当前位置：文江博客话题详情

为什么我可以使用EC-Key-Key-Pairs使用RSA-AlgorithM签名和验证JWT？

发布于 2025-01-27 07:21:51 字数 776 浏览 4 评论 0原文

我在Node.js中使用加密核心模块来生成EC-KEYP。

然后，我使用此密钥对签名和验证JWT。

我希望签名/验证仅在使用EC-Algorithm时起作用。

但是，除了HMAC以外，它似乎正在使用任何算法。

从我的理解来看，这是不可能的。

有人可以向我解释一下吗？

感谢您阅读我的问题。

const crypto = require('crypto')
const jwt = require('jsonwebtoken')

const keyPair = crypto.generateKeyPairSync('ec', {
  namedCurve: 'secp256k1',
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem'
  }
})

const token = jwt.sign({}, keyPair.privateKey, {
  algorithm: 'ES256' // I expect this to work, but it seems to be also working with e.g. "RS256" or "PS512", which I don't understand.
})

const verify = jwt.verify(token, keyPair.publicKey)

原文

I use the crypto core-module in node.js to generate an EC-key-pair.

I then use this key-pair to sign and verify JWT's.

I would expect the signing/verification to only work when using an EC-algorithm.

However it seems to be working with any algorithm except HMAC.

From my understanding, this shouldn't be possible.

Can anyone explain this to me?

Thank you for reading my question.

const crypto = require('crypto')
const jwt = require('jsonwebtoken')

const keyPair = crypto.generateKeyPairSync('ec', {
  namedCurve: 'secp256k1',
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem'
  }
})

const token = jwt.sign({}, keyPair.privateKey, {
  algorithm: 'ES256' // I expect this to work, but it seems to be also working with e.g. "RS256" or "PS512", which I don't understand.
})

const verify = jwt.verify(token, keyPair.publicKey)

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

暖心男生 2025-02-03 07:21:51

这也让我很好奇，所以我试图挖掘来源。
如果您遵循签署JWT期间发生的事情，最终将到达这个：

function createKeySigner(bits) {
 return function sign(thing, privateKey) {
    checkIsPrivateKey(privateKey);
    thing = normalizeInput(thing);
    // Even though we are specifying "RSA" here, this works with ECDSA
    // keys as well.
    var signer = crypto.createSign('RSA-SHA' + bits);
    var sig = (signer.update(thing), signer.sign(privateKey, 'base64'));
    return fromBase64(sig);
  }
}

这不会回答原因。因此，更深入地挖掘加密在C中实现，我认为这是相关部分。如果我正确理解，那么它起作用的原因主要取决于它只是将其读为字符串/缓冲区。

This made me curious too, so I tried to dig up sources.
If you follow what happens during signing a jwt, you will eventually get to this:

function createKeySigner(bits) {
 return function sign(thing, privateKey) {
    checkIsPrivateKey(privateKey);
    thing = normalizeInput(thing);
    // Even though we are specifying "RSA" here, this works with ECDSA
    // keys as well.
    var signer = crypto.createSign('RSA-SHA' + bits);
    var sig = (signer.update(thing), signer.sign(privateKey, 'base64'));
    return fromBase64(sig);
  }
}

This doesn't answer why though. So digging deeper, crypto is implemented in C, and I think this is the relevant part. If I understand correctly, the reason it works mostly comes down to the fact that it is just read as a string/buffer.

回复收藏 0 原文

~没有更多了~