crypto verifier.verify() error for RSA-SHA256
Christoph Dorn
var pubKey = ["-----BEGIN RSA PUBLIC KEY-----",
"MIIBCgKCAQEA5Cvv2iTPSKX1O+77rtCN46a/8+6UbAxs1zalsZRrD5DAKU+iKHTU",
...
"dm814QXymcEvH4OhFbfHkF6mC4IimjJ9zwIDAQAB",
"-----END RSA PUBLIC KEY-----"].join("\n");
var signature = "d83fcdbc369d...91237dc";
var CRYPTO = require("crypto");
var verifier = CRYPTO.createVerify("RSA-SHA256");
verifier.update("test ... data");
verifier.verify(pubKey, signature, "hex");
Gives me this error:
140735237568864:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:696:Expecting: CERTIFICATE
Any idea what I am doing wrong?
Thanks!
Christoph
Ben Noordhuis
I think you may have hit a bug in Node. Can you try the below patch?
https://gist.github.com/1371434 in case it's mangled.
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index c1e197b..cdc39de 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -54,8 +54,11 @@
return ThrowException(Exception::TypeError(String::New("Not a
string or buffer"))); \
}
-static const char *PUBLIC_KEY_PFX = "-----BEGIN PUBLIC KEY-----";
-static const int PUBLIC_KEY_PFX_LEN = strlen(PUBLIC_KEY_PFX);
+static const char PUBLIC_KEY_PFX[] = "-----BEGIN PUBLIC KEY-----";
+static const int PUBLIC_KEY_PFX_LEN = sizeof(PUBLIC_KEY_PFX) - 1;
+
+static const char PUBRSA_KEY_PFX[] = "-----BEGIN RSA PUBLIC KEY-----";
+static const int PUBRSA_KEY_PFX_LEN = sizeof(PUBRSA_KEY_PFX) - 1;
static const int X509_NAME_FLAGS = ASN1_STRFLGS_ESC_CTRL
| ASN1_STRFLGS_ESC_MSB
@@ -3320,6 +3323,18 @@ class Verify : public ObjectWrap {
ERR_print_errors_fp(stderr);
return 0;
}
+ } else if (strncmp(key_pem, PUBRSA_KEY_PFX, PUBRSA_KEY_PFX_LEN) == 0) {
+ RSA* rsa = PEM_read_bio_RSAPublicKey(bp, NULL, NULL, NULL);
+ if (rsa) {
+ pkey = EVP_PKEY_new();
+ if (pkey)
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ RSA_free(rsa);
+ }
+ if (pkey == NULL) {
+ ERR_print_errors_fp(stderr);
+ return 0;
+ }
} else {
// X.509 fallback
x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL);
Christoph Dorn
On Wed, Nov 16, 2011 at 20:21, Christoph Dorn <christ...@christophdorn.com> wrote:> The following code: > > var pubKey = ["-----BEGIN RSA PUBLIC KEY-----", > "MIIBCgKCAQEA5Cvv2iTPSKX1O+77rtCN46a/8+6UbAxs1zalsZRrD5DAKU+iKHTU", > ... > "dm814QXymcEvH4OhFbfHkF6mC4IimjJ9zwIDAQAB", > "-----END RSA PUBLIC KEY-----"].join("\n"); > var signature = "d83fcdbc369d...91237dc"; > > var CRYPTO = require("crypto"); > var verifier = CRYPTO.createVerify("RSA-SHA256"); > verifier.update("test ... data"); > verifier.verify(pubKey, signature, "hex"); > > Gives me this error: > > 140735237568864:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:696:Expecting: CERTIFICATE > > Any idea what I am doing wrong? > > Thanks! > ChristophI think you may have hit a bug in Node. Can you try the below patch? https://gist.github.com/1371434 in case it's mangled.
node-v0.6.1 cadorn$ patch src/node_crypto.cc crypto-pubrsa-key.patch
patching file src/node_crypto.cc
patch unexpectedly ends in middle of line
Hunk #2 succeeded at 3314 with fuzz 1 (offset -9 lines).
it **works**! Thanks!
Another bug:
verifier.verify() returns "1/0" an not "true/false" as the docs state.
Also, how do I most efficiently check a signature against multiple public keys? Do I have to re-init the verifier from scratch for each key/signature combo or can I re-use it more efficiently?
Thanks for the quick support!
Christoph
Ben Noordhuis
Great, thanks for testing. Fixed in 9d3faf4.
> Another bug:
>
> verifier.verify() returns "1/0" an not "true/false" as the docs state.
Fixed in 3ac5f11.
> Also, how do I most efficiently check a signature against multiple public
> keys? Do I have to re-init the verifier from scratch for each key/signature
> combo or can I re-use it more efficiently?
You will probably have to re-initialize the verifier. You feed it data
with .update() so it's not all that reusable anyway.