nodejs Crypto使用

slic客户端和Xebo服务器之间通信过程中加密敏感信息. 

slic采用nodejs的Crypto模块.

Xebo采用OpenSSL库.

 

试验通信过程中遇到的主要问题及解决方法记录如下：

1.客户端公钥证书含"Certificate:"内容，加密报一下错误：
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
换成只有公钥的证书,则正确.

js测试代码：

///< rsa加解密
var pem = fs.readFileSync('yoopa_3.cer');
///< 公钥加密
var key = pem.toString('ascii');
var buf = new Buffer(sk);
var endata = crypto.publicEncrypt({key:key,padding:crypto.RSA_PKCS1_PADDING},buf);

fs.writeFileSync('endata.txt',endata,{encoding:'binary'}); ///< 生成文件用于c++服务程序解密

///< 私钥解密
var priv_key = fs.readFileSync('yoopa_3.key');
var pkey = priv_key.toString('ascii');
var dedata = crypto.privateDecrypt({key:pkey,passphrase:'123456',padding:crypto.RSA_PKCS1_PADDING},endata);
console.log('decrypted data='+dedata);

2.服务端证书采用私钥证书,报以下错误:
error:0906D06C:PEM routines:PEM_read_bio:no start line
更换为包含公钥和私钥的证书则正确.

3.服务端用私钥解密数据报以下错误：
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
// int ret = RSA_private_decrypt(inlen, indata, *outdata, rsa, RSA_PKCS1_PADDING);
改变填充方式后错误消失，且解密信息正确.
 int ret = RSA_private_decrypt(inlen, indata, *outdata, rsa, RSA_PKCS1_OAEP_PADDING);
 
 客户端改变填充方式为RSA_PKCS1_OAEP_PADDING,解密不改变,加解密正常! ----填充设置不起作用？ 
 var endata = crypto.publicEncrypt({key:key,padding:crypto.RSA_PKCS1_OAEP_PADDING},buf);
 
nodejs对publicEncrypt的解释:
public_key can be an object or a string. If public_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING.