我建立一个Node.js的ACMEv2客户端,并试图仅仅依靠单一的加密库,以保持代码的简洁。本机节点加密模块不支持CSR,所以我不得不使用Node-Forge。到目前为止一切正常,但我有一个很难找到使用节点伪造的等效代码:
const crypto = require('crypto');
const signer = crypto.createSign('RSA-SHA256').update(`${requestBase64Url.protected}.${requestBase64Url.payload}`, 'utf8');
const signature = signer.sign(this.keys.accountKey.privatePem, 'base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
console.log(signature);
输出是:
oZpJuZlNgU48t8l-39V1LUZScOPHTFzHDWYT6ttf1KBGnm6jNuGkogwc0QiANrt5h5z6mp0Wz3rPz7etxjby_znQsGuaGdxvtVDf30_6j0mN-Rh7OXkS489JK6kDSQRbhpoyulb75QZyhDoA2pbmqyPc6HnfnQ2gUGr8HZf3K_LnfXCAX807MAzXd_bOx2dE0NbnwoVQQgGG1u5s7Q9-DY1WNjolYmkTt_skNoXgbAKZwj-8x6oSbfGk5_7-mbuEXcxUAJuXmGQsHrHAp7lKBZ9ZhTyZUlZjEhfRYb7cMYHSAJccalMPC5y5uzrIQYILhGtuDcXBsY1rCanJw6eRqg
我还可以使用以下的OpenSSL(和编码的结果到base64url)实现相同的输出:
openssl dgst -sha256 -sign account.key -out signature.sha256 signature.b64
我怎样才能使用Node-Forge模块得到同样的结果?我想没有任何运气如下:
let messageDigest = forge.md.sha256.create();
messageDigest.update(`${requestBase64Url.protected}.${requestBase64Url.payload}`, 'utf8');
const accountKey = await forge.pki.privateKeyFromPem(this.keys.accountKey.privatePem);
request.signature = accountKey.sign(messageDigest);
输出是:
wqHCmknCucKZTcKBTjzCt8OJfsOfw5V1LUZScMOjw4dMXMOHDWYTw6rDm1_DlMKgRsKebsKjNsOhwqTCogwcw5EIwoA2wrt5wofCnMO6wprCnRbDj3rDj8OPwrfCrcOGNsOyw785w5DCsGvCmhnDnG_CtVDDn8OfT8O6wo9Jwo3DuRh7OXkSw6PDj0krwqkDSQRbwobCmjLCulbDu8OlBnLChDoAw5rClsOmwqsjw5zDqHnDn8KdDcKgUGrDvB3Cl8O3K8Oyw6d9cMKAX8ONOzAMw5d3w7bDjsOHZ0TDkMOWw6fDgsKFUEIBwobDlsOubMOtD34Nwo1WNjolYmkTwrfDuyQ2woXDoGwCwpnDgj_CvMOHwqoSbcOxwqTDp8O-w77CmcK7woRdw4xUAMKbwpfCmGQsHsKxw4DCp8K5SgXCn1nChTzCmVJWYxIXw5Fhwr7DnDHCgcOSAMKXHGpTDwvCnMK5wrs6w4hBwoILwoRrbg3DhcOBwrHCjWsJwqnDicODwqfCkcKq
我找到了答案感谢:
基本上,锻造编码签名成必须使用以下代码来解码的二进制串:
request.signature = Buffer.from(forge.util.binary.raw.decode(accountKey.sign(messageDigest)));