I'd like to parse the below certificate using nodeJS. It is a Hyperledger Fabric certificate using ECDSA. I've tried node-forge but it doesn't support ECC (https://github.com/digitalbazaar/forge/issues/116).
-----BEGIN CERTIFICATE-----
MIICKjCCAdCgAwIBAgIRANez5iZg7HjAPv3jEqpTzGgwCgYIKoZIzj0EAwIwczEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwOTE1MTY1ODAwWhcNMzAwOTEzMTY1ODAw WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN U2FuIEZyYW5jaXNjbzEOMAwGA1UECxMFYWRtaW4xHzAdBgNVBAMMFkFkbWluQG9y ZzEuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARelGSQYlaf khorFSFeWLOjtxVsNlQB0sZBYhEVhqhqnEnJGxa4YJ+wLg6lc7ssYuJNrU1JGba7 lB3HZvHts9+Io00wSzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNV HSMEJDAigCDHGn/NTq1dt3sUaasmpGS+ZuklWO6uLS7KnJRPkOwwbzAKBggqhkjO PQQDAgNIADBFAiEA2gESuA96ivKNLqBj07gpk2akypZwFEBcgW8Fv36g4kMCIDtr kOkQzcVu4f8uIQqQj+3Gf232J5tFc1rB2WYPwZeL
-----END CERTIFICATE-----
There are several other libraries out there which you can use:
PKI.js
#ampretia/x509 (actually used in the fabric-sdk-node)
jsrsasign
to name a few.
Related
Can I remove new line encoding from below RS256 public key file? I have diff keys for diff env and want to keep this file on .ENV file and will be used on browser with JavaScript module. Please suggest recommended way to store key file for JavaScript based web application.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
MwIDAQAB
-----END PUBLIC KEY-----
i try import my pem key to Google KMS(with hsm support). I have google guide how it create with openssl:
Wrap the key
Generate a temporary random AES key that is 32 bytes long.
openssl rand -out temp_aes_key.bin 32
Wrap the temporary AES key with the wrapping public key using CKM_RSA_PKCS_OAEP.
openssl rsautl -encrypt
-pubin -inkey wrap_pub_key.pub
-in temp_aes_key.bin
-out temp_aes_key_wrapped.bin
-oaep
Wrap the target key with the temporary AES key using CKM_AES_KEY_WRAP_PAD.
openssl enc -id-aes256-wrap-pad -K $( hexdump -v -e '/1
"%02x"' < "temp_aes_key.bin" ) -iv A65959A6 -in my_key.pem
-out target_key_wrapped.bin
Note the use of -iv A65959A6 sets A65959A6 as the Alternate Initial Value as required by the RFC 5649 specification.
I have wrap_pub_key.pub and my_key.pem, where wrap_pub_key.pub:
-----BEGIN PUBLIC KEY-----
...........key...........
-----END PUBLIC KEY-----
How to programm this steps in nodeJs with cryto lib(without openssl)?
I think you are following this guide I'm not familiar with NodeJs, however I found the next documentation that It could be helpful,
I found the github repo list of each language supported for the Cloud Platform services/APIs!
I think that you can start with this available examples
If you need more details you can use these references:
Google KMS Node.js io Samples
KMS Node.js Client Library
Finally I understand that when you import this kind of key you need to choose a key wrapping algorithms
I hope you find this information helpful
I want to encrypt text with RSA using Public.pem and private.pem
I generated these files with openssl
openssl genrsa -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem
I need to encrypt the text in javascript (I use this Library) only for encryption.
This text in base64 is sent to the server in C#, I use RSACryptoServiceProvider, but I only saw that is possible load public key with:
RSAParameters RSAParams = RSA.ExportParameters(false);
RSAParams.Modulus = privateKey;
RSA.ImportParameters(RSAParams);
But I need use my own private.pem file to decrypt my text and use it after.
How can I make this?
I know there are a bunch of similar questions here but after hours of reading I cannot find a solution to mine. So:
I am trying to use jwk-to-pem for signing a JSON web token using jsonwebtoken. I have previously achieved this but now the same code does not work. After calling jwt.sign with the generated pem I get error:0906D06C:PEM routines:PEM_read_bio:no start line.
I know that common reasons would include wrong linebreaks like \r or generally wrong format. I actually even dug through the core nodejs code and found the line throwing this error.
Countless adjustments and attempts brought no solution. Specifically:
I made sure that all linebreaks are \n
I tried different strings for the first and last line, e.g. -----BEGIN PUBLIC KEY----- or -----BEGIN RSA PUBLIC KEY-----
I made sure that the last line contains a \n as last character
I tried to write the pem string to disk and re-reading it, using node's fs.
I compared the pem file to several other files with several editors e.g. using vi -b or regex.
I tried handing the raw file buffer with the pem content to jwt.sign as well as pem.toString('utf8') as well as every other string encouding supported by node
I tried to generate a random pem file using linux tools and give that to jwt.sign. Specifically: ssh-keygen -t rsa -b 2048 -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.pem
What am I missing here? What possible causes I did not think of can this have?
I found a very simple explanation: I was by mistake using the public instead of the private key. The error thrown by openssl/crypto is very misleading.
Using a private pem/key the signing works as expected.
Earlier i used a self signed certificate and created a https server on node js using
var privateKey = fs.readFileSync( 'key.pem' );
var certificate = fs.readFileSync( 'cert.pem' );
var app = express();
https.createServer({
key: privateKey,
cert: certificate,
passphrase:'abc123'
}, app).listen(1111);
I have now purchased and verified an SSL certificate from GoDaddy.I have downloaded the SSL certificate from GoDaddy and got 2 files :
1) d752ec439hdwudbdh7.crt:
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
2)gd-bundle-g2-g1.crt:
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
........
-----END CERTIFICATE-----
What files are these and how do i configure these files to use with https.createServer
d752ec439hdwudbdh7.crt is your site's certificate generated by GoDaddy. It corresponds to your cert.pem file. As the format of the file provided by GoDaddy is actually PEM (base64 encoded data beginning with the ----BEGIN text), you can use it as it is without having to convert formats.
gd-bundle-g2-g1.crt is the set of certificates (one or more intermediate certificates and optionally, a root certificate) that is used to verify trust. This chain of certificates is what browsers and other user agents use to determine if the certificate was granted by GoDaddy, and if GoDaddy is someone they trust. You will need to use the ca option in https.createServer and specify the path to this file. Again, the file format is what is expected by node/ express and you can just rename it to something sensible and use it like this:
var privateKey = fs.readFileSync( 'key.pem' );
var certificate = fs.readFileSync( 'cert.pem' );
var caBundle = fs.readFileSync( 'ca.pem' );
var app = express();
https.createServer({
key: privateKey,
cert: certificate,
ca: caBundle,
passphrase:'abc123'
}, app).listen(1111);
Once done, I'd recommend checking your site against an online scanner like SSL Labs Server test to ensure that your site does not show any certificate related errors. It'd also be good to fix any other misconfiguration reported there.