Amit Rana
Reputation: 43
Crypto RSASSA-PSS algo in node.js
I am using crypto. I have public key, data and signature. All working fine with openssl command
openssl dgst -sha256 -sigopt rsa_padding_mode:pss -verify pk.pem -signature sigval1.sig data1.txt
But while using node crypto verify it always returning false
crypto.verify(
'RSA-SHA256',
Buffer.from(data),
newPublicKey,
Buffer.from(signature, 'binary'),
)
Requirement:
"alg": "RSASSA-PSS","hash": "SHA256"
Upvotes: 1
Views: 1173
Answers (1)
Topaco
Reputation: 49131
In the OpenSSL statement, PSS is used as padding. NodeJS applies PKCS#1 v1.5 padding by default, so PSS must be explicitly specified in the third parameter in crypto.verify(...):
var verified = crypto.verify(
'RSA-SHA256',
Buffer.from(data, 'utf-8'),
{
key: newPublicKey,
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
//saltLength: crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN // default
},
Buffer.from(signature, 'binary')
);
Note that the OpenSSL statement uses the maximum possible salt length as the salt length, rather than the default given in RFC8017, which is the output length of the digest. This is not critical here in that crypto.verify() also uses the maximum salt length (crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN).
Upvotes: 1
Related Questions
- node-rsa and openssl compatibility
- Unable to verify RSA-PSS signature in Node.js
- OpenSSL Node.js Error No Start Line
- NodeJS RSA prehashed sign
- Decrypt openssl AES with CryptoJS
- Node.js: Getting Invalid RSAES-OAEP padding when trying to decrypt an encrypted symmetric key
- How to generate an RSA key using openssl-wrapper in NodeJS?
- Create RSA Token in nodejs
- Node.js function to generate RSA keys using Open SSL
- Can't verify signature witn Node.js Crypto, using key pairs