I am following the tutorial Windows Azure SDK for Node.js - Compute Management to manage virtual machines.
I downloaded the pem file using azure account cert export to <Subscription GUID>.pem.
The script currently contains:
var subscriptionId ="<Subscription GUID>";
var pem = "<Subscription GUID>.pem";
var computeManagementClient = computeManagement.createComputeManagementClient(computeManagement.createCertificateCloudCredentials({
subscriptionId: subscriptionId,
pem: fs.readFileSync(pem)
}));
And when I run it from Node.js it produces the error:
C:\Apps\azure\node_modules\azure-mgmt-compute\node_modules\azure-common\lib\util\validate.js:416
throw new Error('Required argument ' + name + ' for function ' + func + ' is
^
Error: Required argument credentials.pem for function CertificateCloudCredentials is not defined
at throwMissingArgument (C:\Apps\azure\node_modules\azure-mgmt-compute\node_modules\azure-common\lib\util\validate.js:416:9)
at ArgumentValidator._.extend.string (C:\Apps\azure\node_modules\azure-mgmt-compute\node_modules\azure-common\lib\util\validate.js:426:7)
at C:\Apps\azure\node_modules\azure-mgmt-compute\node_modules\azure-common\lib\services\credentials\certificateCloudCredentials.js:35:9
at Object.validateArgs (C:\Apps\azure\node_modules\azure-mgmt-compute\node_modules\azure-common\lib\util\validate.js:478:3)
at new CertificateCloudCredentials (C:\Apps\azure\node_modules\azure-mgmt-compute\node_modules\azure-common\lib\services\credentials\certificateCloudCredentials.js:32:14)
at Object.exports.createCertificateCloudCredentials (C:\Apps\azure\node_modules\azure-mgmt-compute\lib\compute.js:54:10)
at Object.<anonymous> (C:\Apps\azure\setup.js:14:97)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
The issue is with pem: fs.readFileSync(pem). The SDK is not converting the node buffer to a string. There is an issue on Github.
Until this is fixed use toString on the buffer:
pem: fs.readFileSync(pem).toString()
Related
I am trying to communicate with a web service. In order to do that, I need to encrypt a message using the public key that I received from the web service. The doc says the following about the public key format:
Format: X.509 encoded key in ANS.1 (sic!)
(ANS.1 is ASN.1 I guess).
The public key is:
-----BEGIN CERTIFICATE-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE+ApyETIF1cXzKnU144P6lg/FcilmuQS2wBvaWp6t9OovthGmrsszd7eo4rL6Nitj1YOKETTtnwm4T+1EEyBrgwcfXAlm3FasTC/HIzhRRa+F8Yuz+UZkGvgP8Qa6B0vRob2BjhWx1PfwuWHQxGvAjiqUJ/dEMjocFuCrY5NZqwIDAQAB-----END CERTIFICATE-----
I tried to use this is a NodeJS code with the following:
const key = crypto.createPublicKey({
key: Buffer.from(publicKey),
format: 'der',
type: 'pkcs1'
});
But I received the following error:
node:internal/crypto/keys:607
handle.init(kKeyTypePublic, data, format, type, passphrase);
^
Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
at Object.createPublicKey (node:internal/crypto/keys:607:12)
at Object.<anonymous> (/XXXXXXXX/wsClient.js:16:20)
at Module._compile (node:internal/modules/cjs/loader:1149:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1203:10)
at Module.load (node:internal/modules/cjs/loader:1027:32)
at Module._load (node:internal/modules/cjs/loader:868:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)
at node:internal/main/run_main_module:23:47 {
opensslErrorStack: [
'error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib',
'error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error'
],
library: 'asn1 encoding routines',
function: 'asn1_check_tlen',
reason: 'wrong tag',
code: 'ERR_OSSL_ASN1_WRONG_TAG'
}
I can't even convert this public key using openssl into any usable format. The only way to see inside it for me was to use the following online tool:
https://lapo.it/asn1js/
Here I can at least see that the public key is valid, but I don't know how to use it in NodeJS. Converting it is also an accaptable solution for me.
After some painful hours it turns out that two things had to be done:
replace "BEGIN CERTIFICATE" with "BEGIN PUBLIC KEY" and the same for the end
They also needed to be in a separate line
After that NodeJS Crypto is able to parse the key.
Interestingly phpseclib was able to parse the key in the original format and then output it in the correct one, that's how I realized the solution.
not using curl
But following a node.js tutorial to build a sentiment analysis app for slack using IBM Watson tone analyzer. My process.env has already credentials from IBM like with the London instance url:
TONE_ANALYZER_IAM_APIKEY=<MY API KEY>
TONE_ANALYZER_URL=https://api.eu-gb.tone-analyzer.watson.cloud.ibm.com/instances/c2f8238d-
cf7a-4184-9bc2-315e0a204d3a
The index.js
const ToneAnalyzerV3 = require('watson-developer-cloud/tone-analyzer/v3');
const toneAnalyzer = new ToneAnalyzerV3({
iam_apikey: process.env.TONE_ANALYZER_IAM_APIKEY,
url: 'https://api.eu-gb.tone-analyzer.watson.cloud.ibm.com/instances/c2f8238d-cf7a-4184-
9bc2-315e0a204d3a',
version: '2017-09-21',
I'm getting this error still
Error: Insufficient credentials provided in constructor argument. Refer to the documentation
for the required parameters. Common examples are username/password and iam_access_token.
at ToneAnalyzerV3.BaseService.initCredentials (/Users/qtn3118/sentimentapp/node_modules/ibm-
cloud-sdk-core/lib/base_service.js:243:23)
at ToneAnalyzerV3.BaseService (/Users/qtn3118/sentimentapp/node_modules/ibm-cloud-sdk-core/lib/base_service.js:98:29)
at ToneAnalyzerV3 [as constructor] (/Users/qtn3118/sentimentapp/node_modules/watson-developer-cloud/tone-analyzer/v3-generated.js:57:28)
at new ToneAnalyzerV3 (/Users/qtn3118/sentimentapp/node_modules/watson-developer-cloud/tone-analyzer/v3.js:34:23)
at Object.<anonymous> (/Users/qtn3118/sentimentapp/index.js:38:22)
at Module._compile (internal/modules/cjs/loader.js:1137:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1157:10)
at Module.load (internal/modules/cjs/loader.js:985:32)
at Function.Module._load (internal/modules/cjs/loader.js:878:14)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
I tried with both API keys from "Manage" and "Service credentials" tabs from the IBM Watson dashboard - none of them work. Any one any ideas?
Try to use this way
Watson APIs Node.js SDK
import AssistantV1 from 'ibm-watson/assistant/v1';
import { IamAuthenticator } from 'ibm-watson/auth';
export const createAssistant = configs => new AssistantV1({
authenticator: new IamAuthenticator({ apikey: configs.apiKey }),
url: configs.url,
version: '2019-02-28'
});
More information about authentication is available in the SDK reference at https://cloud.ibm.com/apidocs/tone-analyzer?code=node#authentication
I need to access to the API of a service provider (for my company)
So, they gave me a 'doc' and a SSL certificate in multiple form (.jks, .p12, .pem)
I work with NodeJS so I took the .pem, inside there is 2 certificates and 1 encrypted private key.
I split the .pem in 3 files, mycert.crt.pem, mycert.key.pem, mycert2.crt.pem
(I checked on https://www.sslshopper.com/certificate-key-matcher.html to know which cert use with the key)
So my NodeJS, I used the least possible module to avoid module problem :
const cert = fs.readFileSync(path.resolve('cert', 'mycert.crt.pem'))
const key = fs.readFileSync(path.resolve('cert', 'mycert.key.pem'))
let options = {
hostname: 'https://serviceproviderurl.com',
path: 'v1/api/example',
method: 'POST',
key: key,
cert: cert
}
let req = https.request(options, function (res) {
console.log(res.statusCode)
res.on('data', function (d) {
process.stdout.write(d)
})
})
req.end()
And the error message :
Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
at Object.createSecureContext (_tls_common.js:151:17)
at Object.connect (_tls_wrap.js:1407:48)
at Agent.createConnection (https.js:125:22)
at Agent.createSocket (_http_agent.js:234:26)
at Agent.addRequest (_http_agent.js:193:10)
at new ClientRequest (_http_client.js:276:16)
at Object.request (https.js:309:10)
at Object.<anonymous> (/mnt/c/Project/test.js:74:17)
at Module._compile (internal/modules/cjs/loader.js:959:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10) {
opensslErrorStack: [
'error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib',
'error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error',
'error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error'
],
library: 'digital envelope routines',
function: 'EVP_DecryptFinal_ex',
reason: 'bad decrypt',
code: 'ERR_OSSL_EVP_BAD_DECRYPT'
I think I missed something with the 3 certificates. Also they didn't gave me a passphrase, is it normal ?
I don't have a good knowledge about SSL certificate use and I hope you can help me.
Thank you
OS: Windows 10
Node.js version: node-v8.11.4-win-x64
node-forge version: 0.7.7-dev
People,
i'm having a hard time trying to create an node.js https server.
The idea behind the server is that it's only for local loopback requests.
With it in mind and for the sake of privacy i thought of disposable self signed certificates renewed at each server restart.
Following suggestions i'm trying to use the node-forge module to generate the disposable certificates.
Reading their instructions at https://www.npmjs.com/package/node-forge i came with a very simple code:
var https = require('https');
var forge = require('node-forge');
forge.options.usePureJavaScript = true;
var pki = forge.pki;
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear()+1);
var attrs = [
{name:'commonName',value:'example.org'}
,{name:'countryName',value:'US'}
,{shortName:'ST',value:'Virginia'}
,{name:'localityName',value:'Blacksburg'}
,{name:'organizationName',value:'Test'}
,{shortName:'OU',value:'Test'}
];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.sign(keys.privateKey);
var pem_pkey = pki.publicKeyToPem(keys.publicKey);
var pem_cert = pki.certificateToPem(cert);
console.log(pem_pkey);
console.log(pem_cert);
https.createServer( { key:pem_pkey, cert:pem_cert },(req,res)=>
{
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(443);
then it emits an error i make absolutely no idea what's about:
E:\forge_case\node-v8.11.4-win-x64>node.exe index.js
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTmxd1fWK+XL2Cp5+n82
mSe6iqM3qvwMEC+pIAlhpbangujOzKghnJaX4QsmBBBumNRN3zR2UOUAeYHmPS8v
3dbmgStB023aiFJ82ozewuGlykdQUFxWfR+OUA3xZcFZ7Ma+67tSJNtnkW4wNhzR
XImTCHYknu2dBAm7V2tGZKq/ZrKnY+f1VTW9t3jpw55ACjsFkMfqUenfDDAVFMwm
NnRpX1ecyVd2TEoeQ95k+q4Exm5AbxuqVMXVKHXMNZlq2ftG8tcrYS95Z3cAakVm
sxX8/BMZGZILG/30fdLPL8bZqGV+BXzz2AJ0egKLivunPtRpyI+Id0v1jYsrZ/9L
YwIDAQAB
-----END PUBLIC KEY-----
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMRQwEgYDVQQDEwtleGFt
cGxlLm9yZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCFZpcmdpbmlhMRMwEQYDVQQH
EwpCbGFja3NidXJnMQ0wCwYDVQQKEwRUZXN0MQ0wCwYDVQQLEwRUZXN0MB4XDTE4
MDgyMTE5Mzk1N1oXDTE5MDgyMTE5Mzk1N1owaTEUMBIGA1UEAxMLZXhhbXBsZS5v
cmcxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTETMBEGA1UEBxMKQmxh
Y2tzYnVyZzENMAsGA1UEChMEVGVzdDENMAsGA1UECxMEVGVzdDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJE5sXdX1ivly9gqefp/NpknuoqjN6r8DBAv
qSAJYaW2p4LozsyoIZyWl+ELJgQQbpjUTd80dlDlAHmB5j0vL93W5oErQdNt2ohS
fNqM3sLhpcpHUFBcVn0fjlAN8WXBWezGvuu7UiTbZ5FuMDYc0VyJkwh2JJ7tnQQJ
u1drRmSqv2ayp2Pn9VU1vbd46cOeQAo7BZDH6lHp3wwwFRTMJjZ0aV9XnMlXdkxK
HkPeZPquBMZuQG8bqlTF1Sh1zDWZatn7RvLXK2EveWd3AGpFZrMV/PwTGRmSCxv9
9H3Szy/G2ahlfgV889gCdHoCi4r7pz7UaciPiHdL9Y2LK2f/S2MCAwEAATANBgkq
hkiG9w0BAQUFAAOCAQEAgTGiTF6BDLX3w1PfJxXYYzVBoN8NlL979mcfRVhvLH/N
lEaaQvGhDSrp97s9K0kEw3A16WzUwnysoX1uOdlHHp78v2tXaffDzXTnH75CN4pd
qNHuy05AFIoiBujZR67OR4ipcKZ9USYz0QZysMFyzCxum2btLPvrs+onIxdvsuA+
Xe9vFxj+AJ4hv03tDuQXj+pZ2dflWyy5ZdaMDeUjWtSK9MHPn6rs5Fs340B4NnxL
3Y6RKDj4CerGbtufR73UNirNfmbqiAybZ6vG1RaL2oBiHdoJfpB/FLm7QFn34apq
A1Kd1VPShBC4G/4S+0E6U84D4xNJcjT6NfzDGBD6Ng==
-----END CERTIFICATE-----
_tls_common.js:104
c.context.setKey(options.key, options.passphrase);
^
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.createSecureContext (_tls_common.js:104:17)
at Server (_tls_wrap.js:805:25)
at new Server (https.js:54:14)
at Object.createServer (https.js:76:10)
at Object.<anonymous> (E:\forge_case\node-v8.11.4-win-x64\index.js:33:7)
at Module._compile (module.js:652:30)
at Object.Module._extensions..js (module.js:663:10)
at Module.load (module.js:565:32)
at tryModuleLoad (module.js:505:12)
at Function.Module._load (module.js:497:3)
Any ideas? thanks!
var pem_pkey = pki.priateKeyToPem(keys.privateKey);
a friend of mine lost her password for a BitGo account. her "Key Card" contains her private key in the form (actual info redacted for security reasons):
User Key:
{"iv":"IDMkr...UH4g0TBCofAcIg","v":1,"iter":10000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"lI8k...vhX0","ct":"Kf...LOmgbn67w2CRYBhcXtX
0wdPF3D7ThCKaeZhTymin9hcMD5eL...AosmmvfA8npiDIHWgvdbHAk"}
and it's clear that the "ct" (ciphertext) was encrypted using AES 256 CCM. I've found a module (https://github.com/spark/node-aes-ccm) that will help me decrypt the private key ("ct") but the docs for the module are not very helpful:
decrypt(key, iv, ciphertext, aad, auth_tag)
key, iv, plaintext, aad, and auth_tag are all Buffer objects. decrypt will return an object like the following:
{
plaintext: Buffer,
auth_ok: Boolean
}
so other than that the parameters are buffers, there's no description for them... however, it seems I've got everything I need except the key. from reading the docs on a related module (https://github.com/xorbit/node-aes-gcm):
key is a 16, 24 or 32-byte Buffer object containing the AES key used
for encryption
I gather this is the key with which the private key was encrypted, but where would I get that and how does it relate to the lost password?
any help greatly appreciated
* Addendum I *
my friend figured out the password so following Ben's advice below I thought to try it. the code is straightforward:
var sjcl = require('sjcl-all');
var s = sjcl.decrypt("ThePassword", {
"iv":"IDMkrTa5UH4g0TBCofAcIg",
"v":"1",
"iter":"10000",
"ks":"256",
"ts":"64",
"mode":"ccm",
"adata":"",
"cipher":"aes",
"salt":"lI8kABgvhX0",
"ct":"KfJUrLOmgbn67w2CRYBhcXtX0wdPF3D7ThCKaeZhTymin9hcMD5eLHIUAosmmvfA8npiDIHWgvdbHAk"
}
);
console.log(s);
but when I run it, it pukes with the exception below:
/Users/ekkis/Development/decrypt/node_modules/sjcl-all/sjcl.js:66
c="{",d="";for(b in
a)if(a.hasOwnProperty(b))switch(b.match(/^[a-z0-9]+$/i)||p(new
sjcl.exception.invalid("json encode: invalid property
name")),c+=d+'"'+b+'":',d=",",typeof a[b]){case "number":case
"boolean":c+=a[b];break;case
"string":c+='"'+escape(a[b])+'"';break;case
"object":c+='"'+sjcl.codec.base64.fromBits(a[b],0)+'"';break;default:p(new
sjcl.exception.bug("json encode: unsupported type"))}return
c+"}"},decode:function(a){a=a.replace(/\s/g,"");a.match(/^{.*}$/)||p(new
sjcl.exception.invalid("json decode: this isn't json!"));
TypeError: a.replace is not a function
at Object.decode (/Users/ekkis/Development/decrypt/node_modules/sjcl-all/sjcl.js:66:438)
at Object.decrypt (/Users/ekkis/Development/decrypt/node_modules/sjcl-all/sjcl.js:65:473)
at Object. (/Users/ekkis/Development/decrypt/buff.js:3:14)
at Module._compile (module.js:571:32)
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:488:32)
at tryModuleLoad (module.js:447:12)
at Function.Module._load (module.js:439:3)
at Module.runMain (module.js:605:10)
at run (bootstrap_node.js:425:7)
so it complains that the json isn't json. but it looks fine to me! any help greatly appreciated
This encrypted JSON blob is produced by the SJCL library (https://www.npmjs.com/package/sjcl). A decryption would be done using sjcl.decrypt("password", json_blob). However, if your friend hasn't already been in touch with BitGo [support at bitgo.com], I recommend that route first.