问题
I'm trying to use WebCrypto to sign a token with RSA-PSS, but I keep getting the error:
DataError: Data provided to an operation does not meet requirements
at crypto.subtle.importKey.
This is my JavaScript code:
function signToken(token, key) {
crypto.subtle.importKey(
'pkcs8',
PEM2Binary(key),
{
name: 'RSA-PSS',
hash: { name: 'SHA-256' },
},
false,
['sign']
).then(function(privKey){
crypto.subtle.sign(
'RSA-PSS',
privKey,
new TextEncoder().encode(token)
).then(function(signedToken){
msg = JSON.stringify({ intent: 'authenticate-token', signedToken: signedToken });
socket.send(msg);
})
}).catch(function(error){
console.error(error);
})
}
function PEM2Binary(pem) {
var encoded = '';
var lines = pem.split('\n');
for (var i = 0; i < lines.length; i++) {
if (lines[i].indexOf('-----') < 0) {
encoded += lines[i];
}
}
var byteStr = atob(encoded);
var bytes = new Uint8Array(byteStr.length);
for (var i = 0; i < byteStr.length; i++) {
bytes[i] = byteStr.charCodeAt(i);
}
return bytes.buffer;
}
And the sample private key I'm using:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA3d+Y/kWq4nNrJd0dgktQ7lfDUtEIxcs10I8+xPEUhpvacotB
o787dDP4ZFYhRQf0WMjQYJwEna/NsrPuY2fgFWIBlUdpkj1SR00FBxHvnRlzP1Sg
cYnJlqh7/A26tM51nVkMtf/4NtYr+jFvRmB5759U1GRBFwZYsoWQRQlQKh5MAk89
KRc/TvrXNzam39GcLvSYz9uN0p2p2Mrofjgv42m53AqC9LOrQbwDX7Dxl0n4z3EI
Z2Ycx33QZVYiLPH1GHTJ8+JuKjqY0ovu6lghGN0y2xR+sqWNvgyW7xlDWZ6Vwyxs
K5SCIc48VwiiAyGZGhcCZloMlO5S/dutycgHhQIDAQABAoIBAQDXfef2bmu+bSNQ
LyYN+mCsXQkUUnoWwXuPCNGKLiwlYRIV1jL2ezGfdyp1KUI+7a7g3Immi2HgVXOP
cTrDyYvWuM2Y0zcyFeTn42JSr5TuHF3W0LbUD2N/tDxXXm5MVYnePTMfQXEusW0d
Hw5YaDOGDFYzwvuFBWD4YsjwhE8b12np/BZxniTzIl/blW+moocxAampj2SOc9dV
Z06Nw1gQYScclKqdASxnIsOOALhu7h0qOLAhhVgYWH6c+AC1q/72QQy9QYOW87e/
U5mkmxfjFtifYgnBGCRN5Uv5S6lnJD10z8+yR4SomVlxDTw0UkJMOT96KEhI5ICf
s1kKU2AxAoGBAPeWvNX63C+XbgDscttSNBrx6TOEwfeZiaGSxE+P+vKa3/YuVASf
rkL0xLnUTj+OhoaLzTetQ99RlUQsYkP8IQbIhiqXMHjpDTJStlHEbdJeT1fRUVF5
55S61bpYL8xLGYNvCFEmV66YuyZBAWq/DgkBG6gX2f71lHo2UJL/B/WjAoGBAOVp
Nw5/42wuwtSoynl5f0Tlbb5nruLbNMuaSAZ7ZjDVL6DXmwTyBQgg478LWB29xP2I
Or0TTPped3DeLTJrAG9Gxz6SEHfyh0lN7wc2RfS15NNfHKJwQJjuEaTR498yHWKq
UQkryU5xe3Qfr51RkFvmWzw91aUU0YwvqWDYodC3AoGBAPEBCBv6ry6cZvX7M+qN
4C6CYJBHoFAWYsSmivUvoAVcALowapR9ozGF9aE2Klzvrb92gnK59CGD1pqf4Z9v
4+4ob4Ex3nsz0Ca2IMcDQCvQpcdD97YpxeUe4UEc6pogWFt6T0w+2IcaIMKh8HEq
PM1DCNrdLNRj1P4JtPEB04ulAoGAXXIBGifftCZL+CGU7+wceizWCfPj2cYeeDys
z+8dzhBYaTTJkTcf85KqEhyF1P+CqR7/hhrBhU5Laq8lS98n+yuiZwtKKAGjN6nG
DnL+BdK9lZeta0E8Hs8CYteX8UdRjun/PjQWuJwjBEcP2o3ptnVbfmtVhfu361lS
rf8v0nsCgYAoshpslw7/qxUw7ac4xy0puMwuBBFAiQLFm5siOjZohOWYgQ3gZpl0
TJD9jBnEiH/Jpc883YzSh2bnEGZZ9wBffnhv1rjfNh6PbrcSdSKOznPEMpvw/pOB
wBnu6RWZ9mtWWIdDmYEJDqzrV7qp2w2x2foLc4oyCUKbUbQ/DvTYFQ==
-----END RSA PRIVATE KEY-----
Thanks in advance for any help.
回答1:
The header -----BEGIN RSA PRIVATE KEY----- in the PEM file is reserved to PKCS#1 keys, but WebCryptoApi does not support pkcs1, so you need to convert the key from pkcs1 to pcks8 using a tool like openssl
# openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in pkcs1.key -out pkcs8.key
来源:https://stackoverflow.com/questions/51033786/how-can-i-import-an-rsa-private-key-in-pem-format-for-use-with-webcrypto