Node.js crypto.publicEncrypt:'错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行' [英] Node.js crypto.publicEncrypt: 'Error: error:0906D06C:PEM routines:PEM_read_bio:no start line'

问题描述

我正在尝试使用crypto.js中的公钥加密，我想使用 publicEncrypt 加密某些消息，并使用 privateDecrypt 对其解密.

I'm trying to use the public key encryption in crypto.js, I want to encrypt some message using publicEncrypt, and decrypt it with privateDecrypt.

const crypto=require('crypto');
let alice=crypto.getDiffieHellman('modp14');
alice.generateKeys();
let enc=crypto.publicEncrypt(alice.getPublicKey(),Buffer.from('hello'));

但是， crypto.publicEncrypt 行导致以下错误:错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行"

However, the crypto.publicEncrypt line is causing the following error: "Error: error:0906D06C:PEM routines:PEM_read_bio:no start line"

推荐答案

crypto.DiffieHellman.getPublicKey()返回的公钥值只是原始DH号，可以选择以base64或hex编码.它不是(任何)PEM格式，甚至不是ASN.1/DER格式(可以很容易地转换为PEM).同样， crypto.ECDH.getPublicKey()只是关键点(采用常规X9.62格式)，而不是任何PEM或DER格式.

The public key value returned by crypto.DiffieHellman.getPublicKey() is just the raw DH number, optionally encoded in base64 or hex. It is not in (any) PEM format or even ASN.1/DER format (which could easily be turned into PEM). Similarly crypto.ECDH.getPublicKey() is only the point (in conventional X9.62 format), not any PEM or DER format.

此外，DH和ECDH不是加密算法，它们是密钥协商(或秘密协商)算法，并且操作由 DiffieHellman.computeSecret()或 ECDH执行.computeSecret()分别.尽管没有明确记录，但 publicEncrypt 实际上调用了OpenSSL的 EVP_PKEY_encrypt {_init，} ，它不支持DH或ECDH，仅支持RSA(具有多种填充选项)，并且可能支持GOST-包装(我无法轻易验证，它很可能取决于版本，因为几年前从1.1.0版开始的上游OpenSSL放弃了GOST算法).

Moreover, DH and ECDH are not encryption algorithms, they are key-agreement (or secret-agreement) algorithms, and that operation is performed by DiffieHellman.computeSecret() or ECDH.computeSecret() respectively. Although not clearly documented, publicEncrypt actually calls OpenSSL's EVP_PKEY_encrypt{_init,} which doesn't support DH or ECDH, only RSA (with several choices of padding) and possibly GOST-wrap (I can't easily verify that and it may well be version dependent because upstream OpenSSL as of 1.1.0 a few years ago dropped the GOST algorithms).

简而言之，你不能那样做.

In short, you can't do that.

这篇关于Node.js crypto.publicEncrypt:'错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行'的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！