const enrollment = await ca.enroll({ enrollmentID: appAdmin, enrollmentSecret: appAdminSecret });
const identity = X509WalletMixin.createIdentity(orgMSPID, enrollment.certificate, enrollment.key.toBytes());
wallet.import(appAdmin, identity);
enrollment.key.toBytes() is private key. How can I get the corresponding public key?
You can find public key on certificate. You can easily parse that certificate to get the public key if you don't find any implemented functions on SDK.
https://www.ssl.com/faqs/what-is-an-x-509-certificate/
Related
I have difficulty manipulating the Jose Node.JS documentation to chain the creation of a JWS and JWE. I cannot find the proper constructor for encryption. It looks like I can only encrypt a basic payload not a signed JWS.
Here is the code sample I try to fix to get something that would look like
const jws = await createJWS("myUserId");
const jwe = await encryptAsJWE(jws);
with the following methods
export const createJWS = async (userId) => {
const payload = {
}
payload['urn:userId'] = userId
// importing key from base64 encrypted secret key for signing...
const secretPkcs8Base64 = process.env.SMART_PRIVATE_KEY
const key = new NodeRSA()
key.importKey(Buffer.from(secretPkcs8Base64, 'base64'), 'pkcs8-private-der')
const privateKey = key.exportKey('pkcs8')
const ecPrivateKey = await jose.importPKCS8(privateKey, 'ES256')
const assertion = await new jose.SignJWT(payload)
.setProtectedHeader({ alg: 'RS256' })
.setIssuer('demolive')
.setExpirationTime('5m')
.sign(ecPrivateKey)
return assertion
}
export const encryptAsJWE = async (jws) => {
// importing key similar to createJWS key import
const idzPublicKey = process.env.IDZ_PUBLIC_KEY //my public key for encryption
...
const pkcs8PublicKey = await jose.importSPKI(..., 'ES256')
// how to pass a signed JWS as parameter?
const jwe = await new jose.CompactEncrypt(jws)
.encrypt(pkcs8PublicKey)
return jwe
}
The input to the CompactEncrypt constructor needs to be a Uint8Array, so just wrapping the jws like so (new TextEncoder().encode(jws)) will allow you to move forward.
Moving forward then:
You are also missing the JWE protected header, given you likely use an EC key (based on the rest of your code) you should a) choose an appropriate EC-based JWE Key Management Algorithm (e.g. ECDH-ES) and put that as the public key import algorithm, then proceed to call .setProtectedHeader({ alg: 'ECDH-ES', enc: 'A128CBC-HS256' }) on the constructed object before calling encrypt.
Here's a full working example https://github.com/panva/jose/issues/112#issue-746919790 using a different combination of algorithms but it out to help you get the gist of it.
I want to provision a device using x509 security. The x509 certificate and private key are saved on an HSM. The private key cannot leave the HSM.
Ideally I'd like to pass the PKCS11 URI for both objects when creating the x509 object for transport.
const deviceCert: X509 = {
cert: cert,
clientCertEngine: "pkcs11",
keyFile: 'pkcs11:object=privateKey;type=private?pin-value=1234',
};
const securityClient = new X509Security(this.registrationId, deviceCert);
this.provisioningClient = ProvisioningDeviceClient.create(
this.provisioningHost,
this.idScopeOperator,
new ProvisioningTransport(),
securityClient
);
I need to make sure a client generated RSA key pair matches before signing it. I can't seem to find any documentation (npm:node-forge) on how to do so. I'm guessing I could sign something with it, and then verify the signature, but that's not efficient. I currently have this:
const Forge = require("node-forge");
try {
publicKey = Forge.pki.publicKeyFromPem(publicKey);
privateKey = Forge.pki.privateKeyFromPem(privateKey);
} catch(err) {
// ...
}
// ...
Any ideas are appreciated.
I've found my answer: I don't need to be sent the public key in the first place. You can build the public key from the private key like this:
// const privateKey = ...;
const publicKey = Forge.pki.setRsaPublicKey(privateKey.n, privateKey.e);
More information on this solution can be found here: Extract public key from private key pem using only nodejs/javascript.
I have a error when trying to encrypt a string with a pgp public key:
'Could not find valid key packet for encryption in key 9ae788ff8eec0b31'
This error doesn't appear with every key but with most of them. Here one of the keys that errors:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.43
mI0EXQJU0gEEAKZKsTmlR71mPgzQR6hyGJXR4tuoH/RgJPnZGCKPlJqCj8GCvlTa
Jqy5gUZQJItwS4ssFU56+fI1a47oe08covHWgLAsGRWCxsD/oneFhddPhhZkHOui
s1CW3CNDQ8hhl/DykhUoegKCmvNDzRVsD4y7ueLkzAisu3MH3ShQWDB/ABEBAAG0
CUxJTlhPIFNBU4icBBABAgAGBQJdAlTSAAoJEPa8OTh7Vcnz4kID/0KL7RBA5Z83
WuirfaVXF+Kqi4QXQO4EBUUknSbO+igRSJ/MLV4NROuhn2AZ3YWXK9B8rLsaZy9Q
49/rr1lPn648Wq2lAoN7uLwtycspFQscjLT76hDMnoOvJGzjrpi+xC7n0W7ggLRN
TkCUB8b+OBvwPhptny8kS6DASwew0Fp7
=2Sis
-----END PGP PUBLIC KEY BLOCK-----
Here is the function im using to encrypt
const openpgp = require('openpgp')
async function pgpEncrypt(pubkey, message) {
await openpgp.initWorker({ path: 'openpgp.worker.js' })
const options = {
message: await openpgp.message.fromText(message), // input as Message object
publicKeys: (await openpgp.key.readArmored(pubkey)).keys, // for encryption
armor: false
}
const cipherText = await openpgp.encrypt(options)
return cipherText.data
}
What's wrong with this? how can i ensure the key works with this library?
It is a version issue. Try the 4.10.8 version of openpgp. Use the following lines for the dependencies.
"dependencies": {
"openpgp": "^4.10.8"
}
Which is the most appropriate way to share client certificates to end users of a Hyperledger fabric network?
I have already set up a java sdk client to Register and enroll users using admin Credentials. At the end of the scenario i have a Username and a Password for each user. What i cannot find is where client certificates are stored at the local MSP and how i can share them to the actual end users.
Any recommendation or example of a proposed solution will be appreciated.
while enrolling user,
you will get enrollment object
Irrespective of SDK (NODE, JAVA, GO)
let enrollment = await caClient.enroll(request)
const key = enrollment.key.toBytes();
const cert = enrollment.certificate;
response.key = key;
response.cert = cert;
response.secret = secret;
return response;
LOOKS like below result
"data": { "message": "nbdClient has been enrolled Successfully to
Org: nbd", "key": "-----BEGIN PRIVATE
KEY-----\r\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgH7ttkV4VIDA1TlSx\r\n/bmsy1Ad6zgLGhjdcFtElexqAtShRANCAASHKIOk+nBTIqfn5taiqMWlRnfHKdth\r\nkZKyq9Up4wl+PsBEQByyKfaDV904APCQ7zDvmPtwxsdNGxA76V4EpAqO\r\n-----END
PRIVATE KEY-----\r\n", "cert": "-----BEGIN
CERTIFICATE-----\nMIICjTCCAjOgAwIBAgIUA85ydnzJXRoRxeW5v2lrNk5pe+swCgYIKoZIzj0EAwIw\nWTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh\nbiBGcmFuY2lzY28xDDAKBgNVBAoTA25iZDEPMA0GA1UEAxMGY2EubmJkMB4XDTE5\nMDgxNTE0MjQwMFoXDTIwMDgxNDE0MjkwMFowLzEZMAsGA1UECxMEdXNlcjAKBgNV\nBAsTA25iZDESMBAGA1UEAxMJbmJkQ2xpZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEhyiDpPpwUyKn5+bWoqjFpUZ3xynbYZGSsqvVKeMJfj7AREAcsin2g1fd\nOADwkO8w75j7cMbHTRsQO+leBKQKjqOCAQEwgf4wDgYDVR0PAQH/BAQDAgOoMB0G\nA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud\nDgQWBBRMV5nFrtT3IpichyfayTaACbqpQDArBgNVHSMEJDAigCBLcH2ot2qhX7wR\nCP6IeDXWkgXitZ3TukhQLBZFzboaWzBzBggqAwQFBgcIAQRneyJhdHRycyI6eyJo\nZi5BZmZpbGlhdGlvbiI6Im5iZCIsImhmLkVucm9sbG1lbnRJRCI6Im5iZENsaWVu\ndCIsImhmLlR5cGUiOiJ1c2VyIiwibmJkVXNlcjEiOiJuYmRVc2VyMSJ9fTAKBggq\nhkjOPQQDAgNIADBFAiEA9/Rqd9/WtWLkR+XE1MdS4gX/JdYTqU58E8KMaShwFmkC\nIDkA2OsC0jRswweTHmzGk5z5gKcwhOrZbJTZagqpv2m4\n-----END
CERTIFICATE-----\n", "secret": "HqknKlBGzibb" }