deno icon indicating copy to clipboard operation
deno copied to clipboard

Published 20 hours ago verified publisher icon denoland

Invalid RSA private key crypto.sign()

Open Vittitow opened this issue 2 years ago • 6 comments

The oracle/oci-typescript-sdk depends on a dated sshpk package. I'm attempting to switch from node to deno but I get Invalid RSA private key when signing requests going to OCI APIs. I've narrowed this down to the following reproducible steps.

Deno version

deno 1.33.1 (release, aarch64-apple-darwin)
v8 11.4.183.1
typescript 5.0.3

Generate a 2048 bit RSA key in PEM format: openssl genrsa -out ./example.pem 2048

Run the following code against the newly generated key:

import { parsePrivateKey } from "npm:sshpk@^1.17.0";

const privateKey = Deno.readTextFileSync("example.pem");
const key = parsePrivateKey(privateKey, "pem");
const data = "example text";
const signer = key.createSign("sha256");

signer.update(data);

const signature = signer.sign();

console.log(signature);

Resulting error:

error: Uncaught TypeError: Invalid RSA private key
    at SignImpl.sign (ext:deno_node/internal/crypto/sig.ts:46:37)
    at SignImpl.v.sign (file:///~/Library/Caches/deno/npm/registry.npmjs.org/sshpk/1.17.0/lib/private-key.js:161:13)
    at file:///~/Documents/repos/wmill-cloud/windmill/src/f/scripts/sshpk_issue.ts:11:21

Expected result: The data is signed with the private key which works in node.

Vittitow avatar May 03 '23 13:05 Vittitow

Same here. :( google-auth-library fails because of a similar error.

TypeError: Invalid RSA public key
    at VerifyImpl.verify (ext:deno_node/internal/crypto/sig.ts:98:16)
    at NodeCrypto.verify (file:///home/******/node_modules/.deno/[email protected]/node_modules/google-auth-library/build/src/crypto/node/crypto.js:29:25)
    at OAuth2Client.verifySignedJwtWithCertsAsync (file:///home/******/node_modules/.deno/[email protected]/node_modules/google-auth-library/build/src/auth/oauth2client.js:644:39)
    at OAuth2Client.verifyIdTokenAsync (file:///home/******/node_modules/.deno/[email protected]/node_modules/google-auth-library/build/src/auth/oauth2client.js:458:34)

punarinta avatar Oct 01 '23 10:10 punarinta

Same here with web-push lib:

TypeError: Invalid RSA private key
    at SignImpl.sign (ext:deno_node/internal/crypto/sig.ts:48:33)
    at sign (file:///Users/****/Library/Caches/deno/npm/registry.npmjs.org/jwa/2.0.0/index.js:152:45)
    at Object.sign (file:///Users/****/Library/Caches/deno/npm/registry.npmjs.org/jwa/2.0.0/index.js:200:27)
    at Object.jwsSign [as sign] (file:///Users/****/Library/Caches/deno/npm/registry.npmjs.org/jws/4.0.0/lib/sign-stream.js:32:24)
    at Object.getVapidHeaders (file:///Users/****/Library/Caches/deno/npm/registry.npmjs.org/web-push/3.6.6/src/vapid-helper.js:226:19)
    at WebPushLib.generateRequestDetails (file:///Users/****/Library/Caches/deno/npm/registry.npmjs.org/web-push/3.6.6/src/web-push-lib.js:278:40)
    at WebPushLib.sendNotification (file:///Users/****/Library/Caches/deno/npm/registry.npmjs.org/web-push/3.6.6/src/web-push-lib.js:341:29)

ewiggin avatar Nov 13 '23 20:11 ewiggin

Same here with web-push lib:

Now as of deno 1.39.1 i get a new error instead when using web-push:

TypeError: Invalid PEM label
    at SignImpl.sign (ext:deno_node/internal/crypto/sig.ts:36:33)
    at sign (file:///Users/<username>/Library/Caches/deno/npm/registry.npmjs.org/jwa/2.0.0/index.js:152:45)
    at Object.sign (file:///Users/<username>/Library/Caches/deno/npm/registry.npmjs.org/jwa/2.0.0/index.js:200:27)
    at Object.jwsSign [as sign] (file:///Users/<username>/Library/Caches/deno/npm/registry.npmjs.org/jws/4.0.0/lib/sign-stream.js:32:24)
    at Object.getVapidHeaders (file:///Users/<username>/Library/Caches/deno/npm/registry.npmjs.org/web-push/3.6.6/src/vapid-helper.js:226:19)
    at WebPushLib.generateRequestDetails (file:///Users/<username>/Library/Caches/deno/npm/registry.npmjs.org/web-push/3.6.6/src/web-push-lib.js:278:40)
    at WebPushLib.sendNotification (file:///Users/<username>/Library/Caches/deno/npm/registry.npmjs.org/web-push/3.6.6/src/web-push-lib.js:341:29)
    ...

I'm hard stuck here for now i think.

aleksanb avatar Dec 27 '23 00:12 aleksanb

Please provide a reproduction using web-push or what kind of PEM key is being used. It's hard to tell by just looking at the error.

littledivy avatar Dec 28 '23 04:12 littledivy

I found the same issue, here's a minimal repro:

 ~ deno
Deno 1.39.1
exit using ctrl+d, ctrl+c, or close()
REPL is running with all permissions allowed.
To specify permissions, run `deno repl` with allow flags.
> import { default as webpush } from "npm:web-push";
undefined
> const vapidKeys = webpush.generateVAPIDKeys();
undefined
> await webpush.sendNotification({ endpoint: "http://localhost" }, "", { vapidDetails: { ...vapidKeys, subject: "mailto:test@localhost" } });
Uncaught TypeError: Invalid PEM label
    at SignImpl.sign (ext:deno_node/internal/crypto/sig.ts:36:33)
    at sign (file:///home/matt/.cache/deno/npm/registry.npmjs.org/jwa/2.0.0/index.js:152:45)
    at Object.sign (file:///home/matt/.cache/deno/npm/registry.npmjs.org/jwa/2.0.0/index.js:200:27)
    at Object.jwsSign [as sign] (file:///home/matt/.cache/deno/npm/registry.npmjs.org/jws/4.0.0/lib/sign-stream.js:32:24)
    at Object.getVapidHeaders (file:///home/matt/.cache/deno/npm/registry.npmjs.org/web-push/3.6.6/src/vapid-helper.js:226:19)
    at WebPushLib.generateRequestDetails (file:///home/matt/.cache/deno/npm/registry.npmjs.org/web-push/3.6.6/src/web-push-lib.js:278:40)
    at WebPushLib.sendNotification (file:///home/matt/.cache/deno/npm/registry.npmjs.org/web-push/3.6.6/src/web-push-lib.js:341:29)
    at <anonymous>:1:36

mattjamieson avatar Dec 28 '23 10:12 mattjamieson

Yep getting the same with "npm:web-push" library.

phocks avatar Feb 04 '24 03:02 phocks

Yep getting the same with "npm:web-push" library.

same:

[Error] Error sending push notifications TypeError: Invalid PEM label at SignImpl.sign (ext:deno_node/internal/crypto/sig.ts:35:29) at sign (file:///tmp/sb-compile-edge-runtime/node_modules/localhost/jwa/2.0.0/index.js:152:45) at Object.sign (file:///tmp/sb-compile-edge-runtime/node_modules/localhost/jwa/2.0.0/index.js:200:27) at Object.jwsSign [as sign] (file:///tmp/sb-compile-edge-runtime/node_modules/localhost/jws/4.0.0/lib/sign-stream.js:32:24) at Object.getVapidHeaders (file:///tmp/sb-compile-edge-runtime/node_modules/localhost/web-push/3.6.7/src/vapid-helper.js:226:19) at WebPushLib.generateRequestDetails (file:///tmp/sb-compile-edge-runtime/node_modules/localhost/web-push/3.6.7/src/web-push-lib.js:278:40) at WebPushLib.sendNotification (file:///tmp/sb-compile-edge-runtime/node_modules/localhost/web-push/3.6.7/src/web-push-lib.js:341:29) at file:///home/deno/functions/push-notification/index.ts:42:20 at Array.map (<anonymous>) at Object.handler (file:///home/deno/functions/push-notification/index.ts:40:42)

JTCorrin avatar Feb 20 '24 12:02 JTCorrin