Comments (3)
Trying to sign some data with private key which is generated by new openssh 8.0, signature output is always random, Output is always different, when passing same data. I have checked and think that problem comes from var "crt" func related to browserify-rsa. for older keys it works as expected, problem occurs only in case of using new private key. Can someone help me with this ? Thanks in advance.
The same here.
Test code:
var keyPriv = `-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAIEAvzqy5E3zSn2TG3QRvOmXyfU7UAJDBLEQ9/ocKTFLGPKbF506xGfK
fbksNFg/rbMvVbTSNlouQTTdu7jNiQBwBaHvuJz/PwvY5iz7mVoNue/7g+Ndn09TVWM+yi
sQtNUbpX6UqPV0pLp9er5QG1V6YsJouh5A3nFWR0LJ+HQmj8UAAAIQ3RIN190SDdcAAAAH
c3NoLXJzYQAAAIEAvzqy5E3zSn2TG3QRvOmXyfU7UAJDBLEQ9/ocKTFLGPKbF506xGfKfb
ksNFg/rbMvVbTSNlouQTTdu7jNiQBwBaHvuJz/PwvY5iz7mVoNue/7g+Ndn09TVWM+yisQ
tNUbpX6UqPV0pLp9er5QG1V6YsJouh5A3nFWR0LJ+HQmj8UAAAADAQABAAAAgFSAe8ynJX
slQnw/LhdsocZ8t1kDptnL5NOvkgIh5i2AB0jIEc/4jWJBEWeQF5OKOsCExt99ujLWSaVK
ZIjFyLnwmPL6tN6Zm/yTiWZxs5VE6S4eRW6V2TXqx6FvFsMn5w0zol8E/HDtoEwtC4tSZo
g3cTwdj5QEwgomIYNoITwBAAAAQDHxgSxkJuuciPYULz65l53ABEOGL4cQzSwx6yZ1jxhY
87W2Si0c2+ZWhtw6P5vfiQ5BsG1UArWVCaS+2FRgEhoAAABBAOovulyHjVohZtpwJurCMK
sByIkQFy97Td297PLkjW0cb4s3xoXDcSbLId41iCbUsuvffMWIElcZOMWVFlmVfQkAAABB
ANEKo9dzywZX+Rp7qMomaxGBoCGOMiw4qvydU4rXIXpLHfQS48kewy/5HsS9Au9ookctan
m28dPkGkwqnZAzZ90AAAAUZ3VzdGF2b0BkcmVyYS1tb2JpbGUBAgMEBQYH
-----END OPENSSH PRIVATE KEY-----`
var key = sshpk.parsePrivateKey(keyPriv);
var data = 'some data';
/* Sign some data with the key */
var s = key.createSign('sha1');
s.update(data);
var signature = s.sign();
console.log(signature.toBuffer().toString('base64'));
/* Now load the public key (could also use just key.toPublic()) */
var keyPub = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC/OrLkTfNKfZMbdBG86ZfJ9TtQAkMEsRD3+hwpMUsY8psXnTrEZ8p9uSw0WD+tsy9VtNI2Wi5BNN27uM2JAHAFoe+4nP8/C9jmLPuZWg257/uD412fT1NVYz7KKxC01RulfpSo9XSkun16vlAbVXpiwmi6HkDecVZHQsn4dCaPxQ== gustavo@drera-mobile`;
key = sshpk.parseKey(keyPub);
/* Make a crypto.Verifier with this key */
var v = key.createVerify('sha1');
v.update(data);
var valid = v.verify(signature);
console.log(valid);
The signature output is always random
from browserify-sign.
@dartedfa Did you found solution for this?
from browserify-sign.
Maybe someone could implement support for OpenSSH key format based on this:
https://github.com/rzcoder/node-rsa/pull/181/files
from browserify-sign.
Related Issues (20)
- 'wrong private key type' during json web token verification HOT 8
- v4.0.1 included breaking changes HOT 2
- Error: Can't resolve './browser/algorithms' HOT 12
- test failures depending on openssl version/flags HOT 6
- Verify is broken when input is an ECDSA certificate
- Replace Buffer constructor with Buffer.new() HOT 2
- Verify is broken when input is a certificate
- Fails to compile if used with css-loader 3.0.0
- explicit import 'buffer'
- TypeError: hex is not a function HOT 1
- Expose algorithms HOT 1
- CVE-2020-13822 HOT 2
- The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. HOT 2
- No wiki page, no Readme file content, no explain...
- Incorrect dependency version. Please update HOT 1
- elliptic version 6.5.3 has a vulnerability HOT 1
- Ignore case in algorithm name HOT 2
- Signature Forgery Attack In Browserify-Sign HOT 1
- Fix for dsaVerify Security issue? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from browserify-sign.