Reputation: 1159
Verify signature with public key node
I have a signed data being passed to my server along with the public key in hex format, with which this data was signed. Hash algorithm is the same for all requests sha-256, but public keys are different for every request because rsa public+private pair is generated on the client.
So my question is - how can I verify the signature with public key in hex format? In node's crypto docs I see that I need to have a pem-format file, but I don't have one. And actually there will be many requests of this kind, so it wouldn't be good to create these files.
Upvotes: 0
Views: 1995
Answers (1)
Reputation: 2293
Don't. Seriously. Don't. Rolling your own cryto will be bad.
Instead, use https or, if you really must do it yourself, try to implement Diffie-Hellman. At least with DH, you aren't creating your own algorithm. As to why this is bad, consider an attacker who wants to read your data. If you merely sign it, it's really not that different than signing a letter in real life. It's your signature and (mostly) no one else can do it. But if I steal that letter of yours, write my own and sign it with my signature (using your name), the recipient will know it wasn't from you. But wait! What if you never contacted this recipient before? They won't know who's writing and signing using your name. Is it really you? Or is it me? You need to do a key-exchange to prevent this.
Upvotes: 1
Related Questions
- Verifying a RSA signature with nodejs (signed with phpseclib)
- Unable to verify RSA-PSS signature in Node.js
- How to verify file using rsa public key
- Creating RSA signature using node.js and verifying using python
- Using node.js crypto to verify signatures
- Verifying signature in NodeJS
- Verify signature on a file nodejs
- Using public key to verify signature in Node.JS crypto
- How can I generate a key pair and use it to sign and verify text in Node.js?
- Can't verify signature witn Node.js Crypto, using key pairs