slic客户端和Xebo服务器之间通信过程中加密敏感信息.
slic采用nodejs的Crypto模块.
Xebo采用OpenSSL库.
试验通信过程中遇到的主要问题及解决方法记录如下:
1.客户端公钥证书含”Certificate:”内容,加密报一下错误:
Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
换成只有公钥的证书,则正确.
js测试代码:
///< rsa加解密
var pem = fs.readFileSync('yoopa_3.cer');
///< 公钥加密
var key = pem.toString('ascii');
var buf = new Buffer(sk);
var endata = crypto.publicEncrypt({key:key,padding:crypto.RSA_PKCS1_PADDING},buf);
fs.writeFileSync('endata.txt',endata,{encoding:'binary'}); ///< 生成文件用于c++服务程序解密
///< 私钥解密
var priv_key = fs.readFileSync('yoopa_3.key');
var pkey = priv_key.toString('ascii');
var dedata = crypto.privateDecrypt({key:pkey,passphrase:'123456',padding:crypto.RSA_PKCS1_PADDING},endata);
console.log('decrypted data='+dedata);
2.服务端证书采用私钥证书,报以下错误:
error:0906D06C:PEM routines:PEM_read_bio:no start line
更换为包含公钥和私钥的证书则正确.
3.服务端用私钥解密数据报以下错误:
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
// int ret = RSA_private_decrypt(inlen, indata, *outdata, rsa, RSA_PKCS1_PADDING);
改变填充方式后错误消失,且解密信息正确.
int ret = RSA_private_decrypt(inlen, indata, *outdata, rsa, RSA_PKCS1_OAEP_PADDING);
客户端改变填充方式为RSA_PKCS1_OAEP_PADDING,解密不改变,加解密正常! —-
填充设置不起作用?
var endata = crypto.publicEncrypt({key:key,padding:crypto.RSA_PKCS1_OAEP_PADDING},buf);
nodejs对publicEncrypt的解释:
public_key can be an object or a string. If public_key is a string, it is treated as the key with no passphrase and will use RSA_PKCS1_OAEP_PADDING.