我试图找到在Node.js中执行S / MIME签名/验证签名的任何包或解决方案,但只找到使用外部调用(子进程)到OpenSSL的解决方案。 我需要在AWS Lambda中运行我的代码作为Node.js,因此调用OpenSSL二进制文件不是一个选项......
是否可以仅使用Node.js验证和签署X.509 pkcs7-signature S / MIME(Base64)签名?
示例公钥:
-----BEGIN CERTIFICATE-----
MIIDwzCCAqugAwIBAgIIKHUtBJ7PgSwwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UE
BhMCU0UxEjAQBgNVBAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQD
DAx0ZXN0LmFzMi5uZXQwHhcNMTgwMzE0MTI1MTAzWhcNMTkwMzE0MTI1MTAzWjBG
MQswCQYDVQQGEwJTRTESMBAGA1UEBwwJU3RvY2tob2xtMQwwCgYDVQQKDANBUzIx
FTATBgNVBAMMDHRlc3QuYXMyLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALXXVK5jP9H9JjOe9Iiba1235Xz/WuFUVP5I2Pl1ClkvGlUZRIQrje7K
Ar3OBuh8iOiNko+HuWXN505WvmiVESH9mrSSfXHDUU+JcCDkbNLDFJKiEAeZni6f
cTMMU7eWL/ZwVvAaOVXIjCC6l+nf6+rI9HNIKUpr96iIWDUMot5PQURFNUEg0OQ4
HFsuXtrm8CvbD/v3dj/2nke+HzIra27+2v3hFFP0EPCRz4+okh3a6pWrXnozrmRn
e+FFRH8mq0N0UH1AtiArDpCspnZJEGsquvj2/ruSHCarQpOS12MfPY6uFlGym3fZ
H1AxpDn11KIC3L3iNAMNCh7DWtxyrbcCAwEAAaOBtDCBsTAMBgNVHRMEBTADAQH/
MB0GA1UdDgQWBBTOWGctZLOpraEmeF77hpPcbHzbZzB1BgNVHSMEbjBsgBTOWGct
ZLOpraEmeF77hpPcbHzbZ6FKpEgwRjELMAkGA1UEBhMCU0UxEjAQBgNVBAcMCVN0
b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQDDAx0ZXN0LmFzMi5uZXSCCCh1
LQSez4EsMAsGA1UdDwQEAwICvDANBgkqhkiG9w0BAQsFAAOCAQEAQNhK/jVm6PRd
ui2ptx0wLd4QD7duPxULfYdhbab+Odp/LbQ08Mp1FZ8JjnJnH/z1H7SH4kPjEHIC
22VDvK1+MAjTq4iPKgpmtBSdC8dJ/S8rNE9nzpfuheM79ES8ERPNTi2Mumq1OM8L
43J+LMVwNyWx4JlI7egJgqzP5NKaPo35pI1Z/71eVGn6uPwlOdP9s8unwtOYSGZ+
mVUwQ/wiGuJ7VsxCeGPpG2rV38zUGQGiOqerkqHCLDL2K3ondA53M/myAhA7M2qP
BNPee9guEEXiI/W038rzPVSE8lETbNEnsTLxCI1uN68tEBRSZlBQwu/r/pOXP3fw
/HaEGP0gsQ==
-----END CERTIFICATE-----
使用匹配的私钥签名的示例邮件:
This is an S/MIME signed message
------FF336B91207E7B459FAC35C0D274B8F8
Content-Type: text/plain
UNB+UNOC:3+esab+postnet+111101:1954+6045++++++'UNH+12011+INVOIC:D:93A:UN:EDIT30'BGM+380::9+006124412+9'DTM+137:20111101:102'UNT+55+12011'UNZ+1+6045'
------FF336B91207E7B459FAC35C0D274B8F8
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIIGTwYJKoZIhvcNAQcCoIIGQDCCBjwCAQExCTAHBgUrDgMCGjALBgkqhkiG9w0B
BwGgggPHMIIDwzCCAqugAwIBAgIIKHUtBJ7PgSwwDQYJKoZIhvcNAQELBQAwRjEL
MAkGA1UEBhMCU0UxEjAQBgNVBAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUw
EwYDVQQDDAx0ZXN0LmFzMi5uZXQwHhcNMTgwMzE0MTI1MTAzWhcNMTkwMzE0MTI1
MTAzWjBGMQswCQYDVQQGEwJTRTESMBAGA1UEBwwJU3RvY2tob2xtMQwwCgYDVQQK
DANBUzIxFTATBgNVBAMMDHRlc3QuYXMyLm5ldDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALXXVK5jP9H9JjOe9Iiba1235Xz/WuFUVP5I2Pl1ClkvGlUZ
RIQrje7KAr3OBuh8iOiNko+HuWXN505WvmiVESH9mrSSfXHDUU+JcCDkbNLDFJKi
EAeZni6fcTMMU7eWL/ZwVvAaOVXIjCC6l+nf6+rI9HNIKUpr96iIWDUMot5PQURF
NUEg0OQ4HFsuXtrm8CvbD/v3dj/2nke+HzIra27+2v3hFFP0EPCRz4+okh3a6pWr
XnozrmRne+FFRH8mq0N0UH1AtiArDpCspnZJEGsquvj2/ruSHCarQpOS12MfPY6u
FlGym3fZH1AxpDn11KIC3L3iNAMNCh7DWtxyrbcCAwEAAaOBtDCBsTAMBgNVHRME
BTADAQH/MB0GA1UdDgQWBBTOWGctZLOpraEmeF77hpPcbHzbZzB1BgNVHSMEbjBs
gBTOWGctZLOpraEmeF77hpPcbHzbZ6FKpEgwRjELMAkGA1UEBhMCU0UxEjAQBgNV
BAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQDDAx0ZXN0LmFzMi5u
ZXSCCCh1LQSez4EsMAsGA1UdDwQEAwICvDANBgkqhkiG9w0BAQsFAAOCAQEAQNhK
/jVm6PRdui2ptx0wLd4QD7duPxULfYdhbab+Odp/LbQ08Mp1FZ8JjnJnH/z1H7SH
4kPjEHIC22VDvK1+MAjTq4iPKgpmtBSdC8dJ/S8rNE9nzpfuheM79ES8ERPNTi2M
umq1OM8L43J+LMVwNyWx4JlI7egJgqzP5NKaPo35pI1Z/71eVGn6uPwlOdP9s8un
wtOYSGZ+mVUwQ/wiGuJ7VsxCeGPpG2rV38zUGQGiOqerkqHCLDL2K3ondA53M/my
AhA7M2qPBNPee9guEEXiI/W038rzPVSE8lETbNEnsTLxCI1uN68tEBRSZlBQwu/r
/pOXP3fw/HaEGP0gsTGCAlIwggJOAgEBMFIwRjELMAkGA1UEBhMCU0UxEjAQBgNV
BAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQDDAx0ZXN0LmFzMi5u
ZXQCCCh1LQSez4EsMAcGBSsOAwIaoIHYMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTE4MDMxNDEzMzgwM1owIwYJKoZIhvcNAQkEMRYE
FOLO/ihBaZEe6+s2HipYsy+ie9WLMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUD
BAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZI
hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo
MA0GCSqGSIb3DQEBAQUABIIBAH4HrlzhccYzwmxlDjRWa0cn2eOIz6tYnOKqjcgQ
wVVM0BEkXusnz+3o/KMqpCjTDWcC4yOrJqJVVGKl11yGkUs/3PKZZyEGcKR0PRl0
R+2tTcwt7CT8uqH64sth23DUU7r4tAnbmMhI6Gwsc/6ttLC5qVJrg80dcWmmUx7J
AWrigTQUW70yU3HbyIm+fA87j0vilgL/eXMAWT/TB73x3zRz+UVRkEyPM+JWK0Xj
voMK1drjXrSm/xJrzo6/5p2o0X/yhi9V/QEctCU9nfrv1+uDVJek0uMTR/xwRUs6
Jua/lzQjxJwCGSGabfQ8VbAABZZNBzMAAMzgQEvfQZb8enA=
------FF336B91207E7B459FAC35C0D274B8F8--
答案 0 :(得分:0)
是的,可以结合使用crypto和node-forge!
function verify() {
var crypto = require('crypto');
// pkg_sig is the extracted Signature from the S/MIME
// with added -----BEGIN PKCS7----- around it
var msg = pkcs7.messageFromPem(pkg_sig);
var sig = msg.rawCapture.signature;
// pkg is the "clean" signed data from the S/MIME
var buf = new Buffer(pkg, 'binary');
var verifier = crypto.createVerify("RSA-SHA256");
verifier.update(buf);
var verified = verifier.verify(cert, sig, 'binary');
console.log(verified);
}
function sign() {
/*
// Verified working AW, 2018-03-15
// Signature successfully verified by OPENSSL
openssl smime -verify -in packageCopy.txt -CAfile test.as2.net-sscert.pem
Content-Type: text/plain
UNB+UNOC:3+esab+postnet+111101:1954+6045++++++'UNH+12011+INVOIC:D:93A:UN:EDIT30'BGM+380::9+006124412+9'DTM+137:20111101:102'UNT+55+12011'UNZ+1+6045' Verification successful
*/
var p7 = pkcs7.createSignedData();
p7.content = forge.util.createBuffer(pkg);
p7.addCertificate(cert);
p7.addSigner({
key: forge.pki.privateKeyFromPem(key),
certificate: cert,
digestAlgorithm: forge.pki.oids.sha256
});
p7.sign();
var pem = pkcs7.messageToPem(p7);
console.log(pem);
}