subtle
subtle copied to clipboard
rynomad
Unable to open generated key with OpenSSL
I am using the following code to generate a pair key:
var fs = require('fs');
var SubtleCrypto = require('subtle');
SubtleCrypto.generateKey({
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 4096,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: 'SHA-256'}
}, true, ['sign', 'verify'])
.then(function (keyPair) {
SubtleCrypto.exportKey('spki', keyPair.publicKey)
.then(function (publicKey) {
fs.writeFileSync('public.der', new Buffer(publicKey));
});
SubtleCrypto.exportKey('pkcs8', keyPair.privateKey)
.then(function (privateKey) {
fs.writeFileSync('private.der', new Buffer(privateKey));
});
});
But I am unable to open them and display them with OpenSSL:
openssl x509 -inform der -in public.der -noout -text
unable to load certificate
43845:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:1341:
43845:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:845:
43845:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:765:Field=serialNumber, Type=X509_CINF
43845:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:765:Field=cert_info, Type=X509
openssl x509 -inform der -in private.der -noout -text
unable to load certificate
43936:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:1341:
43936:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:385:Type=X509_CINF
43936:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/asn1/tasn_dec.c:765:Field=cert_info, Type=X509
Am I doing something wrong or does Subtle crypto not use standard formats?
the pkcs8 format is not 1:1 compatible with OpenSSL DER format, AFAIK. There's some extra padding involved with pkcs8 specifically. you might be able to use Forge, which is used internally in subtle, to get thinks into the format you're looking for. A good starting point would be src/node/algorithms/shared/RSA.js in this repo, where you can see some of the forge usage for importing/exporting keys.
sorry I can't be of more help, I built this repo as a very thin API wrapper over other libraries simply to shoehorn the same crypto API in node/browser, so if you're looking for more thorough implementations you may be better served by forge or pkijs.org
You can concert the key to an PKCS8 with a command similar to this:
openssl pkcs8 -topk8 -v2 aes-256-cbc -out key.pem -in inkey.pem
Tangentally related you may find this post interesting: https://unmitigatedrisk.com/?p=543
This does not work? So for the above script, if I run:
openssl pkcs8 -topk8 -v2 aes-256-cbc -out key.pem -in private.der
I get:
unable to load key
39597:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY
It seems the issue is that for Webcrypto a header is being added to the file. If I remove that PKCS header from the file (first 26 bytes) then I can open it nicely. This is also what importing the file in this library does. Removes the header and then reads it with forge library.