无法使用nodejs加密签名文件 [英] Unable to sign a file with nodejs crypto
问题描述
我使用nodejs crypto创建了一个私钥,并且想用这个密钥签署一个文件。
我的代码如下:
var ecdh = crypto.createECDH('brainpoolP512t1');
ecdh.generateKeys();
var key = ecdh.getPrivateKey('buffer');
var data = fs.readFileSync(req.file.path);
var sign = crypto.createSign('sha512');
sign.update(data);
var signature = sign.sign(key,'hex');
但我得到错误:
错误:错误:0906D06C:PEM例程:PEM_read_bio:无起始行
出现错误(原生)
在Sign.sign(crypto.js:283:26)
at /....js:32:27
立即。< anonymous> (/.../node_modules/multer/lib/make-middleware.js:52:37)runCallback(timers.js:578:20)
在tryOnImmediate(timers.js:554: 5)
at processImmediate [as _immediateCallback](timers.js:533:5)
我知道它与关键格式有关,但我不知道如何解决这个问题。任何人都可以帮忙?
更新:
我编辑了privateKey以符合pem格式:
var KEY_START ='----- BEGIN EC PRIVATE KEY ----- \';
var KEY_END ='\\\
----- END EC PRIVATE KEY -----';
const ecdh = crypto.createECDH('brainpoolP512t1');
ecdh.generateKeys();
var key = KEY_START + ecdh.getPrivateKey('base64')+ KEY_END;
var data = fs.readFileSync(req.file.path);
const sign = crypto.createSign('sha512');
sign.update(data);
var signature = sign.sign(key,'hex');
现在我有一个不同的错误:
<错误:错误:0D07207B:ASN1编码例程:ASN1_get_object:头太长$ b $在错误(本地)
在Sign.sign(crypto.js:283: 26)
at /...js:37:27
立即。< anonymous> (/.../node_modules/multer/lib/make-middleware.js:52:37)runCallback(timers.js:578:20)
在tryOnImmediate(timers.js:554: 5)
at processImmediate [as _immediateCallback](timers.js:533:5)
与数据签署的密钥必须是有效的PEM编码私钥。
您的选项包括:通过OpenSSL密钥生成器实用程序或类似方法生成私钥
$ b
-
使用第三方节点模块正确编码私钥,如 RFC 5915 中所述。使用
asn1.js和bn.js模块的完整示例:
var crypto = require('crypto');
var asn1 = require('asn1.js');
var BN = require('bn.js');
函数toOIDArray(oid){
return oid.split('。')。map(函数(s){
返回parseInt(s,10)
});
}
//定义RFC 5915中的ECPrivateKey
var ECPrivateKey = asn1.define('ECPrivateKey',function(){
this.seq()。obj (
this.key('version')。int(),
this.key('privateKey')。octstr(),
this.key('parameters')。explicit( 0).objid()。optional(),
this.key('publicKey')。explicit(1).bitstr()。optional()
);
});
//产生DH键
var ecdh = crypto.createECDH('brainpoolP512t1');
ecdh.generateKeys();
//生成PEM编码的私钥
var pemKey = ECPrivateKey.encode({
版本:new BN(1),
privateKey:ecdh.getPrivateKey (),
// OID for brainpoolP512t1
参数:toOIDArray('1.3.36.3.3.2.8.1.1.14')
},'pem',{label:'EC PRIVATE KEY' });
//签署数据
var sign = crypto.createSign('sha512');
sign.update('hello world');
var signature = sign.sign(pemKey,'hex');
console.log('签名',签名);
I've created a private Key with nodejs crypto and want to sign a file with this key. My code is following:
var ecdh = crypto.createECDH('brainpoolP512t1');
ecdh.generateKeys();
var key = ecdh.getPrivateKey('buffer');
var data= fs.readFileSync(req.file.path);
var sign = crypto.createSign('sha512');
sign.update(data);
var signature = sign.sign(key, 'hex');
But I get the error:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Error (native)
at Sign.sign (crypto.js:283:26)
at /....js:32:27
at Immediate.<anonymous> (/.../node_modules/multer/lib/make-middleware.js:52:37)
at runCallback (timers.js:578:20)
at tryOnImmediate (timers.js:554:5)
at processImmediate [as _immediateCallback] (timers.js:533:5)
I know it has something to do with the key format, but I don't know how to fix this. Can anyone help?
UPDATE: I edited the privateKey to fit the pem format:
var KEY_START = '-----BEGIN EC PRIVATE KEY-----\n';
var KEY_END = '\n-----END EC PRIVATE KEY-----';
const ecdh = crypto.createECDH('brainpoolP512t1');
ecdh.generateKeys();
var key =KEY_START + ecdh.getPrivateKey('base64') + KEY_END;
var data= fs.readFileSync(req.file.path);
const sign = crypto.createSign('sha512');
sign.update(data);
var signature = sign.sign(key, 'hex');
And now I geht a different error:
Error: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
at Error (native)
at Sign.sign (crypto.js:283:26)
at /...js:37:27
at Immediate.<anonymous> (/.../node_modules/multer/lib/make-middleware.js:52:37)
at runCallback (timers.js:578:20)
at tryOnImmediate (timers.js:554:5)
at processImmediate [as _immediateCallback] (timers.js:533:5)
The key you sign the data with needs to be a valid PEM-encoded private key. The DH getPrivateKey() function does not return a key in this format, it returns the bare private key data.
Your options include:
- Generating a private key via the OpenSSL key generator utility or similar
Using third-party node modules to properly encode the private key as outlined in RFC 5915. Full example using the
asn1.jsandbn.jsmodules:var crypto = require('crypto'); var asn1 = require('asn1.js'); var BN = require('bn.js'); function toOIDArray(oid) { return oid.split('.').map(function(s) { return parseInt(s, 10) }); } // Define ECPrivateKey from RFC 5915 var ECPrivateKey = asn1.define('ECPrivateKey', function() { this.seq().obj( this.key('version').int(), this.key('privateKey').octstr(), this.key('parameters').explicit(0).objid().optional(), this.key('publicKey').explicit(1).bitstr().optional() ); }); // Generate the DH keys var ecdh = crypto.createECDH('brainpoolP512t1'); ecdh.generateKeys(); // Generate the PEM-encoded private key var pemKey = ECPrivateKey.encode({ version: new BN(1), privateKey: ecdh.getPrivateKey(), // OID for brainpoolP512t1 parameters: toOIDArray('1.3.36.3.3.2.8.1.1.14') }, 'pem', { label: 'EC PRIVATE KEY' }); // Sign data var sign = crypto.createSign('sha512'); sign.update('hello world'); var signature = sign.sign(pemKey, 'hex'); console.log('signature', signature);
这篇关于无法使用nodejs加密签名文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
