5

I see how to create HMAC 256 encrypted JWTs in NodeJS using Crypto, and the jsonwebtoken library. It's pretty easy

    //encrypt & sign with HS256
    const jwt   = require('jsonwebtoken');
    const pass  = crypto.randomBytes(256).toString('hex');
    const A     = {algorithm:'HS256'};

    const token = jwt.sign({ foo: 'bar' }, pass, A);

   //decrypt & verify
   jwt.verify(token, pass, A, function(err, decoded)
   {
      console.log('decode ',decoded);
      console.log('err    ',err);

      res.send({error:err, text:decoded});
   });

I would like to replace 'pass' with an 'RSA 256 SHA', and A with {algorithm:'RS256'}

In node crypto JS's documentation I see the command

const sign = crypto.createSign('RSA-SHA256');

to create the rsa-sha256

However then the documentation has the function

getPrivateKeySomehow()

Which is not defined or part of crypto.getPrivateKeySomehow()

So I guess I just need help getting the RSA-SHA-256 string returned from crypto, so that I can pass that into jsonwebtoken to sign my JWT.

Note: I do not want to read a private.key from a static file on my server because i see having a single private key for all my users as too big a security risk, hence why i am generating my own 256 bytes passwords and storing them off-site (not included in this post)

also, i'm not sure if i should do something like this (without using something like openssl from command line?)

const begin = '-----BEGIN RSA PRIVATE KEY-----\n';
const enc   = crypto.randomBytes(256).toString('base64') + '\n';
const end   = '-----END RSA PRIVATE KEY-----'
const pass = sign.sign(begin + enc + end);
const A = {algorithm:'RS256'};
const token = jwt.sign({ foo: 'bar' }, pass, A);
Improve this question

1 Answer 1

Reset to default
9

Take a look at this example bellow:

signExample = (str) => {
    crypto.generateKeyPair('rsa', {
        modulusLength: 1024,
        publicKeyEncoding: {
        type: 'spki',
        format: 'pem'
        },
        privateKeyEncoding: {
        type: 'pkcs8',
        format: 'pem'
        }
    }, (err, publicKey, privateKey) => {
        // sign String
        var signerObject = crypto.createSign("RSA-SHA256");
        signerObject.update(str);
        var signature = signerObject.sign({key:privateKey,padding:crypto.constants.RSA_PKCS1_PSS_PADDING}, "base64");
        console.info("signature: %s", signature);
        //verify String
        var verifierObject = crypto.createVerify("RSA-SHA256");
        verifierObject.update(str);
        var verified = verifierObject.verify({key:publicKey, padding:crypto.constants.RSA_PKCS1_PSS_PADDING}, signature, "base64");
        console.info("is signature ok?: %s", verified);
    });
}

Steps:

  • First you create an key pair with crypto.generateKeyPair('rsa', { ... desired key options
  • Create a Sign object - crypto.createSign("RSA-SHA256")
  • The string wanted to be signed - SignerObject.update(str)
  • Sign the string with your private key - signerObject.sign(
  • Option to salt - padding:crypto.constants.RSA_PKCS1_PSS_PADDING
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.