2

我有 2 个不同的网络软件。在其中之一,我想使用来自服务器的公钥加密浏览器中的用户数据,并将加密的用户数据存储在数据库中。之后,我希望有可能在服务器端或浏览器上解密这些数据。

我试图创建概念证明 - 它适用于由 Web Cypto API 本身生成的密钥,但无法使用来自其他来源的密钥。

如何重现:

我使用 OpenSSL Ruby 标准库创建了 RSA 密钥

require 'openssl'

rsa = OpenSSL::PKey::RSA.new(2048)
puts rsa.to_s
puts rsa.public_key.to_s

我正在尝试使用它们通过 Web Crypto API 加密/解密消息。但是我在导入私钥时遇到了错误。在 DevTools 中,我认为它Error没有回溯。

有人可以建议我如何实现目标?

function arrayBufferToString(buf) {
  let bytes = new Uint8Array(buf);
  return bytes.reduce((str, byte) => str + String.fromCharCode(byte), "");
}

function stringToArrayBuffer(str) {
  let buf = new ArrayBuffer(str.length);
  let bufView = new Uint8Array(buf);
  for (var i = 0, strLen = str.length; i < strLen; i++) {
    bufView[i] = str.charCodeAt(i);
  }
  return buf;
}

function base64ToBinary(str) {
  return atob(str);
}

function binaryToBase64(str) {
  return btoa(str);
}

(async function main() {
  console.clear();
  var content = "hello world!"; //+ Math.random();
  console.log("content: ", content);

  let algorithmOptions = {
    name: "RSA-OAEP",
    modulusLength: 2048,
    publicExponent: new Uint8Array([1, 0, 1]),
    hash: "SHA-256"
  };

  let rsaPrivate =
    "-----BEGIN RSA PRIVATE KEY-----\n" +
    "MIIEogIBAAKCAQEAqnXo4TWhiUaDpiQBArFq5B22JB2ebKlAvQMbDrOakK8Tactj\n" +
    "zg64ZTXwZhadVcfPwFvoS45O6LkIZL+o7F9N7WnlRiT5SXgwkPzQ75l2EcGqZKgK\n" +
    "lyCl5THuD2RRMOTJI1bzmx8DO/f7LMHr3xUGtdHXzqICxIUwa5B0RTvHG/j6Wirk\n" +
    "Z51ArwQa5ZrtyGXJoupgws0LZRuadJBkbIRUaaujv1pA25Dmzu7pODr3S2XWqIYy\n" +
    "cfJqxgIGvNJ7LHTEPLBWh1xCc0MNf3C9cZNEsVmDgGCYS4oeKuBbUoqF6eirQHC6\n" +
    "rkW+4KwE/Rvo6LZVrtl1vh6vI+rVt6wvoWydYQIDAQABAoIBAB+xZogg6ZTVaHrG\n" +
    "bO2sQPyCza+vVhpL6b56ylgUaqOF+a0M5NSWBhDDU5wXjk85pFXWgL0zi1ZXuMjK\n" +
    "ncS8/4cpzjgZfcP8NcNvTgWOWdZ5VI38dGOe7VlMzD9OXo4hq4gHjamEvZwzwh6T\n" +
    "O6CxjxrVFjPUCYGyZctKA2Qv9hgsB9Nq7EV5z/VErN33OI1edHeMIdZ0tvahQNrY\n" +
    "2It26hKsxSKAowm7H+NG0fJsVUmN0m1Ou0od9tqzX6XwOgycUvvdr5iHrECHFMDe\n" +
    "be5iZ19evzai8gdxr4ZkWdF5P7+VltI7vlKpHKUvx/I/mO/XWq4yo4efEoLYWjfe\n" +
    "Vz8OG7ECgYEA2yAesiDs3buYAQ8nEVje6sn/jr2PgtXXo6TXHbd3NNCnvbt71LWw\n" +
    "5P8dUqqiIwKskjargEU0HphQKmUubnSdYdl+rLpwcCsRn/0kBX1+89vv7XWnn20i\n" +
    "j07IUtsHev40xK3joJcJ1eHsHjkljJaMsRvGilo8V7eh5p8WkfDA4jUCgYEAxyVR\n" +
    "DQSc0U/O9++euv9LVUxqISaSG866/k9HP++IKhcN3Gh3gcJJcMETgtH0sEa5ut9K\n" +
    "AzC61OTZqpB+t1bVOpdzj2h4K0YVy2FVAB/wpZcoslrD4hC6Zh7tcUlfrdo3Pj+i\n" +
    "1cJzqaqZDVv0Rtxwz9ekWkBi9V+pPWohntZas/0CgYBRTS2WcdjwvDW9zt1z9kFf\n" +
    "Y+tKDtM8fBMySGr4P6YfFnvmTbW4SmGD1ZQPo/fcfZWB+n7PbN3VrDWyRTBhEyuB\n" +
    "rqztcY9eTtyPO+EtmE6ONEBlHo4+/MMh4N06wMGZxM/XWZ1nbCLeFKEC5bkk3Ib+\n" +
    "/4s+shRJh3yukMBTDbzDMQKBgH7Rtc7LfC4TW+MqdnPxNgEo+4EG9g69VPm0dNQz\n" +
    "bwwWyF3vLQO2PVyPqCQsHl3PfGGT5qcndiMzZaYoBHou0vVQE2hlB/nO1PxCjIXa\n" +
    "0T4yh9kk0g95xapY0a7OIh8tkvaSQdlMzqlimbsXLvWdVj4VvnU3AY3vEHCq0KQ9\n" +
    "L1/lAoGAbRAVMic9JDVqjpxfjAeL1E9w30m59vDCIEjJdMGX5BHOea7iVbQshilb\n" +
    "yo+1s+QfWVNT0jOTzo4VPRomRNbdEIMb5W/M3zv+cUAmnCJymHUBiBP0N+ZO8+g8\n" +
    "lEB3MJBdfsiKxMiX69jcoU1fB8tAwwE3hWSmkNKuvvzjOgxhtgQ=\n" +
    "-----END RSA PRIVATE KEY-----";
  let rsaPrivateBase64String = rsaPrivate.split("\n").slice(1, -1).join("");
  // console.log("rsaPrivateString", rsaPrivateBase64String);

  let rsaPublic =
    "-----BEGIN PUBLIC KEY-----\n" +
    "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnXo4TWhiUaDpiQBArFq\n" +
    "5B22JB2ebKlAvQMbDrOakK8Tactjzg64ZTXwZhadVcfPwFvoS45O6LkIZL+o7F9N\n" +
    "7WnlRiT5SXgwkPzQ75l2EcGqZKgKlyCl5THuD2RRMOTJI1bzmx8DO/f7LMHr3xUG\n" +
    "tdHXzqICxIUwa5B0RTvHG/j6WirkZ51ArwQa5ZrtyGXJoupgws0LZRuadJBkbIRU\n" +
    "aaujv1pA25Dmzu7pODr3S2XWqIYycfJqxgIGvNJ7LHTEPLBWh1xCc0MNf3C9cZNE\n" +
    "sVmDgGCYS4oeKuBbUoqF6eirQHC6rkW+4KwE/Rvo6LZVrtl1vh6vI+rVt6wvoWyd\n" +
    "YQIDAQAB\n" +
    "-----END PUBLIC KEY-----";
  let rsaPublicBase64String = rsaPublic.split("\n").slice(1, -1).join("");
  // console.log("rsaPublicBase64String", rsaPublicBase64String);

  let pubKey = await crypto.subtle.importKey(
    "spki",
    stringToArrayBuffer(base64ToBinary(rsaPublicBase64String)),
    algorithmOptions,
    false, ["encrypt"]
  );
  console.log("pubKey", pubKey);

  // >> ERROR IS ON STATEMENT BELOW
  let privKey = await crypto.subtle.importKey(
    "pkcs8",
    stringToArrayBuffer(base64ToBinary(rsaPrivateBase64String)),
    algorithmOptions,
    false, ["decrypt"]
  );
  console.log("privKey", privKey);

  let encryptedBuf = await crypto.subtle.encrypt({
      name: "RSA-OAEP"
    },
    pubKey,
    stringToArrayBuffer(content)
  );
  let encrypted = arrayBufferToString(encryptedBuf);
  console.log("encrypted", binaryToBase64(encrypted));

  let decryptedBuf = await crypto.subtle.decrypt({
      name: "RSA-OAEP"
    },
    privKey,
    stringToArrayBuffer(encrypted)
  );
  let decrypted = arrayBufferToString(decryptedBuf);
  console.log("decrypted", decrypted);
})().catch(error => console.error(error));

这是代码沙箱链接

4

0 回答 0