Closed fishioon closed 2 years ago
Would be nice to see RSA verify in crypto :)
@xeioex any process?
@crasyangel we are in the process of adding node.js-like Buffer() object to work with binary data. After Buffer is done we plan to return to crypto features. Currently njs has byte-strings which is non-standard extension of ordinary String object.
@crasyangel, @drsm, @jirutka Feel free to test https://gist.github.com/xeioex/2d17327f13ca519750b4f5d6cf224e85 According to WebCrypto API
The following methods were implemented:
crypto.getRandomValues()
crypto.subtle.importKey()
format: raw, pkcs8, spki
algorithm: AES-CBC, AES-CTR, AES-GCM,
ECDSA, HKDF, HMAC, PBKDF2,
RSASSA-PKCS1-v1_5, RSA-OAEP, RSA-PSS
crypto.subtle.decrypt()
crypto.subtle.encrypt()
algorithm: AES-CBC, AES-CTR, AES-GCM,
RSA-OAEP
crypto.subtle.deriveBits()
crypto.subtle.deriveKey()
algorithm: HKDF, PBKDF2
crypto.subtle.digest()
algorithm: SHA-1, SHA-256, SHA-384, SHA-512
crypto.subtle.sign()
crypto.subtle.verify()
algorithm: ECDSA, HMAC, RSASSA-PKCS1-v1_5, RSA-PSS
see test/webcrypto/
for examples
see test/webcrypto/README.rst
for howtos
Will this WebCrypto API work with a Hardware Security Module (HSM)??
Assuming that nginx is already configured to use ssl_engine pkcs11;
@xeioex
Will this WebCrypto API work with a Hardware Security Module (HSM)??
njs module is linked against main nginx OpenSSL library. ssl_engine
registers the specified engine globally, for all library APIs. I do not have experience with OpenSSL engines, but it looks like it is going to work as well for WebCrypto API calls.
@xeioex https://gist.github.com/crasyangel/4b3a4724e1c12b37af871031973c4c15 aes/derive/digest/rsa/sign tests all passed. Note: formats changed a little
Commited in https://github.com/nginx/njs/commit/7b2b7612dc4ee6370b93462602a9892f97d155b9, will be released in 0.7.0.
WebCrypto API.