Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Generating RSA-SHA1 signatures with JavaScript

Tags:

javascript

cryptography

oauth

rsa

sha1

I'd like to generate RSA-SHA1 signatures with the RSA-Sign JavaScript Library. Specifically, I'd like to use this for signing OAuth requests.

However, the signature generated by the JavaScript library looks different to the one I can generate e.g. with

$ echo -n "x" | openssl dgst -sha1 -sign priv.key -binary | openssl base64 | xargs echo -n
eV0ZrD7ZrTsuzHHYSwLfUJhXuM96D6ZyIzD5FFphzHbKRaO4TMeTR7bJjkuPib+l
EccM7t6YNDvRgOHyXJDVZZQTg5G4D4jnGVmOgeuti1etCCpLsb1Rl3sfJF/rIlgA
AmejvBbrEG+n8L+GeD6Vd3cneW7k2Rksnh+/BWnnR3c=

In contrast: This is what the library generates (base64 encoded):

Nzk1ZDE5YWMzZWQ5YWQzYjJlY2M3MWQ4NGIwMmRmNTA5ODU3YjhjZjdhMGZhNjcy
MjMzMGY5MTQ1YTYxY2M3Ng0KY2E0NWEzYjg0Y2M3OTM0N2I2Yzk4ZTRiOGY4OWJm
YTUxMWM3MGNlZWRlOTgzNDNiZDE4MGUxZjI1YzkwZDU2NQ0KOTQxMzgzOTFiODBm
ODhlNzE5NTk4ZTgxZWJhZDhiNTdhZDA4MmE0YmIxYmQ1MTk3N2IxZjI0NWZlYjIy
NTgwMA0KMDI2N2EzYmMxNmViMTA2ZmE3ZjBiZjg2NzgzZTk1Nzc3NzI3Nzk2ZWU0
ZDkxOTJjOWUxZmJmMDU2OWU3NDc3Nw==

(assuming the same input & key, of course)

Is it possible that this is because of the SHA1 implementation being used? In that case, I could try to use another one.

I'm no expert of cryptography, but the OAuth RFC 5849 is saying that RSASSA-PKCS1-V1_5-SIGN needs to be used, which seems to be the case for the library.

Thank you very much.

like image 297
Simon Avatar asked Oct 08 '22 22:10

Simon

1 Answers

I tried both the openssl command and the JS library you mentioned above, and the results are consistent. The signatures that I get from both ways are the same.

One thing I noticed from your post is that, the base64 encoded result generated from the library is way too long and looks wrong. Is it possible that you are not base64-encoding the binary signature?

Could you try this code for getting the base64 encoded string of the signature?

function doSign() {
  var rsa = new RSAKey();
  rsa.readPrivateKeyFromPEMString(document.form1.prvkey1.value); //replace with your private key
  var hSig = rsa.signString("x", "sha1");
  var base64_encoded_signature = hex2b64(hSig);
}

If you compare the value of "base64_encoded_signature" with what you get from the openssl command, they should be the same.

like image 66
Gz Zheng Avatar answered Oct 12 '22 12:10

Gz Zheng
Sign in to Comment

Related questions

Migration from ExtJS 3.0 to 4.0
javascript slider weighted values
KnockoutJS rendering a table with multiple templates and variable number of columns
$(document).ready equivalent in asynchronously loaded content
http GET and PUT binary data (CouchDB attachments) from javascript
How do you track Caps Lock users with Google Analytics?
Node.js: How would you recreate the 'setTimeout' function without it blocking the event loop?
canvas in a div with display none does not work
In Node.js Express/Connect, is there a way to set the session to infinity?
search for backslash
Alfresco Prohibit all users to delete a content
How to create a card flip effect on DIV using javascript
xmlserializer strips xlink from xlink:html svg image tag
Changing the Multiple Polyline stroke color on google map v3
Mongoose + Node.js, Object.assign (copy of data returned from database) shows additional data
MUI Button hover background color and text color
Sort a Javascript Array by frequency and then filter repeats
image.onload function with return
Using document.querySelector in React? Should I use refs instead? How?
IndexedDB Fuzzy Search

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!