12

Is there a good way to validate signatures in Node.JS (v0.4+) with public keys?

Current crypto module allows this with certificates but not with public keys. For example:

var crypto = require("crypto");

verifier = crypto.createVerifier("sha1");
verifier.update("signed data");
verifier.verify(CERT, signature);

Variable CERT needs to be signed certificate (I guess the public key is pulled from that) but all I have is the public key and not a certificate.

Only solid way to achieve this seems to be dumping the contents of the data, public key and signature into files and execute openssl dgst

fs.writeFileSync("public.key", pubkey);
fs.writeFileSync("sig.sha1", signature);
fs.writeFileSync("data.txt", data);
exec("openssl dgst -sha1 -verify public.key -signature sig.sha1 data.txt", ...)

But creating (and deleting) files every time I need to verify a signature seems like a total waste.

Any good ideas how to do it better?

UPDATE 2011-08-03

Crypto module in Node.js v0.5 allows verifying both with certificates and public keys (RSA or X.509)

gevorg
  • 4,835
  • 4
  • 35
  • 52
Andris
  • 27,649
  • 4
  • 34
  • 38
  • Well, I'm pretty sure openssl is the way to go. Will it let you stream the values in or must that app use files? How often are you going to do this? – jcolebrand Jun 02 '11 at 17:50
  • Regularily, but not very often. I can live with this solution but it just feels so wrong, especially when compared to the much more elegant crypto.verifier. I would prefer not to use files. – Andris Jun 02 '11 at 18:01
  • I want to pass a public key as the first argument but I am not sure whether it should be the b64 encoded string, the string wrapped with '----BEGIN KEY----' and '-----END KEY----' or new Buffer(the_string,'base64'). I tried all but crypto is still looking for CERTIFICATE. How to tell it I am passing a public key directly? – Ustaman Sangat Apr 09 '12 at 23:27
  • I used -----BEGIN PUBLIC KEY---- and ----END PUBLIC KEY---- as I saw openssl spits out on extracting public key from a private key PEM, and the error messages went away. – Ustaman Sangat Apr 10 '12 at 16:22
  • 1
    I tried to use the Crypto module in node 0.8 to do this ... and failed. You seem to have had more success, can you post some code? – iandotkelly Jan 09 '13 at 17:26

1 Answers1

1

Why don't you just take your public key and put it into a self-signed certificate? Then node's crypto module will work fine for you.

http://www.akadia.com/services/ssh_test_certificate.html

I would think that doing this would be much more efficient than forking an openssl subprocess.

Peter Lyons
  • 142,938
  • 30
  • 279
  • 274
  • Is it possible to generate a certificate with a public key? All the examples are using private not public keys. – Andris Jul 08 '11 at 08:30
  • All examples involve a pair of 2 keys, 1 private, 1 public. When you create the CSR, the CSR contains a certificate, and a certificate contains a public key. Here's a doc that is more clear that the "genrsa" actually generates a pair of connected keys, 1 public and 1 private. http://www.openssl.org/docs/HOWTO/keys.txt. First paragraph: "With OpenSSL, the private key contains the public key information as well, so a public key doesn't need to be generated separately." – Peter Lyons Jul 08 '11 at 16:24