2015-08-13 23:17



I am verifying the identity of the sender of a piece of data. I am provided the RSA public key in a PEM format and I know the data is passed through the SHA256 hashing function. The equivalent verification on the node.js platform:

Ticket.prototype.verify = function (ticket) {
    if (!ticket) return null;

    var pubkey = fs.readFileSync('/etc/SCAMP/auth/ticket_verify_public_key.pem');

    var parts = ticket.split(',');

    if (parts[0] != '1') return null;

    var sig = new Buffer(parts.pop().replace(/-/g,'+').replace(/_/g,'/'), 'base64');

    var valid = crypto.createVerify('sha256').update( new Buffer(parts.join(',')) ).verify( pubkey, sig )

Which can verify:


by splitting on the last ,. The left side of the split is the ticket data I care about, the right side is the signature which I need to verify before I can use the ticket data.

I have tried to port the logic to go:

func TestSigVerification(t *testing.T) {
    block, _ := pem.Decode(signingPubKey)
    if block == nil {
        t.Errorf("expected to block to be non-nil CERTIFICATE", block)

    key, err := x509.ParsePKIXPublicKey(block.Bytes)
    if err != nil {
        t.Errorf("could not parse PKIXPublicKey: `%s`", key)

    rsaPubKey, ok := key.(*rsa.PublicKey)
    if !ok {
        t.Errorf("couldn't cast to rsa.PublicKey!")

    ticket,_ := ParseTicketBytes(fullTicketBytes)

    h := sha256.New()
    digest := h.Sum(nil)

    err = rsa.VerifyPKCS1v15(rsaPubKey, crypto.SHA256, digest, ticket.Signature)
    if err != nil {
        t.Errorf("could not verify ticket: `%s` (digest: `%v`)", err, digest )

But I'm pretty sure VerifyPKCS1v15 is not equivalent to node's crypto.createVerify and this test case fails. What should I be using? How can I use the public key to decrypt the signature and get the sha256? once I have the decrypted sha256 value I could just do a basic comparison with the sha256 I have generated.

Here's a runnable playground example:

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • dongmi4035 dongmi4035 6年前

    I tried running your code and it doesn't look like your ticket is well formed. It's not long enough. Where did you get the value from?

    Double check that ticket -- that may just be enough to get you going.

    点赞 评论 复制链接分享
  • dongxia1390 dongxia1390 6年前

    Though I couldn't get it to work, I suspect the issue is that you'll need to convert the sig from base64 into bytes via the base64 encoding. See this example here: (especially lines 23 to 28, where they have to encode the sig from bytes to base64 string to print it, then feed the byte version into the sig check, indicating that you have to use the byte version and not base64 string)

    Which I stumbled across on this post: Signing and decoding with RSA-SHA in GO

    I've found that golang generally expects bytes everywhere in byte encoding. I tried to decode your sig string from base64 to bytes however, even after replacing the '-' with '+' and the '_' with '/' it still won't work, for reasons unknown to me:

    At the very least this seems to indicate that maybe your sig is bad? If it isn't valid base64? I think if you can find a way to solve this the rest should work!

    点赞 评论 复制链接分享