Wrong result with HMAC verification using SubtleCrypto in JavaScript - javascript

I am trying to verify a HMAC signature using the SubtleCrypto API. The whole thing is supposed to run in Cloudflare Workers and I am testing it locally using their wrangler tool.
This is my code so far, but it generates the wrong signature.
const message = "(query params from an url)";
const given_signature = "(extracted from the query params)";
const SECRET = "...";
const algorithm = { name: 'HMAC', hash: 'SHA-256' };
const encoder = new TextEncoder();
const key = await crypto.subtle.importKey(
'raw',
encoder.encode(SECRET),
algorithm,
false,
['sign', 'verify']
);
const signature = await crypto.subtle.sign(
algorithm.name,
key,
encoder.encode(message)
);
const digest = btoa(String.fromCharCode(...new Uint8Array(signature)));
// The digest does not match the signature extracted from the query params
// If I, for example, want to verify the signature directly, the result is still false.
const verify = await crypto.subtle.verify(
algorithm.name,
key,
encoder.encode(given_signature),
encoder.encode(message)
);
If I am using the same secret and message in online HMAC testing tools, I am getting the correct results, so I am certain that there must be a bug in my code.
What I find interesting, is that the signature generated by my code is much shorter than the given one (e.g. 3fn0mhrebHTJMhtOyvRP5nZIhogX/M1OKQ5GojniZTM= vs ddf9f49a1ade6c74c9321b4ecaf44fe67648868817fccd4e290e46a239e26533).
Does anyone have an idea where I am going wrong?

Thanks to the helpful comments! The problem in a nutshell was that the provided signature was encoded as a HEX string, while the generated signature was a base64-encoded string.
To keep things clean, here is a working version that uses the crypto.subtle.verify function:
const message = "(query params from an url w/o the hmac signature)";
const given_signature = "(the given hmac signature extracted from the query params)";
const SECRET = "(my secret key)";
const hexToBuffer = (hex: string) => {
const matches = hex.match(/[\da-f]{2}/gi) ?? [];
const typedArray = new Uint8Array(
matches.map(function (h) {
return parseInt(h, 16);
})
);
return typedArray.buffer;
};
const algorithm = { name: "HMAC", hash: "SHA-256" };
const encoder = new TextEncoder();
const key = await crypto.subtle.importKey(
"raw",
encoder.encode(SECRET),
algorithm,
false,
["sign", "verify"]
);
const result: boolean = await crypto.subtle.verify(
algorithm.name,
key,
hexToBuffer(given_signature),
encoder.encode(message)
);

Related

Node.js: Crypto signature is inconsistent (different with every test)

I'm trying to sign a payload and recreate the expected signature in the documentation of a service documented here: https://paybis.readme.io/reference/partner-api#signing-requests
My implementation of the signature is:
const signRequest = (privateKey: Buffer) => {
const verifiableData = '{"event":"VERIFICATION_STATUS_UPDATED","data":{"partnerUserId":"e18fb964-fd9a-4de7-96c4-1lclszzd","status":"started"},"timestamp":1654073212}'
const signature = crypto.sign(
'sha512',
Buffer.from(verifiableData),
{
key: privateKey,
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
},
);
return signature.toString("base64");
}
And my test:
const privateKey = fs.readFileSync(path.resolve(__dirname, './private.key'));
const signature = signRequest(privateKey);
const signature2 = signRequest(privateKey);
expect(signature).to.equal(signature2); //FAILS
Where the private key is formatted as such:
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAtJWQWnZJqbbxz1wNr3Dn/9I43z4Ddm/jd4G+PCkNGYXcqVqX
...
ukzH0Cx/iuONcUrYtpirM9ZMotfyyl4xO0Hc9bD/I97xn93GOvKFBkV9l7hW
-----END RSA PRIVATE KEY-----
No matter what I do, the signature is not consistent (aka. varies with every attempt)
Can anyone pinpoint what I might be doing wrong?
I tried using a string as the verifiable body, saving the key as a .pem file, instantiating the private key as a string, and passing it as both Buffer and string to the function.
As stated in one of the comments, the answer is that RSA-PSS is non-deterministic, so the signature will not be the same by design.
However, when trying to verify any of these different correct signatures with crypto.verify, it does verify as expected:
it(`Can create correctly encrypt body`, async function () {
const privateKey = process.env.PAYBIS_RSA_PRIVATE_KEY!;
const publicKey = KEY1;
const wrongPublicKey = KEY2;
const requestBody = { ... };
const signature = signRequest(requestBody, privateKey); // Signature here is always different
const verified = verifySignature(requestBody, signature, publicKey);
const verifiedFalse = verifySignature(requestBody, signature, wrongPublicKey);
expect(verified).to.equal(true, 'Could not verify correct signature'); //Correctly outputs true
expect(verifiedFalse).to.equal(false, 'Verified incorrect signature'); //Correctly outputs false
});

Window Crypto Subtle : How we can use encrypt / decrypt method if we generate public private key with "RSASSA-PKCS1-v1_5" algo?

I want to use the same public-private key to do some encryption/decryption at the code level and want to send encrypted data to the backend along with my public key which I am appending inside of my JWT AUTH Token.
So pls help me to encrypt / decrypt with that approach if possible, as I can't change this code due to reusability
const keyDetails = await window.crypto.subtle.generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: { name: 'SHA-256' },
},
true,
['verify', 'sign']
);
I tried that way but got an error.
Also, I want to use my exported public and private keys which I am doing with that approach
const publicKey: any = await window.crypto.subtle.exportKey('jwk', keyDetails.publicKey);
const privateKey: any = await window.crypto.subtle.exportKey('jwk', keyDetails.privateKey);
const enc = new TextEncoder();
const encodedText = enc.encode("testing 1234");
const encryptedText = await window.crypto.subtle.encrypt({
name: "RSASSA-PKCS1-v1_5"
},
publicKey,
encodedText
)
console.log(encryptedText);
const decryptedText = await window.crypto.subtle.decrypt({
name: "RSASSA-PKCS1-v1_5"
},
privateKey,
encryptedText
)
TypeError: Failed to execute 'encrypt' on 'SubtleCrypto': parameter 2 is not of type 'CryptoKey'.
RSASSA-PKCS1-v1_5 is a padding that is applied during signing/verification. It cannot be used for encryption/decryption. The padding for encryption/decryption is RSAES-PKCS1-v1_5, but this is not supported by WebCrypto API. WebCrypto only supports RSAES-OAEP for encryption/decryption. See RFC8017 and WebCrypto API for more details.
Also, the exported JWK keys must first be adapted for encryption/decryption. Then the keys must be imported before they can be used in encryption/decryption.
The following example demonstrates this: First, a key pair for signing/verifying with RSASSA-PKCS1-v1_5 is generated. Both keys are exported as JWK. Then the key_ops and alg parameters are adjusted. Afterwards, the modified keys are re-imported and used for encryption/decryption with RSAES-OAEP:
(async () => {
// Generate
const keyDetails = await window.crypto.subtle.generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: { name: 'SHA-256' },
},
true,
['verify', 'sign']
);
console.log(keyDetails)
// Export
const publicKey = await window.crypto.subtle.exportKey('jwk', keyDetails.publicKey);
const privateKey = await window.crypto.subtle.exportKey('jwk', keyDetails.privateKey);
console.log(publicKey)
console.log(privateKey)
// Adapt parameters and import
publicKey.key_ops = ['encrypt'];
privateKey.key_ops = ['decrypt'];
publicKey.alg = 'RSA-OAEP-256';
privateKey.alg = 'RSA-OAEP-256';
const publicKeyReloaded = await window.crypto.subtle.importKey("jwk", publicKey, {name: "RSA-OAEP", hash: {name: "SHA-256"}}, true, ["encrypt"]);
const privateKeyReloaded = await window.crypto.subtle.importKey("jwk", privateKey,{name: "RSA-OAEP", hash: {name: "SHA-256"}}, true, ["decrypt"]);
console.log(publicKeyReloaded)
console.log(privateKeyReloaded)
// Encrypt/Decrypt
const enc = new TextEncoder();
const encodedText = enc.encode("testing 1234");
const encryptedText = await window.crypto.subtle.encrypt({name: "RSA-OAEP"}, publicKeyReloaded, encodedText)
console.log(ab2b64(encryptedText));
const dec = new TextDecoder();
const decryptedText = await window.crypto.subtle.decrypt({name: "RSA-OAEP"}, privateKeyReloaded, encryptedText)
console.log(dec.decode(decryptedText));
// Helper
function ab2b64(arrayBuffer) {
return window.btoa(String.fromCharCode.apply(null, new Uint8Array(arrayBuffer)));
}
})();
Note that in general the same key pair should actually be used for either signing/verifying or encrypting/decrypting, not for both together, see here.
WebCrypto API provides some protection against this misuse by binding the purpose of the key to it (however, this protection can be circumvented all too easily, as shown above).
Well, the answer is already provided by #topaco.
now I Just want to add one more approch here. If someone wants to Encrypt and Decrypt sensitive data with help of [JSON Web Encryption - Ciphertext] JOSE npm lib. with that public/ private key which is generated for sign/ verify only!
const jose = require('jose'); // npm i jose
async encryptDecryptLogic(data: string): Promise<any>{
const keyDetails = await window.crypto.subtle.generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: { name: 'SHA-256' },
},
true,
['verify', 'sign']
);
// updating operation from sign-varify to encrypt-decrypt.
// As that private/ public key is generated for sign and verification purposes only but here we extended its purpose. So we need to update a few properties to do encryption/decryption
publicKey.key_ops = ['encrypt'];
privateKey.key_ops = ['decrypt'];
// updating algo from sign-varify[RS256] to encrypt-decrypt[RSA-OAEP]
// Defines the algorithm used to encrypt the Content Encryption Key (CEK). This MUST be set to “RSA-OAEP”.
publicKey.alg = 'RSA-OAEP';
privateKey.alg = 'RSA-OAEP';
const encodedText = await this.jose.jwe.encrypt(publicKey, "lets encrypt me!!")
console.log('encodedText', encodedText);
const decodedText = await this.jose.jwe.decrypt(privateKey, encodedText)
console.log('decodedText', decodedText);
}

Crypto.sign() function to sign a message with given private key

I need to sign a message with crypto.sign() function in NodeJS to get a valid JWT.
I have a private key (base 64) like this:
Dm2xriMD6riJagld4WCA6zWqtuWh40UzT/ZKO0pZgtHATOt0pGw90jG8BQHCE3EOjiCkFR2/gaW6JWi+3nZp8A==
And I tried to get a signature:
const getJWT = () => {
const privateKey =
"Dm2xriMD6riJagld4WCA6zWqtuWh40UzT/ZKO0pZgtHATOt0pGw90jG8BQHCE3EOjiCkFR2/gaW6JWi+3nZp8A==";
const payload = {
iss: "test",
aud: "test.com",
iat: 1650101178,
exp: 1650101278,
sub: "12345678-1234-1234-1234-123456789123"
};
const token = encode(payload, privateKey);
return token
};
const encode = (payload, key) => {
const header = {
typ: "JWT",
alg: "EdDSA"
};
const headerBase64URL = base64url(JSON.stringify(header));
const payloadBase64URL = base64url(JSON.stringify(payload));
const msg = Buffer.from(`${headerBase64URL}.${payloadBase64URL}`);
const keyDecoded = Buffer.from(key, "base64");
const signature = crypto.sign("Ed25519", msg, keyDecoded); //Here is the problem
const signatureBase64url = base64url(Buffer.from(signature));
return `${msg}.${signatureBase64url}`;
};
I received this error:
internal/crypto/sig.js:142
return _signOneShot(keyData, keyFormat, keyType, keyPassphrase, data,
^
Error: error:0909006C:PEM routines:get_name:no start line
library: 'PEM routines',
function: 'get_name',
reason: 'no start line',
code: 'ERR_OSSL_PEM_NO_START_LINE'
How can I adapt my private key to a valid format?
The crypto.sign() method requires for Ed25519 a private key in PKCS#8 format. Your key is a raw key consisting of the concatenation of the raw private 32 bytes key and the raw public 32 bytes, base64 encoded. A DER encoded PKCS#8 key can be derived and imported as follows:
Base64 decode your key. Use the first 32 bytes of your raw 64 bytes key (i.e. the raw private key).
Concat the following prefix for a private Ed25519 key (hex): 302e020100300506032b657004220420
Import that DER encoded PKCS#8 key.
Accordingly, the key import in getJWT() must be changed as follows:
const privateKey = toPkcs8der('Dm2xriMD6riJagld4WCA6zWqtuWh40UzT/ZKO0pZgtHATOt0pGw90jG8BQHCE3EOjiCkFR2/gaW6JWi+3nZp8A==');
with
const toPkcs8der = (rawB64) => {
var rawPrivate = Buffer.from(rawB64, 'base64').subarray(0, 32);
var prefixPrivateEd25519 = Buffer.from('302e020100300506032b657004220420','hex');
var der = Buffer.concat([prefixPrivateEd25519, rawPrivate]);
return crypto.createPrivateKey({key: der, format: "der", type: "pkcs8"})
}
Furthermore, in the encode() function:
Remove the line const keyDecoded = Buffer.from(key, "base64")
Create the signature with
const signature = crypto.sign(null, msg, key)
Note that for Ed25519, a null must be passed as first parameter in the sign() call. The algorithm comes from the key.
With these changes, the NodeJS code returns the following JWT:
eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJ0ZXN0IiwiYXVkIjoidGVzdC5jb20iLCJpYXQiOjE2NTAxMDExNzgsImV4cCI6MTY1MDEwMTI3OCwic3ViIjoiMTIzNDU2NzgtMTIzNC0xMjM0LTEyMzQtMTIzNDU2Nzg5MTIzIn0.f7WG_02UKljrMeVVOTNNBAGxtLXJUT_8QAnujNhomV18Pn5cU-0lHRgVlmRttOlqI7Iol_fHut3C4AOXxDGnAQ
that matches the expected JWT.

Invalid signature on Adobe Reader: "signer's identity has not yet been verified"

I've tried with several p12 certificates and when I sign via my Nodejs approach it returns an invalid signature on Adobe.
However, signing just with Adobe the signature seems to be valid (just with a warning).
Is there something that I'm missing?
const signer = require('node-signpdf')
const fs = require('fs')
const helpers = require('node-signpdf/dist/helpers')
const init = async () => {
const p12Buffer = fs.readFileSync(`${__dirname}/cert.p12`);
let pdfBuffer = fs.readFileSync(`${__dirname}/test.pdf`);
pdfBuffer = helpers.plainAddPlaceholder({
pdfBuffer,
signatureLength: 31280,
});
pdfBuffer = signer.default.sign(pdfBuffer, p12Buffer, {
passphrase: 'reingenio'
});
fs.writeFileSync(`${__dirname}/signed.pdf`, pdfBuffer)
}
init()
Thanks.
Did you tried read the pdf file as binary ?
fs.readFileSync(${__dirname}/test.pdf, 'binary');

How to use Psbt on bitcoinjs-lib?

I am trying to create a raw transaction for sending to the blockchain. In doing so, I want to do this in a browser.
Where can I get nonWitnessUtxo?
All the information that I have outlined here, I found in the tests.
Am I doing the right thing?
const bitcoin = require('bitcoinjs-lib')
const testnet = bitcoin.networks.testnet
const keyPair = bitcoin.ECPair.makeRandom({ network: testnet })
const publicKey = keyPair.publicKey
const { address } = bitcoin.payments.p2pkh({
pubkey: publicKey,
network: testnet
})
const privateKey = keyPair.toWIF()
const psbt = new bitcoin.Psbt({ network: testnet })
const txid = '226a14d30cfd411b14bf20b7ffd211f7f206699690c54d456cc1bef70c2de5a6'
const key = bitcoin.ECPair.fromWIF(privateKey, testnet)
psbt.addInput({
hash: txid,
index: 0,
nonWitnessUtxo: Buffer.from('Where can i get this?', 'hex')
})
psbt.addOutput({
script: Buffer.from('mmpAPZSvhJs1NGw8UaJXEJ9vRByAxProUL', 'hex')
value: 10000
})
psbt.signInput(0, key)
psbt.validateSignaturesOfInput(0)
psbt.finalizeAllInputs()
psbt.extractTransaction().toHex()
I would be grateful for any help!
The nonWitnessUtxo is the full rawtransaction that you are referencing with the input txid.
This answer is for those looking for a way to create a transaction in the browser, but could not deal with the bitcoinjs-lib
I use bitcore-lib - https://www.npmjs.com/package/bitcore-lib
const bitcore = require('bitcore-lib')
const firstPrivateKey = new bitcore.PrivateKey()
const secondPrivateKey = new bitcore.PrivateKey()
const wif = firstPrivateKey.toString()
const toAddress = secondPrivateKey.toAddress().toString()
const satoshiAmount = 10000
const privateKey = bitcore.PrivateKey.fromWIF(wif)
const sourceAddress = privateKey.toAddress(bitcore.Networks.testnet)
const targetAddress = bitcore.Address.fromString(toAddress)
const utxos = [
{
address: 'mywRqUpbENhbu5VsYDwiMTJouVK9g2ZEJQ',
txid: '761693565e82ca176532c52a37fb38cd9f1eb0172a00562b394e60ede0b7df8a',
vout: 1,
scriptPubKey: '76a914ca133ceac705b723b91263aa163ea8a45954e49a88ac',
amount: 0.0001,
satoshis: 10000,
height: 1578273,
confirmations: 338
}
]
const transaction = new bitcore.Transaction()
transaction.from(utxos)
transaction.to(targetAddress, Number(satoshiAmount))
transaction.change(sourceAddress)
transaction.sign(privateKey)
const serializedTX = tx.serialize()
Then you need send this serializedTX as raw transaction to bitcoin network.
P.S. This example does not work because there is an invalid is presented utxos. Get your utxos using API, such as https://bitpay.com/api/addr/${sourceAddress}/utxo and then everything will work.

Categories

Resources