Using node.js crypto to verify signatures

Question

I am trying to use AWS lambda to verify signatures created with sec256r1 in swift.

Message: "some text to sign"

Has been hashed with sha256 too

signatures will be in base64

encoding:MEYCIQCPfWhpzxMqu3gZWflBm5V0aetgb2/S+SGyGcElaOjgdgIhALaD4lbxVwa8HUUBFOLz+CGvIioDkf9oihSnXHCqh8yV

and public key will look like so:

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXIvPbzLjaPLd8jgiv1TL/X8PXpJN
gDkGRj9U9Lcx1yKURpQFVavcMkfWyO8r7JlZNMax0JKfLZUM1IePRjHlFw==
-----END PUBLIC KEY-----

To clarify,

I am trying to use lambda to verify signatures that come from the client side, and encrypt data with their public key if need be.

Here is code:

    const crypto = require('crypto');
    const verify = crypto.createVerify('SHA256');

    verify.write('some text to sign');
    verify.end();

    const l1 = "-----BEGIN PUBLIC KEY-----\n"
    const l2 = 
  "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXIvPbzLjaPLd8jgiv1TL/X8PXpJNgDkGRj9U9Lcx1yKURpQFVavcMkfWyO8r7JlZNMax0JKfLZUM1IePRjHlFw=="

    const l3 = "\n-----END PUBLIC KEY-----"

    const publicKey = l1 + l2 + l3

    const signature = "MEYCIQCPfWhpzxMqu3gZWflBm5V0aetgb2/S+SGyGcElaOjgdgIhALaD4lbxVwa8HUUBFOLz+CGvIioDkf9oihSnXHCqh8yV";

    console.log(verify.verify(publicKey, signature));// Prints: true or false

What is your question? Please edit the question to include what you are seeking help with. — Jason Aller, Feb 04 '18 at 18:14
I'm trying to use lambda to verify the signature that I generated — WeCanBeFriends, Feb 04 '18 at 18:15
What is the problem you've encountered while trying to use lambda to verify the signature? What have you tried? Is there code that would add context? — Jason Aller, Feb 04 '18 at 18:16
It is saying that the signature is false, not sure why. It was in nodejs — WeCanBeFriends, Feb 04 '18 at 18:18
It sounds like your problem is how to use the Python crypto API correctly and not anything specific to Lambda. Can you get this code working outside of Lambda? — jarmod, Feb 04 '18 at 18:23
@jarmod I have been doing it outside of lambda, tried python, then tried nodeJS — WeCanBeFriends, Feb 04 '18 at 18:30
See if this helps for node.js: https://stackoverflow.com/questions/25006460/cant-verify-signature-witn-node-js-crypto-using-key-pairs — jarmod, Feb 04 '18 at 19:16
@jarmod finally got it to work, with the link you provided. Thank you. If you write it up, I will accept your answer — WeCanBeFriends, Feb 04 '18 at 21:36

Menelaos Kotsollaris · Answer 1 · 2019-02-15T05:43:32.933

Here's how to inegrate with Nodejs.Crypto. First, the RSA private and public keys need to be generated. There are several ways to do that, here's an a way to do this online with encrypt.JS. You can use getSignatureByInput function below after private and public keys have been stored into the filesystem which generates a unique signature given a string input:

const crypto = require('crypto')
const fs = require('fs')

const getSignatureByInput = (input) => {
  let privatePem = fs.readFileSync('PRIVATE_KEY_FILE_PATH_GOES_HERE')
  let key = privatePem.toString('ascii')
  let sign = crypto.createSign('RSA-SHA256')
  sign.update(input)
  let signature = sign.sign(key, 'hex')

  return signature
}

Thereafter, to verify a signature, you can use the following function:

const getSignatureVerifyResult = (input) => {
        let signatureSignedByPrivateKey = getSignatureByInput(input)

        let pem = fs.readFileSync('PUBLIC_KEY_FILE_PATH_GOES_HERE')
        let publicKey = pem.toString('ascii')
        const verifier = crypto.createVerify('RSA-SHA256')

        verifier.update(input, 'ascii')

        const publicKeyBuf = new Buffer(publicKey, 'ascii')
        const signatureBuf = new Buffer(signatureSignedByPrivateKey, 'hex')
        const result = verifier.verify(publicKeyBuf, signatureBuf)

        return result;
}

getSignatureVerifyResult will return true/false depending on whether the signature are verified. Keep in mind that there's a plethora of algorithms to choose when it comes to signing.

exactly what I was looking for – Saksham Khurana Feb 15 '20 at 16:54 — Saksham Khurana, Feb 15 '20 at 16:54

score 4 · Accepted Answer · answered Feb 04 '18 at 23:41

4

Please see the fuller solution at this StackOverflow post which shows how to use the verify.update() and verify.verify() methods in node.js.

answered Feb 04 '18 at 23:41

jarmod

71,565
16
115
122

Using node.js crypto to verify signatures

2 Answers2

Linked