Reputation: 150892
Different approaches for accessing OpenSSL from Node.js
I am looking for a way to integrate OpenSSL and Node.js for a while now.
My goals are:
- I want to be platform independent, hence a solution should work on OS X, Linux and Windows.
- I want to avoid unnecessary disk operations. E.g., a private key might not be in a file, but in a database (may be a stupid example, but let's consider this to be a valid requirement).
- I want to support creating keys, csrs, signing csrs, creating ca certs, ... all the certificate stuff, from end to end.
Now the options I have considered are:
- Use the OpenSSL library which is integrated within Node.js. Unfortunately, the crypto module does not provide the certificate things.
- Use the OpenSSL library using an external module. Unfortunately, I don't know how to do this, probably due to missing knowledge in C/C++.
- Use the OpenSSL binary as a child process. Given that OpenSSL is available, this should work on all platforms. It's not nice, but it works.
Question #1: As I have written I do not have the slightest idea on how access the OpenSSL library directly that comes bundled with Node.js. How would I approach this?
At the moment, I stick with using the binary as a child process. Unfortunately, this requires that all the things such as private keys and so on are either given as files (which I explicitly want to avoid), or that I hand over everything using /dev/stdin (which does not work on Windows).
Question #2: How could I deal with this? Would a solution to #1 solve this issue, too?
Upvotes: 7
Views: 1627
Answers (1)
Reputation: 1905
The answer to question #1 is that you cannot. Without bindings, you can only access the functions exposed by nodejs.
Unfortunately there doesn't seem to be a way work around for /dev/stdin in windows. Namedpipes would be an option but nodejs does not support them. You may be able to have nodejs launch openssl.exe in interactive mode and send commands through stdin, and read the output through stdout but this seems very inefficient.
So the answer is question #2 is that you cannot deal with the windows problem.
Writing your won binding seems to be the only option. It's actually not so difficult - something I'm sure you could get collaborators to help with.
Upvotes: 2
Related Questions
- Node.js Which is the better way to implement server ssl certificate
- Giving Node.js access to certificate/private key
- node-rsa and openssl compatibility
- How to load encrypted private key in Node.JS
- How to respond to openssl prompts in nodejs
- Generating an SSL Key to work with node.js
- Force node.js to use non-distro copy of OpenSSL
- Compiling Node.js with OpenSSL support
- Node.js verify function does not verify signature when openssl command line does
- Mapping OpenSSL command line AES encryption to NodeJS Crypto API equivalent