Sure... And the gist <https://gist.github.com/jas-/9330405> in case the
formatting gets buggered. Thanks for your help. The problem is with the
crypto.createSign(algo).update(ct).final(privKey, enc) not allowing for
anything except a PEM formatted ascii key which eliminates the following
use case as a possible method for signing using a private key generated
with the crypto.DiffieHellman class of functions which only export the keys
in binary, hex or base64 formats.
/* Bob's environment */
> var crypto = require('crypto');
> crypto.DEFAULT_ENCODING = 'hex'
>
> var dhBob = crypto.getDiffieHellman('modp18')
> , kBob = dhBob.generateKeys()
> , keysBob = {
> pubKey: dhBob.getPublicKey(),
> privKey: dhBob.getPrivateKey()
> };
>
> /* Alice's envrionment setup (different computer emulation) */
> var dhAlice = crypto.getDiffieHellman('modp18')
> , kAlice = dhAlice.generateKeys()
> , keysAlice = {
> pubKey: dhAlice.getPublicKey(),
> privKey: dhAlice.getPrivateKey()
> };
>
>
> /* Bob recieves Alice's public key & generates a shared secret */
> var secret = dhBob.computeSecret(keysAlice.pubKey);
>
> /* Bob uses shared secret to create cipher text */
> try {
> var cipher = crypto.createCipher('aes-256-cbc', secret)
> , ct = [];
>
> ct.push(cipher.update('This is a secret message for Alice'));
> ct.push(cipher.final());
> var result = ct.join('');
> } catch(e){
> throw new Error('Could not create encryption object');
> }
>
> /* Bob then computes a digest of the cipher text */
> var digest = crypto.createHmac('sha256', secret);
> digest.update(result);
> var hmac = digest.digest();
>
> /* Create object of ct & hmac and stringify it */
> var sendToAlice = JSON.stringify({ message: result, digest: hmac });
>
> /* Bob then signs the object using his DH private key as Alice already has
> his
> public key for verification */
> var sig = crypto.createSign('RSA-SHA256');
> sig.update(sendToAlice);
> sig.sign(keysBob.privKey);
>
On Monday, March 3, 2014 1:32:17 PM UTC-7, Fedor Indutny wrote:
>
> Hm... could you please paste an example of code that doesn't work for you?
>
> On Mon, Mar 3, 2014 at 10:13 PM, jas <jason....@gmail.com <javascript:>>
> wrote:
> > Also, here is the error from using
> > crypto.createSign.update('msg').sign(privateKey, 'hex') due to the
> export of
> > crypto.DiffieHellman.generateKeys lack of ascii output /
> > crypto.createSign.update('msg').sign(privKey, 'hex') lack of anything
> but
> > ascii input
> >
> > 139797041080096:error:0906D06C:PEM routines:PEM_read_bio:no start
> > line:../deps/openssl/openssl/crypto/pem/pem_lib.c:703:Expecting: ANY
> PRIVATE
> > KEY
> >
> >
> > On Monday, March 3, 2014 10:49:01 AM UTC-7, jas wrote:
> >>
> >> Hello, thanks for the response!
> >>
> >> Perhaps my original question would be better to include a more robust
> use
> >> case: https://gist.github.com/jas-/9330405
> >>
> >> Attempting to specify privKey.toString('hex') would not work in that
> use
> >> case due to crypto.DiffieHellman.generateKeys() only exporting binary,
> hex
> >> or base64 private key formats.
> >>
> >> On Monday, March 3, 2014 10:01:56 AM UTC-7, Fedor Indutny wrote:
> >>>
> >>> Hi!
> >>>
> >>> It is just a convenience thing, the key itself is usually PEM encoded
> and
> >>> you could pass it as a string or Buffer, without any additional
> encoding
> >>> set.
> >>>
> >>> However, if you do following thing:
> >>>
> >>> var key = fs.readFileSync('key.pem').toString('hex');
> >>> s.sign(key, 'hex');
> >>>
> >>> The additional encoding param could suddenly become useful ;)
> >>>
> >>> So, answering your question - it is a design decision.
> >>>
> >>> On Mon, Mar 3, 2014 at 8:56 PM, jas <jason....@gmail.com> wrote:
> >>> > Does anyone know if the privKey arg when using
> >>> > crypto.createSign().update(ct).sign(privKey, encoding) can be a
> buffer,
> >>> > hex
> >>> > encoding string etc?
> >>> >
> >>> > It seems (according to the docs & source) that it requires an ascii
> PEM
> >>> > (L#2974) formatted private key, which eliminates the use of the
> >>> > crypto.DiffieHellman.generateKeys() private key as its only output
> >>> > options
> >>> > are binary, hex or base64.
> >>> >
> >>> > Is this a design decision?
> >>> >
> >>> > --
> >>> > --
> >>> > Job Board: http://jobs.nodejs.org/
> >>> > Posting guidelines:
> >>> > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> >>> > You received this message because you are subscribed to the Google
> >>> > Groups "nodejs" group.
> >>> > To post to this group, send email to nod...@googlegroups.com
> >>> > To unsubscribe from this group, send email to
> >>> > nodejs+un...@googlegroups.com
> >>> > For more options, visit this group at
> >>> > http://groups.google.com/group/nodejs?hl=en?hl=en
> >>> >
> >>> > ---
> >>> > You received this message because you are subscribed to the Google
> >>> > Groups
> >>> > "nodejs" group.
> >>> > To unsubscribe from this group and stop receiving emails from it,
> send
> >>> > an
> >>> > email to nodejs+un...@googlegroups.com.
> >>> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to nodejs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
