Open yurikilian opened 7 years ago
Which mechanism do you use for signing and verifying? Could you share source code of signing and verifying?
Yes, of course, is the same as the example except the lib that I'm loading. See below:
var graphene = require("graphene-pk11");
var Module = graphene.Module;
var lib = "/usr/lib/libaetpkss.so.3";
var mod = Module.load(lib, "SafeSign");
mod.initialize();
var slot = mod.getSlots(0);
if (slot.flags & graphene.SlotFlag.TOKEN_PRESENT) {
var session = slot.open();
session.login("MyPassword");
// generate RSA key pair
var keys = session.generateKeyPair(graphene.KeyGenMechanism.RSA, {
keyType: graphene.KeyType.RSA,
modulusBits: 1024,
publicExponent: new Buffer([3]),
token: false,
verify: true,
encrypt: true,
wrap: true
}, {
keyType: graphene.KeyType.RSA,
token: false,
sign: true,
decrypt: true,
unwrap: true
});
// sign content
var sign = session.createSign("SHA1_RSA_PKCS", keys.privateKey);
sign.update("simple text 1");
sign.update("simple text 2");
var signature = sign.final();
console.log("Signature RSA-SHA1:", signature.toString("hex"));
// verify content
var verify = session.createVerify("SHA1_RSA_PKCS", keys.publicKey);
verify.update("simple text 1");
verify.update("simple text 2");
var verify_result = verify.final(signature);
//At this point, the result is FALSE
console.log("Signature RSA-SHA1 verify:", verify_result);
session.logout();
session.close();
}
else {
console.error("Slot is not initialized");
}
mod.finalize();
Thanks
it's interesting. I checked code you sent me with SoftHSM and pvpkcs11. It works for me
Could you try to use once
instead of update/final
?
var data = 'simple text 1';
data += 'simple text 2';
// sign content
var sign = session.createSign('SHA1_RSA_PKCS', keys.privateKey);
var signature = sign.once(data);
console.log('Signature RSA-SHA1:', signature.toString('hex'));
// verify content
var verify = session.createVerify('SHA1_RSA_PKCS', keys.publicKey);
var verifyResult = verify.once(data, signature);
// At this point, the result is FALSE
console.log('Signature RSA-SHA1 verify:', verifyResult);
No success :/
// sign content
var sign = session.createSign("SHA1_RSA_PKCS", keys.privateKey);
var data = 'simple text 1';
data += 'simple text 2';
var signature = sign.once(data);
console.log("Signature RSA-SHA1:", signature.toString("hex"));
// verify content
var verify = session.createVerify("SHA1_RSA_PKCS", keys.publicKey);
var verify_result = verify.once(data, signature);
//At this point, the result is FALSE
console.log("Signature RSA-SHA1 verify:", verify_result);
Could you print private data from you token, signature value and list of supported algorithms?
You need to update generation template too
// generate RSA key pair
var keys = session.generateKeyPair(graphene.KeyGenMechanism.RSA, {
keyType: graphene.KeyType.RSA,
modulusBits: 1024,
publicExponent: Buffer.from([1,0,1]),
verify: true,
encrypt: true,
wrap: true,
token: false,
}, {
keyType: graphene.KeyType.RSA,
token: false,
sign: true,
decrypt: true,
unwrap: true,
token: false,
private: false,
sensitive: false,
extractable: true,
});
// Print keys data
console.log("Private key");
console.log(keys.privateKey.getAttribute("publicExponent").toString("base64"));
console.log(keys.privateKey.getAttribute("modulus").toString("base64"));
console.log(keys.privateKey.getAttribute("privateExponent").toString("base64"));
console.log(keys.privateKey.getAttribute("prime1").toString("base64"));
console.log(keys.privateKey.getAttribute("prime2").toString("base64"));
console.log(keys.privateKey.getAttribute("exp1").toString("base64"));
console.log(keys.privateKey.getAttribute("exp2").toString("base64"));
console.log(keys.privateKey.getAttribute("coefficient").toString("base64"));
console.log("Public key");
console.log(keys.publicKey.getAttribute("publicExponent").toString("base64"));
console.log(keys.publicKey.getAttribute("modulus").toString("base64"));
// List of mechanisms
const mechs = slot.getMechanisms();
for (var i=0; i< mechs.length; i++){
var mech = mechs.items(i);
console.log(mech.name);
}
I've got SafeNet iKey 2032. It works for me too
I was having the same experience of @yurikilian, but after change this line:
publicExponent: new Buffer([3]),
to:
publicExponent: Buffer.from([1,0,1]),
the verifier starts to return true. I think that solved the problem.
Is this Buffer value resolves all situations or I should expect something different based on any parameter?
BTW, congrats for the API, it's amazing.
Hi,
I'm using a SafeSign SmartCard (/usr/lib/libaetpkss.so.3) to test the lib using the Signing/Verifying example (https://github.com/PeculiarVentures/graphene#signing--verifying) but not getting success.
Always the verify returns false.
Is that a problem? How can I get more debug information? I'm normally using the SmartCard in another applications...
Thanks