Node js 0.4 中的 https ssl 密码

发布于 2024-10-30 04:31:22 字数 614 浏览 5 评论 0原文

节点0.2.6方式:

var credentials = crypto.createCredentials({ "key": SSLKey, "cert": SSLCert, "ca": Ca, "password": SSLKeyPass })
var client = http.createClient(apiPort, host, true, credentials)


    node 0.4 way:
    var options = {
        host: apiHost,
        port: apiPort,
        method: 'GET',
        path: uri,
        headers: {host: host},
        key:SSLKey,
        cert:SSLCert,
        ca:Ca,
        password:SSLKeyPass
    }

    var request = https.request(options, function (response) {

正如你所看到的,需要一个密码,我不知道密码应该放在节点0.4中的哪里。

SSLKeyPass 在节点 0.4 上去了哪里?

node 0.2.6 way:

var credentials = crypto.createCredentials({ "key": SSLKey, "cert": SSLCert, "ca": Ca, "password": SSLKeyPass })
var client = http.createClient(apiPort, host, true, credentials)


    node 0.4 way:
    var options = {
        host: apiHost,
        port: apiPort,
        method: 'GET',
        path: uri,
        headers: {host: host},
        key:SSLKey,
        cert:SSLCert,
        ca:Ca,
        password:SSLKeyPass
    }

    var request = https.request(options, function (response) {

As you can see there is a password needed, I don't know where the password is supposed to go in node 0.4.

Where does SSLKeyPass go on node 0.4?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

皓月长歌 2024-11-06 04:31:22

因此,即使在 Node 0.2.6 源代码中,crypto.js 模块也不会在您传递给 createCredentials 的对象中查找 password 属性。 这是来自节点 0.2.6 的 createCredentials 源 。在 0.4.8 版本中,crypto.js 模块中仍然没有提及 password 一词。你的0.2.6代码真的有效吗?

作为一般评论,使用 openssl 解密您的私钥,将其安全地保存在磁盘上,并让您的节点代码读取该文件。这似乎是最常用的选项。其他选项是 A) 每当启动节点服务器时都必须手动输入密码来解密您的私钥(几乎没有人这样做)或 B) 将明文密码保留在磁盘上,这与仅保留明文没有任何不同私钥在磁盘上,所以据我所知,这也是私钥安全问题的一个非常不常见的解决方案。

您可以使用 openssl 命令行解密您的私钥,如下所示:

openssl rsa -in your_encrypted_private.ekey -out your_private.key

openssl 将以交互方式提示您输入密码。

So even in the node 0.2.6 source code, the crypto.js module is not looking for a password property in the object you pass to createCredentials. Here's the createCredentials source from node 0.2.6. In version 0.4.8 there is still no mention of the word password in the crypto.js module. Did your 0.2.6 code really work?

As a general comment, use openssl to decrypt your private key, keep that secured on disk, and have your node code read that file. This seems to be the most commonly used option. The other options being A) have to manually type the passphrase to decrypt your private key whenever you launch your node server (pretty much nobody does this) or B) keep your cleartext passphrase on disk, which is not any different that just keeping the cleartext private key on disk, so AFAIK this is also a very uncommon solution to the problem of private key security.

You can decrypt your private key with the openssl command line like this:

openssl rsa -in your_encrypted_private.ekey -out your_private.key

openssl will prompt your for the passphrase interactively.

放飞的风筝 2024-11-06 04:31:22

郑重声明,您可以在 Node.js 中创建 Credentials 对象时提供密码。 有关加密模块的 Node.js 文档部分指出密码<可以为私钥或 PFX 文件提供 /code> 选项。对于 Node.js,您不必将私钥以明文形式保存在磁盘上的某个位置。

For the record, you can provide a passphrase when creating a Credentials object in Node.js. This section of Node.js documentation on the crypto module states that the passphrase option can be provided, for either the private key or PFX file. You do not have to keep your private key in clear text on disk somewhere for Node.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文