'错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行' [英] Node.js crypto.publicEncrypt: 'Error: error:0906D06C:PEM routines:PEM_read_bio:no start line'
问题描述
我正在尝试使用crypto.js中的公钥加密,我想使用 publicEncrypt
加密某些消息,并使用 privateDecrypt
对其解密.
I'm trying to use the public key encryption in crypto.js, I want to encrypt some message using publicEncrypt
, and decrypt it with privateDecrypt
.
const crypto=require('crypto');
let alice=crypto.getDiffieHellman('modp14');
alice.generateKeys();
let enc=crypto.publicEncrypt(alice.getPublicKey(),Buffer.from('hello'));
但是, crypto.publicEncrypt
行导致以下错误:错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行"
However, the crypto.publicEncrypt
line is causing the following error:
"Error: error:0906D06C:PEM routines:PEM_read_bio:no start line"
推荐答案
crypto.DiffieHellman.getPublicKey()
返回的公钥值只是原始DH号,可以选择以base64或hex编码.它不是(任何)PEM格式,甚至不是ASN.1/DER格式(可以很容易地转换为PEM).同样, crypto.ECDH.getPublicKey()
只是关键点(采用常规X9.62格式),而不是任何PEM或DER格式.
The public key value returned by crypto.DiffieHellman.getPublicKey()
is just the raw DH number, optionally encoded in base64 or hex. It is not in (any) PEM format or even ASN.1/DER format (which could easily be turned into PEM). Similarly crypto.ECDH.getPublicKey()
is only the point (in conventional X9.62 format), not any PEM or DER format.
此外,DH和ECDH不是加密算法,它们是密钥协商(或秘密协商)算法,并且操作由 DiffieHellman.computeSecret()
或 ECDH执行.computeSecret()
分别.尽管没有明确记录,但 publicEncrypt
实际上调用了OpenSSL的 EVP_PKEY_encrypt {_init,}
,它不支持DH或ECDH,仅支持RSA(具有多种填充选项),并且可能支持GOST-包装(我无法轻易验证,它很可能取决于版本,因为几年前从1.1.0版开始的上游OpenSSL放弃了GOST算法).
Moreover, DH and ECDH are not encryption algorithms, they are key-agreement (or secret-agreement) algorithms, and that operation is performed by DiffieHellman.computeSecret()
or ECDH.computeSecret()
respectively. Although not clearly documented, publicEncrypt
actually calls OpenSSL's EVP_PKEY_encrypt{_init,}
which doesn't support DH or ECDH, only RSA (with several choices of padding) and possibly GOST-wrap (I can't easily verify that and it may well be version dependent because upstream OpenSSL as of 1.1.0 a few years ago dropped the GOST algorithms).
简而言之,你不能那样做.
In short, you can't do that.
这篇关于Node.js crypto.publicEncrypt:'错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行'的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!