前言:
最近接入一个rsa-md5-pss模式签名的接口,给了java ,go的案例,发现nodejs并没有,最后折腾了半天看文档,OpenSSL有实现终于对上了。
RSA signature and encryption schemes
pss填充每次的签名字串是不同的,具体下面链接
https://www.cryptosys.net/pki/manpki/pki_rsaschemes.html
golang 代码如下:
func SigData(msg string, priv *rsa.PrivateKey) []byte {
msgBytes := []byte(msg)
// 先hash
h := md5.New()
h.Write(msgBytes)
hashed := h.Sum(nil)
// 生成签名
opts := &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.MD5}
sig, err := rsa.SignPSS(rand.Reader, priv, crypto.MD5, hashed, opts)
if err != nil {
fmt.Println(err)
os.Exit(1001)
}
return sig
}
Nodejs代码如下
openssl有相关实现就不用自己做md5后签名了,注意pss填充参数,很少用到
const key = Buffer.from(secret, 'hex');
const cipher = createCipheriv(algorithm, key, key);
this.logger.info(JSON.stringify(orig));
let crypted = cipher.update(JSON.stringify(orig), 'utf8', 'base64');
crypted += cipher.final('base64');
const sigData = path + crypted;
const signer = createSign('RSA-MD5');
signer.update(Buffer.from(sigData));
signer.end();
const prik = {
padding: constants.RSA_PKCS1_PSS_PADDING,
saltLength: constants.RSA_PSS_SALTLEN_AUTO,
key: this.app.config.kg.privateKey,
format: 'pem',
type: 'pkcs8',
};
const sign = signer.sign(prik as SignPrivateKeyInput, 'hex');
