Eddy
Reputation: 3703
Sign / Verify with nodejs crypto always false
I need to sign and verify messages in node.js. I followed the crypto package document but I always get a false on the verify method, which indicates that the signature is incorrect.
The RSA public key and private key I'm using are working well for encrypt / decrypt messages with the same crypto package.
Here's the code:
var crypto = require("crypto");
var eol = require('os').EOL;
The sign and verify methods:
function RSASign(privateKey, data) {
const sign = crypto.createSign('RSA-SHA256');
sign.update(data);
var sig = sign.sign(privateKey, 'hex')
console.log(sig);
return sig;
}
function RSAVerify(publicKey, signature, data) {
const verify = crypto.createVerify('RSA-SHA256');
verify.update(data);
console.log(verify.verify(publicKey, signature));
}
I'm calling the methods using
var dataToSign = "some data";
var sig = RSASign(privateKey, dataToSign);
RSAVerify(publicKey, sig, dataToSign);
The public key:
var pubStr = 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbbBSVpWzSmCGVeezhuVFgUEYowUxgX/SnFdymGRCHGc77d5I0xkMAnIOWbI2MmP8j/7sdfPuUF0V5zw+Hd/7iZ6vs2k4JRKdprrB/zSC4GGqCDpDkbRYydcw3kwDgKkHhDp6NwIKvvl87WsnFozi487tGPQ8NO15hngwsV7DrawIDAQAB';
var publickKey = '-----BEGIN PUBLIC KEY-----' + eol + pubStr + eol + '-----END PUBLIC KEY-----';
The private key:
var p = 'MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAJtsFJWlbNKYIZV57OG5UWBQRijBTGBf9KcV3KYZEIcZzvt3kjTGQwCcg5ZsjYyY/yP/ux18+5QXRXnPD4d3/uJnq+zaTglEp2musH/NILgYaoIOkORtFjJ1zDeTAOAqQeEOno3Agq++XztaycWjOLjzu0Y9Dw07XmGeDCxXsOtrAgMBAAECgYAV13iFFzxV1B9UHFBX4G05Nc7GR3PuT03YdVAO35LdCZl26XTYicw8t8IeT58M1St16ahoGnpYc3TGC31JMmnVOr58At0jbd4JQgvUaE+2jVvgp0Lc6n/jN+7NYBGlEy44ZpIRbB1Biu7khCZ0D+8PZsDMi6WJK4jgI5Gf/aXvkQJBAOe6809U/1wEVDJFHZ6A++WI/8iebXSbw9hDa4a9qoXv8bsMjYkDiblD3UPRlTEdFsAOA/YuGdah+fKE7jKdKkcCQQCrszD8Z1MYWYE4dMQTRPxEKHGQZd5HHkTQu9l6FV7Bv2ga9wLhT4QTb/5U7WYGgbfxhFzklxoqsmhTJNuLlyO9AkBrA1nDZBQ9MT6UrHheL2Ckgpzkz8zqUdiicZghdEtgaQtv/v8JrBmY9e8jl5DXSoCsFozbzjReexTLW3oI462XAkEAnTQ/kZl4tz6b1XjzXUE4R59P+wmJ7kuEbijQAbs3OuVpB+dJN8l5/+H2VwPU+fgi1np+Ir1GM/mNEzMX4ELNcQJBAIk1s3Y7ep2gK0p4js4f9HU0u2vH25+6bu+y6JFfvIBd8OR1bCFEe3FIui1H/ohh0Eoo3ZgJZ/5JjwfsqJzOoBs=';
var privateKey = '-----BEGIN PRIVATE KEY-----' + eol + p + eol + '-----END PRIVATE KEY-----'
What am I missing?
Upvotes: 3
Views: 4617
Answers (1)
Biswadev
Reputation: 1486
While verifying verify.verify(publicKey, signature,'hex'),you have to include the signatureEncoding that you have used during encoding
function RSAVerify(publicKey, signature, data) {
const verify = crypto.createVerify('RSA-SHA256');
verify.update(data);
console.log(verify.verify(publicKey, signature,'hex'));
}
Upvotes: 2
Related Questions
- SHA256withRSA Signature Verification in nodejs returning false every time
- Error using sign.sign() in Node.js crypto, bad decrypt
- NodeJS Crypto Fails to Verify Signature Created by Web Crypto API
- Verifying signature in NodeJS
- Node.js verify.verify() strange behaviour
- Node js crypto sign returns empty string
- cryptography using node.js having issues
- Node.js crypto Signer won't generate signature
- Can't verify signature witn Node.js Crypto, using key pairs
- Node.js verify function does not verify signature when openssl command line does