Node.js 验证文件nodejs上的签名
我不明白为什么verify总是为我返回false。。。运行openssl将返回一切都很好的结果Node.js 验证文件nodejs上的签名,node.js,cryptography,public-key-encryption,verification,Node.js,Cryptography,Public Key Encryption,Verification,我不明白为什么verify总是为我返回false。。。运行openssl将返回一切都很好的结果 $ openssl dgst -md5 -verify mykey.pub -signature signature message.txt Verified OK 但是,在节点中运行我的代码会导致验证为false var fs = require('fs'); var path = require('path'); var crypto = require('crypto'); //pass i
$ openssl dgst -md5 -verify mykey.pub -signature signature message.txt
Verified OK
var fs = require('fs');
var path = require('path');
var crypto = require('crypto');
//pass in arguments
var args = process.argv.slice(2);
fs.readFile(args[0], 'ascii', function(err,signature){
if(err){console.log(err);}
fs.readFile(args[1], 'ascii', function(err,message){
if(err){console.log(err);}
fs.readFile(args[2], 'ascii', function(err,publickey){
if(err){console.log(err);}
verify(signature, message, publickey);
});
});
});
//verify function
var verify = function(signature, message, publickey){
//everything prints out right
console.log(signature.toString() + '\n');
console.log(message.toString() + '\n');
console.log(publickey.toString() + '\n');
//using md5
var verifier = crypto.createVerify('md5');
verifier.update(message.toString());
var WHAT = verifier.verify(publickey.toString(), signature.toString(), 'binary');
console.log(WHAT);
};
$ node verifyHash signature message.txt mykey.pub
B`⌂ pgfs☼st;3_V1I☻l♂[V5 =C♠~o▲§►rH`KZ7#♦♠LiQ⌂xFw
▼♣"↓d;.H4+↕$WZF▲◄Ow▲r⌂,
j]U↕6►vQm$7v&^^uF↨/ma2F→*n
►¶o'$jN!☼↑☺aV+↔e^qH▲A►rmx.
HEllo
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDgn0PrHxivu0zgG8pp66yMwxJ
MyYsdocVNpZ+673WlRlN0NKQRkI7+F7rYMG4KWL0pDBeOahOggxNVTNV9cxkCKce
Gp37+ZED5HiHKDll4tVoGVSDLaW0BBVe1TzfJSS64fvN/OssyjKffD5ExpLE4O5o
Vv7robQ0JxzYfbz2FQIDAQAB
-----END PUBLIC KEY-----
false
我做错了什么?您不能将签名读取为ASCII,因为它包含二进制数据(字节值>128)。这些将被剥离[1] 由于验证器是一个最简单的解决方案,因此最简单的解决方案是使用它,然后通过管道将其导入验证器 见本REPL成绩单:
> crypto = require('crypto'); undefined
undefined
> fs = require('fs'); undefined
undefined
> verifier = crypto.createVerify('md5'); undefined
undefined
> fs.createReadStream('file').pipe(verifier); undefined
undefined
> verifier.verify(fs.readFileSync('publickey.pem'), fs.readFileSync('signature.sign'), 'binary');
true
无法将签名读取为ASCII,因为它包含二进制数据(字节值>128)。这些将被剥离[1] 由于验证器是一个最简单的解决方案,因此最简单的解决方案是使用它,然后通过管道将其导入验证器 见本REPL成绩单:
> crypto = require('crypto'); undefined
undefined
> fs = require('fs'); undefined
undefined
> verifier = crypto.createVerify('md5'); undefined
undefined
> fs.createReadStream('file').pipe(verifier); undefined
undefined
> verifier.verify(fs.readFileSync('publickey.pem'), fs.readFileSync('signature.sign'), 'binary');
true
无法将签名读取为ASCII,因为它包含二进制数据(字节值>128)。这些将被剥离[1] 由于验证器是一个最简单的解决方案,因此最简单的解决方案是使用它,然后通过管道将其导入验证器 见本REPL成绩单:
> crypto = require('crypto'); undefined
undefined
> fs = require('fs'); undefined
undefined
> verifier = crypto.createVerify('md5'); undefined
undefined
> fs.createReadStream('file').pipe(verifier); undefined
undefined
> verifier.verify(fs.readFileSync('publickey.pem'), fs.readFileSync('signature.sign'), 'binary');
true
无法将签名读取为ASCII,因为它包含二进制数据(字节值>128)。这些将被剥离[1] 由于验证器是一个最简单的解决方案,因此最简单的解决方案是使用它,然后通过管道将其导入验证器 见本REPL成绩单:
> crypto = require('crypto'); undefined
undefined
> fs = require('fs'); undefined
undefined
> verifier = crypto.createVerify('md5'); undefined
undefined
> fs.createReadStream('file').pipe(verifier); undefined
undefined
> verifier.verify(fs.readFileSync('publickey.pem'), fs.readFileSync('signature.sign'), 'binary');
true
您还可以尝试使用Windows/macOS npm软件包util签名检查来验证可执行文件/文件的签名 它使用内置操作系统机制来验证是否进行了代码签名(
codesign--verifyconst SignCheck = require('sign-check');
const somePath = 'some/path/for/test';
SignCheck.checkMac(somePath).then(
(isSigned) => {
console.log('File sign status ' + isSigned);
},
(error) => {
console.log(error);
}
);
或用于Windows平台的checkWin函数。您也可以尝试使用Windows/macOS npm软件包util签名检查进行可执行文件/文件签名验证 它使用内置操作系统机制来验证是否进行了代码签名(
codesign--verifyconst SignCheck = require('sign-check');
const somePath = 'some/path/for/test';
SignCheck.checkMac(somePath).then(
(isSigned) => {
console.log('File sign status ' + isSigned);
},
(error) => {
console.log(error);
}
);
或用于Windows平台的checkWin函数。您也可以尝试使用Windows/macOS npm软件包util签名检查进行可执行文件/文件签名验证 它使用内置操作系统机制来验证是否进行了代码签名(
codesign--verifyconst SignCheck = require('sign-check');
const somePath = 'some/path/for/test';
SignCheck.checkMac(somePath).then(
(isSigned) => {
console.log('File sign status ' + isSigned);
},
(error) => {
console.log(error);
}
);
或用于Windows平台的checkWin函数。您也可以尝试使用Windows/macOS npm软件包util签名检查进行可执行文件/文件签名验证 它使用内置操作系统机制来验证是否进行了代码签名(
codesign--verifyconst SignCheck = require('sign-check');
const somePath = 'some/path/for/test';
SignCheck.checkMac(somePath).then(
(isSigned) => {
console.log('File sign status ' + isSigned);
},
(error) => {
console.log(error);
}
);
或者Windows平台的
checkWin。fs…fs…fs…fsSyncpipeendSyncpipeendSyncpipeend