Usage in Electron

[aleclarson]

It seems that Electron doesn't support OpenSSL due to a conflict with Chromium's BoringSSL. https://github.com/electron/electron/issues/1410#issuecomment-152407010

Also evident by the error thrown when trying to use node-gyp:

In file included from ../src/ursaNative.cc:3:
../src/ursaNative.h:13:10: fatal error: 'openssl/rsa.h' file not found
#include <openssl/rsa.h>
         ^

1. How can I use ursa with Electron?
2. Does BoringSSL provide everything ursa uses?

Thanks!

edit: Maybe this could help: https://github.com/nodejs/node-gyp/wiki/Linking-to-OpenSSL

edit2: Also found this, but might be too much effort?

[dsagal]

Same problem here. @aleclarson, have you found a solution?

[aleclarson]

@dsagal Nope 😢

[dsagal]

It does not seem like @zcbenz's "wontfix" comment in #1410 still applies today. Is there any reason not to include deps/openssl into the electron's headers bundle created in create-node-headers.py? I think that would resolve this issue. [Update: since this is the wrong forum, I asked this question as an electron issue instead.]

[dsagal]

@aleclarson and anyone else struggling with this. Until we hear back from electron folks, you can build like so:

npm_config_runtime=electron npm_config_target=1.7.11 \
    npm_config_disturl="https://electron-headers-openssl.s3.amazonaws.com/atom-shell/dist" \
    npm build node_modules/ursa

The disturl is a bundle I build from electron which includes openssl. I only built it for version 1.7.11 (but it's easy to build for any version).

In addition, here's a fork of ursa https://github.com/gristlabs/ursa which allows different versions of the native module to exist side-by-side (so that you can build for node and for electron, and run either one). Depending on feedback here, I'll decide whether it's worth asking to incorporate it upstream.

[Delfshkrimm]

hi @dsagal, could you provide a quick howto for building a version of electron with openssl headers for current electron versoin (@2.0.9) not really sure how to do so. Thx !

[dsagal]

What I used for 1.7.11 release is here: https://github.com/dsagal/electron/tree/openssl-fix (see my commits on that branch).

Just tried to apply it to the 2.0.x branch -- a few things changed so it's not very quick. Will need to dig a bit deeper when I have time.

[dsagal]

Well, I could help if I could build the current electron version, but I can't seem to do THAT, and don't have time to dig into that. Now, if you can build electron @2.0.9, then try this branch https://github.com/dsagal/electron/tree/openssl-fix-2.0.x (it's a one-line change to script/create-node-headers.py, and a helper file upload-openssl-headers.sh to create and upload headers). Change the S3 Bucket to something you have access too, and please share if that worked or where you got stuck.

[dsagal]

FYI I pushed headers with openssl for electron versions 2.0.9 and 3.0.7, available with

npm_config_disturl=https://electron-headers-openssl.s3.amazonaws.com/atom-shell/dist

On electron branches 2x and 3x, I can add more versions easily, or you can make your own repo using the fork/branch at https://github.com/dsagal/electron/tree/openssl-fix3, script ./upload-openssl-headers.sh (instructions in top comment of that script).

[coolaj86]

Node now has native support for generating RSA and ECDSA keypairs as of v10.12 (and technically it had support for ECDSA much sooner, but it was disguised under ECDH).

Could you use the node native support and something lightweight like Rasha.js or Eckles.js to import / export JWK, PEM, and SSH keys? Or do you need specifically need ursa?

I feel like crypto has been really challenging in JavaScript for a long time, but I'm hopeful that with native key generation and signing both and node and in the browser, we won't have to worry as much with the compiled and heavyweight libs much longer (hence I'm actively building libs like the aforementioned to solve this).

[dsagal]

This is a really useful comment for this thread. Yes, the new crypto methods (like crypto.generateKeyPairSync) seem sufficient. These were added in v10.12, which is not yet part of Electron. So we need to wait a bit longer for this to become available natively in Electron.