For anyone stumbling onto this, Fedor clued me into something I should have already known. The current crypto module within node.js does not have facilities to generate RSA public/private key pairs. The DiffieHellman facility does indeed generate public/private key pairs but are not suited for digital signatures (key exchanges only).
I was under the assumption that I could use the private/public keypair to sign and verify content. Here is an updated gist <https://gist.github.com/jas-/9330405> with commented source to help anyone else out. On Monday, March 3, 2014 5:01:17 PM UTC-7, jas wrote: > > I confused the private key as an RSA pkey, n/m. Thanks. > > On Monday, March 3, 2014 3:47:16 PM UTC-7, Fedor Indutny wrote: >> >> Ah, well, it is expected. How could you use diffie hellman private key >> as a RSA input? >> >> On Tue, Mar 4, 2014 at 12:37 AM, jas <[email protected]> wrote: >> > Sure... And the gist in case the formatting gets buggered. Thanks for >> your >> > help. The problem is with the >> > crypto.createSign(algo).update(ct).final(privKey, enc) not allowing for >> > anything except a PEM formatted ascii key which eliminates the >> following use >> > case as a possible method for signing using a private key generated >> with the >> > crypto.DiffieHellman class of functions which only export the keys in >> > binary, hex or base64 formats. >> > >> >> /* Bob's environment */ >> >> var crypto = require('crypto'); >> >> crypto.DEFAULT_ENCODING = 'hex' >> >> >> >> var dhBob = crypto.getDiffieHellman('modp18') >> >> , kBob = dhBob.generateKeys() >> >> , keysBob = { >> >> pubKey: dhBob.getPublicKey(), >> >> privKey: dhBob.getPrivateKey() >> >> }; >> >> >> >> /* Alice's envrionment setup (different computer emulation) */ >> >> var dhAlice = crypto.getDiffieHellman('modp18') >> >> , kAlice = dhAlice.generateKeys() >> >> , keysAlice = { >> >> pubKey: dhAlice.getPublicKey(), >> >> privKey: dhAlice.getPrivateKey() >> >> }; >> >> >> >> >> >> /* Bob recieves Alice's public key & generates a shared secret */ >> >> var secret = dhBob.computeSecret(keysAlice.pubKey); >> >> >> >> /* Bob uses shared secret to create cipher text */ >> >> try { >> >> var cipher = crypto.createCipher('aes-256-cbc', secret) >> >> , ct = []; >> >> >> >> ct.push(cipher.update('This is a secret message for Alice')); >> >> ct.push(cipher.final()); >> >> var result = ct.join(''); >> >> } catch(e){ >> >> throw new Error('Could not create encryption object'); >> >> } >> >> >> >> /* Bob then computes a digest of the cipher text */ >> >> var digest = crypto.createHmac('sha256', secret); >> >> digest.update(result); >> >> var hmac = digest.digest(); >> >> >> >> /* Create object of ct & hmac and stringify it */ >> >> var sendToAlice = JSON.stringify({ message: result, digest: hmac }); >> >> >> >> /* Bob then signs the object using his DH private key as Alice already >> has >> >> his >> >> public key for verification */ >> >> var sig = crypto.createSign('RSA-SHA256'); >> >> sig.update(sendToAlice); >> >> sig.sign(keysBob.privKey); >> > >> > >> > On Monday, March 3, 2014 1:32:17 PM UTC-7, Fedor Indutny wrote: >> >> >> >> Hm... could you please paste an example of code that doesn't work for >> you? >> >> >> >> On Mon, Mar 3, 2014 at 10:13 PM, jas <[email protected]> wrote: >> >> > Also, here is the error from using >> >> > crypto.createSign.update('msg').sign(privateKey, 'hex') due to the >> >> > export of >> >> > crypto.DiffieHellman.generateKeys lack of ascii output / >> >> > crypto.createSign.update('msg').sign(privKey, 'hex') lack of >> anything >> >> > but >> >> > ascii input >> >> > >> >> > 139797041080096:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> > line:../deps/openssl/openssl/crypto/pem/pem_lib.c:703:Expecting: ANY >> >> > PRIVATE >> >> > KEY >> >> > >> >> > >> >> > On Monday, March 3, 2014 10:49:01 AM UTC-7, jas wrote: >> >> >> >> >> >> Hello, thanks for the response! >> >> >> >> >> >> Perhaps my original question would be better to include a more >> robust >> >> >> use >> >> >> case: https://gist.github.com/jas-/9330405 >> >> >> >> >> >> Attempting to specify privKey.toString('hex') would not work in >> that >> >> >> use >> >> >> case due to crypto.DiffieHellman.generateKeys() only exporting >> binary, >> >> >> hex >> >> >> or base64 private key formats. >> >> >> >> >> >> On Monday, March 3, 2014 10:01:56 AM UTC-7, Fedor Indutny wrote: >> >> >>> >> >> >>> Hi! >> >> >>> >> >> >>> It is just a convenience thing, the key itself is usually PEM >> encoded >> >> >>> and >> >> >>> you could pass it as a string or Buffer, without any additional >> >> >>> encoding >> >> >>> set. >> >> >>> >> >> >>> However, if you do following thing: >> >> >>> >> >> >>> var key = fs.readFileSync('key.pem').toString('hex'); >> >> >>> s.sign(key, 'hex'); >> >> >>> >> >> >>> The additional encoding param could suddenly become useful ;) >> >> >>> >> >> >>> So, answering your question - it is a design decision. >> >> >>> >> >> >>> On Mon, Mar 3, 2014 at 8:56 PM, jas <[email protected]> wrote: >> >> >>> > Does anyone know if the privKey arg when using >> >> >>> > crypto.createSign().update(ct).sign(privKey, encoding) can be a >> >> >>> > buffer, >> >> >>> > hex >> >> >>> > encoding string etc? >> >> >>> > >> >> >>> > It seems (according to the docs & source) that it requires an >> ascii >> >> >>> > PEM >> >> >>> > (L#2974) formatted private key, which eliminates the use of the >> >> >>> > crypto.DiffieHellman.generateKeys() private key as its only >> output >> >> >>> > options >> >> >>> > are binary, hex or base64. >> >> >>> > >> >> >>> > Is this a design decision? >> >> >>> > >> >> >>> > -- >> >> >>> > -- >> >> >>> > Job Board: http://jobs.nodejs.org/ >> >> >>> > Posting guidelines: >> >> >>> > >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> >> >>> > You received this message because you are subscribed to the >> Google >> >> >>> > Groups "nodejs" group. >> >> >>> > To post to this group, send email to [email protected] >> >> >>> > To unsubscribe from this group, send email to >> >> >>> > [email protected] >> >> >>> > For more options, visit this group at >> >> >>> > http://groups.google.com/group/nodejs?hl=en?hl=en >> >> >>> > >> >> >>> > --- >> >> >>> > You received this message because you are subscribed to the >> Google >> >> >>> > Groups >> >> >>> > "nodejs" group. >> >> >>> > To unsubscribe from this group and stop receiving emails from >> it, >> >> >>> > send >> >> >>> > an >> >> >>> > email to [email protected]. >> >> >>> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
