Sunday, 23 April 2017

how to use crypto verify signature with nodejs

I'm trying to use Microsoft account to login with ng2.
Now, I had get OpenId success!
So, I must verify OpenId. I'm using crypto to verify it, there are some problem!

  1. My verifySignature method

    validateSignature(source, signature, publicKey): boolean {
let verifier = createVerify('RSA-SHA256');
verifier.update(source);

console.log(signature);
console.log(publicKey);
console.log(source);

let re = verifier.verify(publicKey, signature, base64);
console.log(re);

return re;
}

  2. Wrong messages.The chrome brower show:

    ERROR TypeError: Cannot read property '2' of null
at module.exports (fixProc.js:13)
at parseKeys (index.js:18)
at verify (verify.js:10)
at Verify.verifyMethod [as verify] (browser.js:87)

  3. My problems.
    I have look nodejs crypto document,and I have some problem. Visit https://nodejs.org/api/crypto.html#crypto_class_verify
    look document below:

    const crypto = require('crypto');
const verify = crypto.createVerify('RSA-SHA256');

verify.update('some data to sign');

const publicKey = getPublicKeySomehow();
const signature = getSignatureToVerify();
console.log(verify.verify(publicKey, signature));

    I want to know whether my publicKey, signature, dataToSign is correct!

    1. my publicKey
      I get publickey from Microsoft OpenId Configratin:jwks_uri,it's looks like:

      { "kty": "RSA", "use": "sig", "kid": "1LTMzakihiRla_8z2BEJVXeWMqo", "x5t": "1LTMzakihiRla_8z2BEJVXeWMqo", "n": "......", "e": "AQAB", "x5c": [ "......" ], "issuer": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0" },
      so,my publickey is get value from key=>n.

    2. signature
      I get id_token as jwt. It has three part. jwtHeader, jwtBody and signature. so my signature looks like:
      CtYpl5CbGSP7iC4F6d2C_JDqFQUNoHRChaUzK45yEnI11-5DPM9SdM-c_4m-L_ViTLw2xBsD6z5Jw7apU2NjNhucCzgRHEQ55dyt8iLqofUxS_i0I5arryCeSPCSxalWGpj3Hgq9h7fDOtSonXBV2jGoMvMvDTOJd3ap2DmTt8u6Wt7zUuOHQ9slP0ifNz_OYjwMAtBEUJzKmXIhwG8_FO3jkcPgTcO1y_x9sxDJFwDAZ4rO9KeNodcqYp4EC0Dq2O1peeJk5Y7XUOA8nA4D2WT_v_xUVbSkA4qYmFZQbWKIVZB_BmfNNytnGlhN4WoI6jvwJI1KoBl84Ggz2EZUKw

    3. dataToSign
      I don't know which is dataToSign. But I had try it as : origin id_token value, jwtBody(json string), jwtBody(origin). and I get error above!



via NilTor
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)