无法使用Node.js crypto对文件签名

我用nodejs crypto创建了一个私钥,并想用该密钥签名文件。我的代码如下:

var ecdh = crypto.createECDH('brainpoolP512t1');

ecdh.generateKeys();

var key = ecdh.getPrivateKey('buffer');

var data= fs.readFileSync(req.file.path);

var sign = crypto.createSign('sha512');

sign.update(data);

var signature = sign.sign(key, 'hex');

但是我得到了错误:

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line

at Error (native)

at Sign.sign (crypto.js:283:26)

at /....js:32:27

at Immediate.<anonymous> (/.../node_modules/multer/lib/make-middleware.js:52:37)

at runCallback (timers.js:578:20)

at tryOnImmediate (timers.js:554:5)

at processImmediate [as _immediateCallback] (timers.js:533:5)

我知道它与密钥格式有关,但我不知道该如何解决。有人可以帮忙吗?

更新:我编辑了privateKey以适合pem格式:

var KEY_START = '-----BEGIN EC PRIVATE KEY-----\n';

var KEY_END = '\n-----END EC PRIVATE KEY-----';

const ecdh = crypto.createECDH('brainpoolP512t1');

ecdh.generateKeys();

var key =KEY_START + ecdh.getPrivateKey('base64') + KEY_END;

var data= fs.readFileSync(req.file.path);

const sign = crypto.createSign('sha512');

sign.update(data);

var signature = sign.sign(key, 'hex');

现在我遇到了另一个错误:

Error: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long

at Error (native)

at Sign.sign (crypto.js:283:26)

at /...js:37:27

at Immediate.<anonymous> (/.../node_modules/multer/lib/make-middleware.js:52:37)

at runCallback (timers.js:578:20)

at tryOnImmediate (timers.js:554:5)

at processImmediate [as _immediateCallback] (timers.js:533:5)

回答:

用于签署数据的密钥必须是有效的PEM编码的私钥。DH getPrivateKey()函数不以这种格式返回密钥,而是返回裸机专用密钥数据。

您的选择包括:

  • 通过OpenSSL密钥生成器实用程序或类似工具生成私钥
  • 使用第三方节点模块正确编码私钥,如RFC 5915中所述。使用asn1.jsbn.js模块的完整示例:

        var crypto = require('crypto');

var asn1 = require('asn1.js');

var BN = require('bn.js');

function toOIDArray(oid) {

return oid.split('.').map(function(s) {

return parseInt(s, 10)

});

}

// Define ECPrivateKey from RFC 5915

var ECPrivateKey = asn1.define('ECPrivateKey', function() {

this.seq().obj(

this.key('version').int(),

this.key('privateKey').octstr(),

this.key('parameters').explicit(0).objid().optional(),

this.key('publicKey').explicit(1).bitstr().optional()

);

});

// Generate the DH keys

var ecdh = crypto.createECDH('brainpoolP512t1');

ecdh.generateKeys();

// Generate the PEM-encoded private key

var pemKey = ECPrivateKey.encode({

version: new BN(1),

privateKey: ecdh.getPrivateKey(),

// OID for brainpoolP512t1

parameters: toOIDArray('1.3.36.3.3.2.8.1.1.14')

}, 'pem', { label: 'EC PRIVATE KEY' });

// Sign data

var sign = crypto.createSign('sha512');

sign.update('hello world');

var signature = sign.sign(pemKey, 'hex');

console.log('signature', signature);

以上是 无法使用Node.js crypto对文件签名 的全部内容, 来源链接: utcz.com/qa/399203.html

回到顶部