Comments (3)
gustavosbarreto
commented on June 12, 2024
Trying to sign some data with private key which is generated by new openssh 8.0, signature output is always random, Output is always different, when passing same data. I have checked and think that problem comes from var "crt" func related to browserify-rsa. for older keys it works as expected, problem occurs only in case of using new private key. Can someone help me with this ? Thanks in advance.
The same here.
Test code:
var keyPriv = `-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAIEAvzqy5E3zSn2TG3QRvOmXyfU7UAJDBLEQ9/ocKTFLGPKbF506xGfK
fbksNFg/rbMvVbTSNlouQTTdu7jNiQBwBaHvuJz/PwvY5iz7mVoNue/7g+Ndn09TVWM+yi
sQtNUbpX6UqPV0pLp9er5QG1V6YsJouh5A3nFWR0LJ+HQmj8UAAAIQ3RIN190SDdcAAAAH
c3NoLXJzYQAAAIEAvzqy5E3zSn2TG3QRvOmXyfU7UAJDBLEQ9/ocKTFLGPKbF506xGfKfb
ksNFg/rbMvVbTSNlouQTTdu7jNiQBwBaHvuJz/PwvY5iz7mVoNue/7g+Ndn09TVWM+yisQ
tNUbpX6UqPV0pLp9er5QG1V6YsJouh5A3nFWR0LJ+HQmj8UAAAADAQABAAAAgFSAe8ynJX
slQnw/LhdsocZ8t1kDptnL5NOvkgIh5i2AB0jIEc/4jWJBEWeQF5OKOsCExt99ujLWSaVK
ZIjFyLnwmPL6tN6Zm/yTiWZxs5VE6S4eRW6V2TXqx6FvFsMn5w0zol8E/HDtoEwtC4tSZo
g3cTwdj5QEwgomIYNoITwBAAAAQDHxgSxkJuuciPYULz65l53ABEOGL4cQzSwx6yZ1jxhY
87W2Si0c2+ZWhtw6P5vfiQ5BsG1UArWVCaS+2FRgEhoAAABBAOovulyHjVohZtpwJurCMK
sByIkQFy97Td297PLkjW0cb4s3xoXDcSbLId41iCbUsuvffMWIElcZOMWVFlmVfQkAAABB
ANEKo9dzywZX+Rp7qMomaxGBoCGOMiw4qvydU4rXIXpLHfQS48kewy/5HsS9Au9ookctan
m28dPkGkwqnZAzZ90AAAAUZ3VzdGF2b0BkcmVyYS1tb2JpbGUBAgMEBQYH
-----END OPENSSH PRIVATE KEY-----`
var key = sshpk.parsePrivateKey(keyPriv);
var data = 'some data';
/* Sign some data with the key */
var s = key.createSign('sha1');
s.update(data);
var signature = s.sign();
console.log(signature.toBuffer().toString('base64'));
/* Now load the public key (could also use just key.toPublic()) */
var keyPub = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC/OrLkTfNKfZMbdBG86ZfJ9TtQAkMEsRD3+hwpMUsY8psXnTrEZ8p9uSw0WD+tsy9VtNI2Wi5BNN27uM2JAHAFoe+4nP8/C9jmLPuZWg257/uD412fT1NVYz7KKxC01RulfpSo9XSkun16vlAbVXpiwmi6HkDecVZHQsn4dCaPxQ== gustavo@drera-mobile`;
key = sshpk.parseKey(keyPub);
/* Make a crypto.Verifier with this key */
var v = key.createVerify('sha1');
v.update(data);
var valid = v.verify(signature);
console.log(valid);
The signature output is always random
from browserify-sign.
gustavosbarreto
commented on June 12, 2024
@dartedfa Did you found solution for this?
from browserify-sign.
gustavosbarreto
commented on June 12, 2024
Maybe someone could implement support for OpenSSH key format based on this:
https://github.com/rzcoder/node-rsa/pull/181/files
from browserify-sign.
Related Issues (20)
- 'wrong private key type' during json web token verification HOT 8
- v4.0.1 included breaking changes HOT 2
- Error: Can't resolve './browser/algorithms' HOT 12
- test failures depending on openssl version/flags HOT 6
- Verify is broken when input is an ECDSA certificate
- Replace Buffer constructor with Buffer.new() HOT 2
- Verify is broken when input is a certificate
- Fails to compile if used with css-loader 3.0.0
- explicit import 'buffer'
- TypeError: hex is not a function HOT 1
- Expose algorithms HOT 1
- CVE-2020-13822 HOT 2
- The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. HOT 2
- No wiki page, no Readme file content, no explain...
- Incorrect dependency version. Please update HOT 1
- elliptic version 6.5.3 has a vulnerability HOT 1
- Ignore case in algorithm name HOT 2
- Signature Forgery Attack In Browserify-Sign HOT 1
- Fix for dsaVerify Security issue? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from browserify-sign.