Error using sign.sign() in Node.js crypto, bad decrypt

Question

New to node.js and I got error using sign() in crypto.Please help!

I created sign using const sign = crypto.createSign('sha256'); and then tried to sign with var signature = sign.sign(key,'hex'); the key is generated using

const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
  modulusLength: 2048,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
    cipher: 'aes-256-cbc',
    passphrase: 'top secret'
  }
});

const key = privateKey;
const seller_public_key = publicKey

what I tried to sign is an JSON object that are converted to string using jsonData = JSON.stringify(menu);return signData(jsonData);

function signData(plaintext){
  sign.update(plaintext);
  sign.end();
  var signature = sign.sign(key,'hex');
  return signature;
}

I got error message:

internal/crypto/sig.js:80
  var ret = this._handle.sign(key, passphrase, rsaPadding, pssSaltLength);
                         ^

Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

And I've seen some people talk about key format, my key format indeed starts with -----BEGIN ENCRYPTED PRIVATE KEY-----, end with -----END ENCRYPTED PRIVATE KEY-----

Answer 1

Since your private key is encrypted, you should pass the passphrase in the sign call:

sign.sign({ key, passphrase: 'top secret' }, 'hex');

The privateKey argument can be an object or a string. If privateKey is a string, it is treated as a raw key with no passphrase. If privateKey is an object, it must contain one or more of the following properties:

• key: - PEM encoded private key (required)

• passphrase: - passphrase for the private key

• ...

Reference: https://nodejs.org/docs/latest-v10.x/api/crypto.html#crypto_sign_sign_privatekey_outputencoding