Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Different approaches for accessing OpenSSL from Node.js

I am looking for a way to integrate OpenSSL and Node.js for a while now.

My goals are:

  • I want to be platform independent, hence a solution should work on OS X, Linux and Windows.
  • I want to avoid unnecessary disk operations. E.g., a private key might not be in a file, but in a database (may be a stupid example, but let's consider this to be a valid requirement).
  • I want to support creating keys, csrs, signing csrs, creating ca certs, ... all the certificate stuff, from end to end.

Now the options I have considered are:

  • Use the OpenSSL library which is integrated within Node.js. Unfortunately, the crypto module does not provide the certificate things.
  • Use the OpenSSL library using an external module. Unfortunately, I don't know how to do this, probably due to missing knowledge in C/C++.
  • Use the OpenSSL binary as a child process. Given that OpenSSL is available, this should work on all platforms. It's not nice, but it works.

Question #1: As I have written I do not have the slightest idea on how access the OpenSSL library directly that comes bundled with Node.js. How would I approach this?

At the moment, I stick with using the binary as a child process. Unfortunately, this requires that all the things such as private keys and so on are either given as files (which I explicitly want to avoid), or that I hand over everything using /dev/stdin (which does not work on Windows).

Question #2: How could I deal with this? Would a solution to #1 solve this issue, too?

like image 973
Golo Roden Avatar asked Feb 23 '13 16:02

Golo Roden


People also ask

What do I need to know about OpenSSL and nodeJS?

NodeJS: You should’ve basic knowledge on how to program in NodeJS. OpenSSL: A tool to generate key and certificate. ExpressJS ( npm i express ): Back-end framework for writing web servers in NodeJS. More about Express. https : Comes with NodeJS.

How do I set up HTTPS in Node JS?

https : Comes with NodeJS. Let’s set-up our project directory. It’s not a directory with lots of files. Instead, it contains only 4 files which are package.json, key.pem, cert.pem and server.js. So, create a new directory node-https, cd node-https and run npm init -y to create package.json file.

How to generate key and CERT using OpenSSL?

Using OpenSSL (? ), we will generate our key and cert. So, here’s how you could do this: -keyout: This flag let openssl know where to save key.pem file. I can be an absolute file location. -out: This flag let openssl know where to save cert.pem file.

How to create SSL certificate for node server?

Open server.js and include cert and key file in your https.createServer () function. Just like the below example. Open a terminal window and run node server.js. It should run without any error. Open your favourite browser and visit https://localhost:3000 and you should see Hello World. You may see some SSL warning.


1 Answers

The answer to question #1 is that you cannot. Without bindings, you can only access the functions exposed by nodejs.

Unfortunately there doesn't seem to be a way work around for /dev/stdin in windows. Namedpipes would be an option but nodejs does not support them. You may be able to have nodejs launch openssl.exe in interactive mode and send commands through stdin, and read the output through stdout but this seems very inefficient.

So the answer is question #2 is that you cannot deal with the windows problem.

Writing your won binding seems to be the only option. It's actually not so difficult - something I'm sure you could get collaborators to help with.

like image 105
smremde Avatar answered Oct 18 '22 21:10

smremde