as you know, there is no pkcs7 sign in ios, so in backend with nodejs we must convert to pkcs7 for another service call which only accept pkcs7 and it's not in our company. in our sever we have that string which ios sign and certificate and we receive pkcs1 sign from ios , i use node-forge but it does not work
in backend I only have certificate and pkcs1 signature, which signs a string text,
how can I convert pkcs1 to pkcs7 signature using node js?
if there is other solution rather than nodejs, also may help
I tried node-forge, but it want private key which I don't have in server-side, I wanna do this without private key
Related
i know that the default is that you have a public key to encrypt messages and a private key to decrypt the encrypted messages.
I need this turned around so that the public key can read the message and the private key can encrypt it.
My Goal is to generate a License Key for my software(NodeJS) which is given in with an ENV and i want to read than the License Key in Nodejs with the built in public Key to verify that the key got created by me.
Maybe there is a better solution for this?
Searched for basicly a switched Asymmetric Encryption variant.
I'm currently trying to use a CA Bundle with NodeJS 14.0. I've been using Namecheap's article as a guide the implement this feature. I'm currently stuck on a few things:
For the ca parameter for https.createServer(), what file formats are allowed to be passed in?
How do I check that a CA bundle is actually being used?
For the ca parameter for https.createServer(), what file formats are allowed to be passed in?
From NodeJS tls.createSecureContext:
Any string or Buffer can contain multiple PEM CAs concatenated together
Though, in general NodeJS uses PEM format.
How do I check that a CA bundle is actually being used?
You can use a certificate not signed by your CA, e.g. a self-signed certificate.
One point, possibly more subtle than you wanted: nodejs tls.createSecureContext internally calls OpenSSL PEM_read_bio_X509_AUX which actually accepts three PEM formats (or any sequence of those three formats, since nodejs loops). For two of them the base64/64cpl blob contains (exactly) an X.509 certificate, as respecified in rfc7468 sec 5, with either preferred label "CERTIFICATE" or deprecated label "X509 CERTIFICATE". In addition OpenSSL accepts a format of its own with label "TRUSTED CERTIFICATE" where the blob contains an X.509 certificate plus additional (ASN.1) data defined by OpenSSL; see e.g. the man page for d2i_X509_AUX online here. OpenSSL doesn't use this additional data for much, and of course nothing else uses it at all, so it's rare.
And to avoid confusion it might be worth noting that all OpenSSL PEM_read_ routines, including this one, skip any 'comment' data while searching for the PEM data, so actually a file/buffer that contains garbage, then a PEM cert, then more garbage, then another PEM cert, etc. will work the same as if it contained only the PEM certs.
I have a String with signature data extracted from Digital Signature using
document.JSignApplet.sign().
Now I would like to use this string to get the details of the certificate user and generate a Digital signature of him with it in a pdf file.
Is this possible if yes how and if not why?
I'm using ursa (nodejs module) to do the following:
Use a private key and someone else's public key to generate a symmetric key
Encrypt some data with the symmetric key
Encrypt the symmetric key with the user's public key
However, I can't seem to find any methods that allow me to create a symmetric key. My understanding is that simply generating a pseudo-random byte string should be good enough for the key, but then I can't use the rest of the method in ursa to actually encrypt anything because it's a random string and not a key/cert.
Am I missing anything?
URSA as the name suggests is an RSA implementation and as such doesn't not handle symmetric encryption. If you want those, then you can use node.js' native crypto module which provides everything you need in this regard.
Encrypt the symmetric key with the user's public key
This means that the symmetric key is simply data. URSA doesn't have to know what this is.
I know how asymmetric cryptography works. I know there are two keys (one private and one public).
When someone wants to communicate they exchange their public keys encrypt messages with those public keys AND then the respective message could be decrypted ONLY by the user that has the private key.
Now, I'm using Node.js and I need to do something like this...
I need an application that EACH hour reads a database, extracts data and saves it to a file that I need to send to another server.
My problem is that I DON'T WANT that file will be visible to other, I do the transfer using SSH so there is no problem BUT
I must encrypt that file because I'm not the admin of that server SO maybe someone could read it. Unfortunately the admin is the same for both servers.
So my idea is to encrypt the file with a public key, and then only he who has the private key(me) could decrypt it.
I think it is pointless using something like:
var key = 'blablabla'
If I use a public key, there is no problem, all can read it..... it is public indeed. But with this public key, nobody can decrypt the message, so it is
something like one-way encryption.
Now, could someone tell me if I need a signer/verifier to do this job, OR maybe I have to generate two keys (public/private) with openssl and pass those keys to a cipher/dechiper?
I'm looking at crypto modules, but there are no examples....
In general, your idea is right - you encrypt using public key and decrypt using private key of yours. However, practically the procedure is more complex. Random symmetric key is generated and the data is encrypted using that key. Then the public key is used to encrypt the random key. Encrypted key is sent to recipient together with encrypted data. On the other side encrypted key is decrypted using a private key, then the data is decrypted.
You can use OpenPGP keys or X.509 certificates to do the job.
In case of OpenPGP the standard offers encryption and decryption as atomic procedures (on the user level). In case of X.509 certificates you need to use PKCS#7 / CMS.
OpenSSL library offers operations with PKCS#7 / CMS, however when I look at nodeJS API for OpenSSL, that API is very limited and doesn't expose those functions. Maybe you can write your own nodeJS module which will interface with OpenSSL and provide missing functions.
Another alternative is to use OpenPGP keys and node-gpg module. That module uses gnupg to do the actual job, so gnupg must be installed.
Unfortunately I don't see any other suitable libraries in the 3rd-party module list provided in nodeJS wiki.