dongyejun1983 2019-06-20 18:23
浏览 453

我可以在NodeJS中生成密钥对,使用公钥在PHP中加密数据,在NodeJS中解密吗?

Requirements:

Essentially I have a series of devices (running NodeJS) that need to maintain their own unique private and public keys. They communicate with a centralized server in PHP by pulling content.

When a new device starts up, I would like it to generate a private and public key and send only the public key to the PHP server to be stored.

When a device runs a GET request on the PHP server, the server should use the public key it was provided to encrypt the data.

When the device receives this response, it should be able to use the private key to decrypt this data.

Currently:

I am currently generating a private and public key pair using keypair. I send the public key to the PHP server to be stored and associated with the unique device.

I encrypt the data on the PHP server using EasyRSA:

$message = "Decrypt me if you can";
$publicKey = new PublicKey($storedPublicKey);
$encrypted = EasyRSA::encrypt($message, $publicKey);
return $encrypted;

With this encrypted string being returned to the NodeJS app, I then try to decrypt it using NodeRSA (where response is the string response from the PHP server):

const key = new NodeRSA(storedPrivateKey)
const result = key.decrypt(response)

However it errors out with:

Error during decryption (probably incorrect key).

I believe I am missing something fundamental here, but am unsure on what that may be. Any thoughts?

  • 写回答

1条回答 默认 最新

  • dqt20140129 2019-06-24 07:28
    关注

    EasyRSA and NodeRSA aren't compatible.

    EasyRSA is a wrapper for the PHP Secure Communications Library (phpseclib). It's not a pure RSA encryption, but a hybrid encryption: RSA is used for asymmetric encryption and defuse/php-encryption for symmetric encryption. EasyRSA is described in more detail here, defuse/php-encryption uses AES-256-CTR in its core and is described here. The message to the recipient contains among other things the secret encrypted with the public RSA key and the plaintext encrypted with the symmetric key, where each component is Base64-encoded and all components are concatenated, separated by a $. Details can be found in the encrypt-method of the EasyRSA-class. An example is:

    EzR2$D6rpL1QleeNLWhqj27VZf/nyyau6i0AIWyGR0G/2Z8tLDp5VbrcIrg9hROG6MMSH1+SLHKyU45+P+V2LAgm7pSnsi3rxVmHnfCXVYIuZDvzpov520tFa5IWHtvFDKCKzckDcJmI3g50RGShDXuYGCPpDy1XpSoP3dGMfkf9Dsj+Y6YLrFwEACoS16azfQ9iiWr7yK2xx66OHAzZqIDyxNRJS3jJUVrcykSkpx4fSgplaKf36yRGoApNXR6/m8CyBpHw3GWe3GMLZi33nmW0DOGTK/eJZJII7Xx7k6nThU1t4thKyvNLIp2JYaUMmYmvwD3R7D3X++twDhTp77hEMfAe0eaVC6P2mAa8I2zIpqlqnqHslXUpqwUxgwaULJSlQiaBex2U1e75onaHu9UDLjV/VK7jgiYgdwq5psHEC4Ig+Xj183mMS8+hWGLHUiLaC+/zcliZaNKYuBihZg9kn7fAwlmgUZT671+bvHONYaDgQg9ULd5QBYlalVIU3BZZPKgvYjk+aLgljv+sExhUmvudWe0FQQGbgLncC8rx7xJzRHMq4qpKgKYtp49b5Gk0OrRYfukQsY9fIc/4m7y67oPBYhJCOSqR0P5YFA9W7wx2C4gpZaYYq0LOAbcNXtfn4QZ8gpxhytQQ0c/Scus0jN8UyOgx8FWF1zlXc7Cu4UAk=$3vUCABOzsE0AWMMPy+EWtmAQheAq5oYVfOF7TapT1LoFn72UHbYNjpD2LgG7w6ZCQjRtLFzFZc17Ntme/LvWK97cV1+mOIpk+j6V6WHZRbwb36iBTGhACZUFTMPiSLPfTXJRu+tQkwi8$2f933da952b7c683

    Such a message can't be decrypted directly by NodeRSA because NodeRSA expects a pure RSA message. In principle the decryption is possible, but would have to be done manually on the NodeJS side with probably relatively high effort (the main tasks would essentially include the RSA decryption of the secret, the derivation of the symmetric key from that secret, and finally the AES decryption). Since NodeRSA only covers the RSA part, the remaining parts require additional libraries or custom code on the NodeJS side.

    Note that the EasyRSA page, section Important warns of a possibly insufficient security.

    评论

报告相同问题?

悬赏问题

  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致
  • ¥15 apm2.8飞控罗盘bad health,加速度计校准失败
  • ¥15 求解O-S方程的特征值问题给出边界层布拉休斯平行流的中性曲线
  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)