一、私钥和公钥是要换行的,如果换行丢了,必然会解密失败,对比如下一个正确的公钥,一个错误的公钥
正确的:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK4lnJureFpR6ZwfkvsC
i5eqatbAMyZqaGlH7Ty9Pqstv5vOeUASq2Il8Wfx47EmbxuCMKmA7wP9bqw7CCVh
tmLUMO70RwM4MlR0FXJQmIdLCl1GoALzvBL/npk3k25NzHzT0xSQ41tzfZo0nhXl
Wlf624j1LkV8CmPd8lv6FcWcuGbdPuW+JuR0zY5Cm1zCBcP0ZF3+pUpXEiSPwG9G
1lRroInR+0BoauU/6vJoFK5A2pU0GclXRzqe7BWaF+a2wPj3W7WlVzBv8T0Ktnq5
k28foh/W3PX+gbX62XKBt9/AMUJqg2RISi6Nd97iI122f3ElfFkZemM8/HHF6i9g
+QIDAQAB
-----END PUBLIC KEY-----
错误的:
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0XmUiK2uvfBtCCH14kiFGp0mP +IyopW5XT5yYpkVUiwIw7BUH2+8G/FaNP0v5u+k+z6oRkdjtLBzy/MdRU9VxSAIL EvKNx3mIbemK8xiu5AL0PfarvK6NH3Rx5aY+w9EjN3W5HLSzNSkPezB2tAabzCLI iOrrH/YHbXF65uD07wIDAQAB -----END PUBLIC KEY-----
我们在界面输入公钥和私钥的时候,使用的控件一定要是多行控件,如果是单行输入框,那么会 被强制当成一行,换行就丢失了,加解密自然会失败
二、nodejs用rsa加密,lua端rsa解密如何实现
node端:直接利用crypto进行处理
const crypto = require('crypto');
generateSign: function(data, privateKey) {
console.log('sign——data')
console.log(data)
const sign = crypto.createSign('sha256').update(data, 'utf8');
const sign2 = sign.sign(privateKey, 'base64');
console.log('sign2')
console.log(sign2)
return sign2;
},
lua端:先要对signature进行base64解密,然后再进行rsa验证,主要代码如下
local decode_base64 = ngx.decode_bas
local decodedBaseStr = decode_base64(signagure)
local alg = "RS256"
local r = rsa_crypt.alg_verify[alg](data, decodedBaseStr, rsaPubKey)
print("verify rsa")
print(r)
rsa_crypt.lua
#!/usr/local/bin/lua
local openssl_digest = require "openssl.digest"
local openssl_hmac = require "openssl.hmac"
local openssl_pkey = require "openssl.pkey"
return {
alg_verify = {
["HS256"] = function(data, signature, key) return signature == alg_sign["HS256"](data, key) end,
["HS384"] = function(data, signature, key) return signature == alg_sign["HS384"](data, key) end,
["HS512"] = function(data, signature, key) return signature == alg_sign["HS512"](data, key) end,
["RS256"] = function(data, signature, key)
local pkey_ok, pkey = pcall(openssl_pkey.new, key)
assert(pkey_ok, "Consumer Public Key is Invalid")
local digest = openssl_digest.new('sha256'):update(data)
return pkey:verify(signature, digest)
end,
["RS512"] = function(data, signature, key)
local pkey_ok, pkey = pcall(openssl_pkey.new, key)
assert(pkey_ok, "Consumer Public Key is Invalid")
local digest = openssl_digest.new('sha512'):update(data)
return pkey:verify(signature, digest)
end,
["ES256"] = function(data, signature, key)
local pkey_ok, pkey = pcall(openssl_pkey.new, key)
assert(pkey_ok, "Consumer Public Key is Invalid")
assert(#signature == 64, "Signature must be 64 bytes.")
local asn = {}
asn[1] = asn_sequence.resign_integer(string_sub(signature, 1, 32))
asn[2] = asn_sequence.resign_integer(string_sub(signature, 33, 64))
local signatureAsn = asn_sequence.create_simple_sequence(asn)
local digest = openssl_digest.new('sha256'):update(data)
return pkey:verify(signatureAsn, digest)
end
}
}