NodeJS 生成用于签名和验证消息的有效 PEM 密钥 [英] NodeJS Generate Valid PEM keys for Signing and Verifying messages
问题描述
来自 NodeJS 文档,关于 TLS/SSL for Node v10.9.0 (2018-AUG)
From the NodeJS documentation on TLS/SSL for Node v10.9.0 (2018-AUG)
https://nodejs.org/api/tls.html#tls_tls_ssl_concepts
openssl genrsa -out ryans-key.pem 2048
将产生:
-----BEGIN RSA PRIVATE KEY-----
base64 encoded magic here...
-----END RSA PRIVATE KEY-----
然后我可以成功地使用 Sign 类对消息进行加密签名:
Which I can then successfully use the Sign class to cryptographically sign a message:
https://nodejs.org/api/crypto.html#crypto_class_sign
const crypto = require('crypto');
const sign = crypto.createSign('RSA-SHA256');
sign.update('some data to sign');
const privateKey = `Insert magic value from above`;
console.log(sign.sign(privateKey, 'base64'));
我尝试了以下方法但没有成功:
I have tried the following with no success:
const crypto = require('crypto');
const dhke = crypto.createDiffieHellman(2048);
dhke.generateKeys();
const private_pem = `-----BEGIN RSA PRIVATE KEY-----
${dhke.getPrivateKey('base64')}
-----END RSA PRIVATE KEY-----`;
console.log(private_pem);
const sign = crypto.createSign('RSA-SHA256');
sign.update('some data to sign');
const signature = sign.sign(private_pem, 'base64');
console.log(signature);
出现以下错误:
Error: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
at Sign.sign (internal/crypto/sig.js:84:26)
...
问题
我如何使用 NodeJS 中的 crypto 库来实现 openssl 命令行工具正在执行的操作(或其他 NPM 模块)以创建有效的 PEM 格式的公共/私有格式Sign 类所需的密钥对?
The Question
How do I use the crypto library in NodeJS to achieve what openssl command line tool is performing (or another NPM module) to create a valid PEM formatted public/private key-pair which is required by the Sign class?
由于接受的答案,这是从开始到完成工作解决方案的开始stackoverflow.com/users/8340438/jacobtdc">JacobTDC 其中 NodeJS v10.12.0 添加了此功能.
Here is the start to finish working solution thanks to the accepted answer from JacobTDC where NodeJS v10.12.0 added this feature.
const crypto = require('crypto'); const sign = crypto.createSign('RSA-SHA256');
sign.update('some data to sign');
// $ openssl genrsa -out ryans-key.pem 2048
// const privateKey = `Insert magic value from above`;
const { generateKeyPairSync } = require('crypto');
const { publicKey, privateKey } = generateKeyPairSync('rsa',
{ modulusLength: 2048, // the length of your key in bits
publicKeyEncoding: {
type: 'spki', // recommended to be 'spki' by the Node.js docs
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8', // recommended to be 'pkcs8' by the Node.js docs
format: 'pem',
//cipher: 'aes-256-cbc', // *optional*
//passphrase: 'top secret' // *optional*
}
});
console.log(privateKey);
console.log(sign.sign(privateKey, 'base64'));
推荐答案
从 Node.js v10.12.0 开始,您可以使用 crypto.generateKeyPair 和 crypto.generateKeyPairSync.
As of Node.js v10.12.0, you can use crypto.generateKeyPair and crypto.generateKeyPairSync.
我在下面的 Node.js 文档中提供了一个示例(添加了注释):
I have provided an example from the Node.js docs below (with added comments):
const { generateKeyPairSync } = require('crypto');
const { publicKey, privateKey } = generateKeyPairSync('rsa', {
modulusLength: 4096, // the length of your key in bits
publicKeyEncoding: {
type: 'spki', // recommended to be 'spki' by the Node.js docs
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8', // recommended to be 'pkcs8' by the Node.js docs
format: 'pem',
cipher: 'aes-256-cbc', // *optional*
passphrase: 'top secret' // *optional*
}
});
这篇关于NodeJS 生成用于签名和验证消息的有效 PEM 密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
