Is there a good way to validate signatures in Node.JS (v0.4+) with public keys?
Current crypto module allows this with certificates but not with public keys. For example:
var crypto = require("crypto");
verifier = crypto.createVerifier("sha1");
verifier.update("signed data");
verifier.verify(CERT, signature);
Variable CERT
needs to be signed certificate (I guess the public key is pulled from that) but all I have is the public key and not a certificate.
Only solid way to achieve this seems to be dumping the contents of the data, public key and signature into files and execute openssl dgst
fs.writeFileSync("public.key", pubkey);
fs.writeFileSync("sig.sha1", signature);
fs.writeFileSync("data.txt", data);
exec("openssl dgst -sha1 -verify public.key -signature sig.sha1 data.txt", ...)
But creating (and deleting) files every time I need to verify a signature seems like a total waste.
Any good ideas how to do it better?
UPDATE 2011-08-03
Crypto module in Node.js v0.5 allows verifying both with certificates and public keys (RSA or X.509)
A signature can be verified by applying the name of signature algorithms, like 'SHA256'. The algorithm must be the same in which the signature was created. data: The data argument must be an instance of the buffer, Typed Array, or Data View. key: It should be the public key of the key object.
NodeJS provides inbuilt library crypto to encrypt and decrypt data in NodeJS. We can use this library to encrypt data of any type. You can do the cryptographic operations on a string, buffer, and even a stream of data. The crypto also holds multiple crypto algorithms for encryption.
Why don't you just take your public key and put it into a self-signed certificate? Then node's crypto module will work fine for you.
http://www.akadia.com/services/ssh_test_certificate.html
I would think that doing this would be much more efficient than forking an openssl subprocess.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With