Node js 0.4 中的 https ssl 密码
节点0.2.6方式:
var credentials = crypto.createCredentials({ "key": SSLKey, "cert": SSLCert, "ca": Ca, "password": SSLKeyPass })
var client = http.createClient(apiPort, host, true, credentials)
node 0.4 way:
var options = {
host: apiHost,
port: apiPort,
method: 'GET',
path: uri,
headers: {host: host},
key:SSLKey,
cert:SSLCert,
ca:Ca,
password:SSLKeyPass
}
var request = https.request(options, function (response) {
正如你所看到的,需要一个密码,我不知道密码应该放在节点0.4中的哪里。
SSLKeyPass 在节点 0.4 上去了哪里?
node 0.2.6 way:
var credentials = crypto.createCredentials({ "key": SSLKey, "cert": SSLCert, "ca": Ca, "password": SSLKeyPass })
var client = http.createClient(apiPort, host, true, credentials)
node 0.4 way:
var options = {
host: apiHost,
port: apiPort,
method: 'GET',
path: uri,
headers: {host: host},
key:SSLKey,
cert:SSLCert,
ca:Ca,
password:SSLKeyPass
}
var request = https.request(options, function (response) {
As you can see there is a password needed, I don't know where the password is supposed to go in node 0.4.
Where does SSLKeyPass go on node 0.4?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
因此,即使在 Node 0.2.6 源代码中,crypto.js 模块也不会在您传递给 createCredentials 的对象中查找
password属性。 这是来自节点 0.2.6 的 createCredentials 源 。在 0.4.8 版本中,crypto.js 模块中仍然没有提及password一词。你的0.2.6代码真的有效吗?作为一般评论,使用 openssl 解密您的私钥,将其安全地保存在磁盘上,并让您的节点代码读取该文件。这似乎是最常用的选项。其他选项是 A) 每当启动节点服务器时都必须手动输入密码来解密您的私钥(几乎没有人这样做)或 B) 将明文密码保留在磁盘上,这与仅保留明文没有任何不同私钥在磁盘上,所以据我所知,这也是私钥安全问题的一个非常不常见的解决方案。
您可以使用 openssl 命令行解密您的私钥,如下所示:
openssl 将以交互方式提示您输入密码。
So even in the node 0.2.6 source code, the crypto.js module is not looking for a
passwordproperty in the object you pass to createCredentials. Here's the createCredentials source from node 0.2.6. In version 0.4.8 there is still no mention of the wordpasswordin the crypto.js module. Did your 0.2.6 code really work?As a general comment, use openssl to decrypt your private key, keep that secured on disk, and have your node code read that file. This seems to be the most commonly used option. The other options being A) have to manually type the passphrase to decrypt your private key whenever you launch your node server (pretty much nobody does this) or B) keep your cleartext passphrase on disk, which is not any different that just keeping the cleartext private key on disk, so AFAIK this is also a very uncommon solution to the problem of private key security.
You can decrypt your private key with the openssl command line like this:
openssl will prompt your for the passphrase interactively.
郑重声明,您可以在 Node.js 中创建 Credentials 对象时提供密码。 有关加密模块的 Node.js 文档部分指出
密码<可以为私钥或PFX文件提供 /code> 选项。对于 Node.js,您不必将私钥以明文形式保存在磁盘上的某个位置。For the record, you can provide a passphrase when creating a Credentials object in Node.js. This section of Node.js documentation on the crypto module states that the
passphraseoption can be provided, for either the private key orPFXfile. You do not have to keep your private key in clear text on disk somewhere for Node.