ForbesLindesay
Reputation: 10712
Verify php certificate in node.js
I have the following php function which verifies a certificate:
<?php
function raven_check_sig($data, $sig) {
$key_path = '/path/to/pubkey.crt';
$key_crt = file_get_contents($key_path);
$key = openssl_get_publickey($key_crt);
$result = openssl_verify($data, base64_decode($sig), $key);
openssl_free_key($key);
if ($result == 1) {
return TRUE;
} else {
return FALSE;
}
}
I'm in the process of porting my application to node.js but I can't work out how to implement this function.
I have tried:
function checkSignature(data, sig, kid) {
var keyPath = '/path/to/pubkey.crt';
var key = fs.readFileSync(keyPath);
var verifier = crypto.createVerify('RSA-SHA256');
verifier.update(data);
var res = verifier.verify(key, sig, 'base64');
if (res) {
return true;
} else {
return false;
}
}
but this seems to always return false. I have two problems that I think might be what causes this to fail:
- I don't know whether
RSA-SHA256is the correct algorithm to verify the certificate as I couldn't work out whatopenssl_verifydoes. - I don't know what the eqivalent to calling
openssl_get_publickeyis, assuming I do need something like that.
The contents of the file pubkey.crt is:
-----BEGIN CERTIFICATE-----
MIIDrTCCAxagAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnDELMAkGA1UEBhMCR0Ix
EDAOBgNVBAgTB0VuZ2xhbmQxEjAQBgNVBAcTCUNhbWJyaWRnZTEgMB4GA1UEChMX
VW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxKDAmBgNVBAsTH0NvbXB1dGluZyBTZXJ2
aWNlIFJhdmVuIFNlcnZpY2UxGzAZBgNVBAMTElJhdmVuIHB1YmxpYyBrZXkgMjAe
Fw0wNDA4MTAxMzM1MjNaFw0wNDA5MDkxMzM1MjNaMIGcMQswCQYDVQQGEwJHQjEQ
MA4GA1UECBMHRW5nbGFuZDESMBAGA1UEBxMJQ2FtYnJpZGdlMSAwHgYDVQQKExdV
bml2ZXJzaXR5IG9mIENhbWJyaWRnZTEoMCYGA1UECxMfQ29tcHV0aW5nIFNlcnZp
Y2UgUmF2ZW4gU2VydmljZTEbMBkGA1UEAxMSUmF2ZW4gcHVibGljIGtleSAyMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/9qcAW1XCSk0RfAfiulvTouMZKD4j
m99rXtMIcO2bn+3ExQpObbwWugiO8DNEffS7bzSxZqGp7U6bPdi4xfX76wgWGQ6q
Wi55OXJV0oSiqrd3aOEspKmJKuupKXONo2efAt6JkdHVH0O6O8k5LVap6w4y1W/T
/ry4QH7khRxWtQIDAQABo4H8MIH5MB0GA1UdDgQWBBRfhSRqVtJoL0IfzrSh8dv/
CNl16TCByQYDVR0jBIHBMIG+gBRfhSRqVtJoL0IfzrSh8dv/CNl16aGBoqSBnzCB
nDELMAkGA1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxEjAQBgNVBAcTCUNhbWJy
aWRnZTEgMB4GA1UEChMXVW5pdmVyc2l0eSBvZiBDYW1icmlkZ2UxKDAmBgNVBAsT
H0NvbXB1dGluZyBTZXJ2aWNlIFJhdmVuIFNlcnZpY2UxGzAZBgNVBAMTElJhdmVu
IHB1YmxpYyBrZXkgMoIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GB
AFciErbr6zl5i7ClrpXKA2O2lDzvHTFM8A3rumiOeauckbngNqIBiCRemYapZzGc
W7fgOEEsI4FoLOjQbJgIrgdYR2NIJh6pKKEf+9Ts2q/fuWv2xOLw7w29PIICeFIF
hAM+a6/30F5fdkWpE1smPyrfASyXRfWE4Ccn1RVgYX9u
-----END CERTIFICATE-----
Upvotes: 2
Views: 1415
Answers (1)
ForbesLindesay
Reputation: 10712
Turns out the correct algorithm was SHA1:
function checkSignature(data, sig) {
var keyPath = '/path/to/pubkey.crt';
var key = fs.readFileSync(keyPath);
var verifier = crypto.createVerify('SHA1');
verifier.update(data);
var res = verifier.verify(key, sig, 'base64');
if (res) {
return true;
} else {
return false;
}
}
So everything now works :)
Upvotes: 5
Related Questions
- Signing signature in Node JS and verifying it on PHP
- PHP's openssl_sign Equivalent in Node JS
- php 5.6 ssl certificate verify
- Verify SSL Certificates using Openssl in PHP
- Verifying a RSA signature with nodejs (signed with phpseclib)
- Validating certificate using NodeJs Crypto
- How to verify certificates (not self signed) using PHP
- SSL on Apache with Nodejs
- How do I sign w/ private key in Node.js
- How to get SSL certificate information using node.js?