NodeJS加密无法验证Web加密API创建的签名

时间:2019-03-15 19:43:53

标签: node.js cryptography rsa webcryptoapi

我在验证由Web Crypto API创建的签名时遇到麻烦。

这是我用来在浏览器中生成RSA密钥的代码:

let keys;

const generateKeys = async () => {
  const options = {
    name: 'RSASSA-PKCS1-v1_5',
    modulusLength: 2048, 
    publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
    hash: { name: 'SHA-256' }, 
  };

  keys = await window.crypto.subtle.generateKey(
    options,
    false, // non-exportable (public key still exportable)
    ['sign', 'verify'],
  );
};

并导出公钥:

const exportPublicKey = async () => {    
  const publicKey = await window.crypto.subtle.exportKey('spki', keys.publicKey);

  let body = window.btoa(String.fromCharCode(...new Uint8Array(publicKey)));
  body = body.match(/.{1,64}/g).join('\n');

  return `-----BEGIN PUBLIC KEY-----\n${body}\n-----END PUBLIC KEY-----`;

  // Output:
  //
  // -----BEGIN PUBLIC KEY-----
  // MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx7J3SUG4sq/HSGIaGZWY
  // 8b26cfEpVFYHoDUDUORIJzA/fLE9aj+uOKpGUTSfW69rMm7DAOLDz05KaEJJSI5+
  // YbDPr2S82A2ByHHQt+Vu168sGz4noXTTSX2HIdVutaR/IJ0a5pNOa1vRR4MUW/ZO
  // YaRir3yC5YXgcFLwwQaifNZ3lZ7WndbYEjTGOcieQQ81IUP2221PZCJI52S95nYm
  // VfslsLiPhOFH7XhGSqelGYDi0cKyl0p6dKvYxFswfKKLTuWnu2BEFLjVq4S5Y9Ob
  // SGm0KL/8g7pAqjac2sMzzhHtxZ+7k8tynzAf4slJJhHMm5U4DcSelTe5zOkprCJg
  // muyv0H1Acb3tfXsBwfURjiE0cvSMhfum5I5epF+f139tsr1zNF24F2WgvEZZbXcG
  // g1LveGCJ/0BY0pzE71DU2SYiUhl+HGDv2u32vJO80jCDf2lu7izEt544a+XE+2X0
  // zVpwjNQGa2Nd4ApGosa1fbcS5MsEdbyrjMf80SAmOeb9g3y5Zt2MY7M0Njxbvmmd
  // mF20PkklpH0L01lhg2AGma4o4ojolYHzDoM5a531xTw1fZIdgbSTowz0SlAHAKD3
  // c2KCCsKlBbFcqy4q7yNX63SqmI3sNA3kTH9CQJdBloRvV103Le9C0iY8CAWQmow5
  // N/sDJUabgOMqe9yopSjb7LUCAwEAAQ==
  // -----END PUBLIC KEY-----
};

要签名消息:

const generateHash = async (message) => {
  const encoder = new TextEncoder();
  const buffer = encoder.encode(message);

  const digest = await window.crypto.subtle.digest('SHA-256', buffer);
  return digest;
};

const signMessage = async (message) => {
  const { privateKey } = keys;
  const digest = await generateHash(message);
  const signature = await window.crypto.subtle.sign('RSASSA-PKCS1-v1_5', privateKey, digest);
  return signature;
};

要在浏览器中验证消息,请执行以下操作:

const verifyMessage = async (signature, message) => {
  const { publicKey } = keys;
  const digest = await generateHash(message);
  const result = await window.crypto.subtle.verify('RSASSA-PKCS1-v1_5', publicKey, signature, digest);
  return result;
};

创建密钥后,公共密钥将导出并发送到服务器。稍后:

const message = 'test';
const signature = await signMessage(message);
await verifyMessage(signature, message); // true

sendToServer(message, bufferToHex(signature));

由于签名是ArrayBuffer,所以我使用以下代码将其转换为十六进制:

const bufferToHex = input => [...new Uint8Array(input)]
  .map(v => v.toString(16).padStart(2, '0')).join('');

在服务器上(NodeJS 8.11.0):

const publicKey = getPublicKey(userId);

const verifier = crypto.createVerify('RSA-SHA256');
verifier.update(message, 'utf-8');

const sigBuf = Buffer.from(signature, 'hex');
verifier.verify(publicKey, sigBuf); // false

我已经追踪这个问题好几天了,但似乎无法弄清楚。我已经尝试RSA-SHA256sha256WithRSAEncryption进行验证,但均无济于事。此外,不会引发任何错误。任何帮助将不胜感激!

4 个答案:

答案 0 :(得分:1)

需要注意的是,cryptocrypto.subtle 在签名之前都会对消息进行哈希处理,因此不需要单独进行哈希处理。

假设您能够正确创建和加载密钥,您的代码应该如下所示。

浏览器

const message = 'hello'
const encoder = new TextEncoder()
const algorithmParameters = { name: 'RSASSA-PKCS1-v1_5' }
const signatureBytes = await window.crypto.subtle.sign(
  algorithmParameters,
  privateKey,
  encoder.encode(message)
)
const base64Signature = window.btoa(
  String.fromCharCode.apply(null, new Uint8Array(signatureBytes))
)
console.log(base64Signature)
// TiJZTTihhUYAIlOm2PpnvJa/+15WOX2U0iKJ2LXsLecvohhRIWnwFfdHy4ci10mcv/UQgf2+bFf9lfFZUlPPdzckBNfXIqAjafM8XquJiw/t1v+pEGtJpaGASlzuWuL37gp3k8ux3l6zBKKbBVPPASkHVhz37uY1AXeMblfRbFE=

节点

此实现使用 crypto,但您可以使用 crypto.subtle 以更类似于浏览器 javascript 语法

const crypto = require('crypto')

const message = 'hello'
const base64Signature = 'TiJZTTihhUYAIlOm2PpnvJa/+15WOX2U0iKJ2LXsLecvohhRIWnwFfdHy4ci10mcv/UQgf2+bFf9lfFZUlPPdzckBNfXIqAjafM8XquJiw/t1v+pEGtJpaGASlzuWuL37gp3k8ux3l6zBKKbBVPPASkHVhz37uY1AXeMblfRbFE='
const hashingAlgorithm = 'rsa-sha256'
const doesVerify = crypto.verify(
  hashingAlgorithm,
  Buffer.from(message),
  { key: publicKey },
  Buffer.from(base64Signature, 'base64')
);
console.log(doesVerify)
// true

答案 1 :(得分:0)

不是直接的答案,但使用它可能会更容易:https://www.npmjs.com/package/@peculiar/webcrypto,因此您的客户端和服务器上的代码是一致的,同时可以解决此问题。

答案 2 :(得分:0)

所以我不完全理解为什么会发生这种情况,但是要解决此问题,我需要将SHA哈希从ArrayBuffer转换为十六进制字符串,然后使用TextEncoder读回数组缓冲区。

const generateHash = async (message) => {
  const encoder = new TextEncoder();
  const buffer = encoder.encode(message);

  const digest = await window.crypto.subtle.digest('SHA-256', buffer);

  // Convert to hex string
  return [...new Uint8Array(digest)]
    .map(v => v.toString(16).padStart(2, '0')).join('');;
};

然后在签名时:

const signMessage = async (message) => {
  const encoder = new TextEncoder();
  const { privateKey } = keys;
  const digest = await generateHash(message);
  const signature = await window.crypto.subtle.sign('RSASSA-PKCS1-v1_5', privateKey, encoder.encode(digest));
  return signature;
};

签名不再在客户端上验证,而是在节点上验证。 ‍♂️

答案 3 :(得分:0)

问题在于,当您实际上应该对输入的哈希签名时,您正在对输入的哈希哈希签名。 SubtleCrypto在内部对输入进行哈希处理。您无需提供哈希输入。由于您提供了哈希输入作为参数,因此SubtleCrypto再次对其进行哈希处理,然后对其进行签名,这导致签名不匹配。

相关问题
最新问题