4

升级节点版本时出现加密模块问题。创建的 HMAC 取决于节点的版本。您将在下面找到重现问题的代码。

如果我将密钥编码为 BASE64(或任何),则 HMAC 不依赖于 node.js 版本。

如果我将它编码为二进制,那么如果我更改我的 node.js 版本,HMAC 就会不同。

[编辑] 根据为什么 crypto.createHash 在新版本中返回不同的输出?我在调用update函数时添加了编码

代码片段

"use strict";

const crypto = require('crypto');

console.log(process.version);

let key = '5ece799aa73a7a8e687876f8e0eabe2e200b967ef5728d845f72fc9ea27dbcd90cd4e06e8bc90d823ac8a54ce91f68ca37fc2e7bbf3f5ef9d82b4c6b938f1936';

let _key64 = (new Buffer(key, 'hex')).toString('base64');
console.log("B64 KEY: "+crypto.createHmac('sha512', _key64).update("hey", "binary").digest('hex').toUpperCase());

let _keyBin = (new Buffer(key, 'hex')).toString('binary');
console.log("BIN KEY: "+crypto.createHmac('sha512', _keyBin).update("hey", "binary").digest('hex').toUpperCase());

输出如下,带有 2 个版本的 node.js

v5.6.0
B64 KEY: 0DC11C737E575B17DD575042F8F372E3D63A86C3B56C06FB74C9B0AB8E96A5FC8A2DC33667280DC5B306C93AA3DECBAF0D8EDE56F3666C11BFC25A70CFC027D0
BIN KEY: E5A9F813D9AA64A6791BEA91035553FFC730DBE635D0CE7AC722C0195DFDD77A969323FDDFB4E5054E59073DAE9B9BF00CFF73CF20F2FACEE01F79F25E7B9303
v8.1.4
B64 KEY: 0DC11C737E575B17DD575042F8F372E3D63A86C3B56C06FB74C9B0AB8E96A5FC8A2DC33667280DC5B306C93AA3DECBAF0D8EDE56F3666C11BFC25A70CFC027D0
BIN KEY: 6F089BCA7A24BF6C3F8E0F75349C8B446C4E69336CF41AA7A390C9B17086417E475545197B0312B4D9240A9F0388CA8722ADCF04BFD554321290EBBCD61F800E

注意:这是这个问题的缩小范围:HMAC changes based on node version (paybox module)

顺便说一句,如果我这样做

const key = '5ece799aa73a7a8e687876f8e0eabe2e200b967ef5728d845f72fc9ea27dbcd90cd4e06e8bc90d823ac8a54ce91f68ca37fc2e7bbf3f5ef9d82b4c6b938f1936'
const bkey = (new Buffer(key, 'hex')).toString('binary');
console.log((new Buffer(bkey, 'binary')).toString('hex'));

5ece799aa73a7a8e687...没问题,无论节点的版本如何,我都会获得相同的密钥。

4

1 回答 1

3

感谢@matt解决:总结他的评论

由于https://github.com/nodejs/node/commit/b010c8716498dca398e61c388859fea92296feb3,最好将缓冲区传递给加密,通过删除.toString('binary')

所以这

"use strict";

const crypto = require('crypto');

console.log(process.version);
let key = '5ece799aa73a7a8e687876f8e0eabe2e200b967ef5728d845f72fc9ea27dbcd90cd4e06e8bc90d823ac8a54ce91f68ca37fc2e7bbf3f5ef9d82b4c6b938f1936';

let _key64 = (new Buffer(key, 'hex')).toString('base64');
console.log("B64 KEY: "+crypto.createHmac('sha512', _key64).update("hey", "binary").digest('hex').toUpperCase());

let _keyBin = (new Buffer(key, 'hex'));
console.log("BIN KEY: "+crypto.createHmac('sha512', _keyBin).update("hey", "binary").digest('hex').toUpperCase());

工作(当然)

v5.6.0
B64 KEY: 0DC11C737E575B17DD575042F8F372E3D63A86C3B56C06FB74C9B0AB8E96A5FC8A2DC33667280DC5B306C93AA3DECBAF0D8EDE56F3666C11BFC25A70CFC027D0
BIN KEY: E5A9F813D9AA64A6791BEA91035553FFC730DBE635D0CE7AC722C0195DFDD77A969323FDDFB4E5054E59073DAE9B9BF00CFF73CF20F2FACEE01F79F25E7B9303
v8.1.4
B64 KEY: 0DC11C737E575B17DD575042F8F372E3D63A86C3B56C06FB74C9B0AB8E96A5FC8A2DC33667280DC5B306C93AA3DECBAF0D8EDE56F3666C11BFC25A70CFC027D0
BIN KEY: E5A9F813D9AA64A6791BEA91035553FFC730DBE635D0CE7AC722C0195DFDD77A969323FDDFB4E5054E59073DAE9B9BF00CFF73CF20F2FACEE01F79F25E7B9303
于 2017-08-09T06:17:22.747 回答