Node.js' crypto.createSign() 的有效算法输入字符串
Valid algorithm input strings for Node.js' crypto.createSign()
我正在为一个项目使用节点的加密签名,并且一直在尝试考虑各种算法的起伏。 crypto.createSign()的描述如下:
Creates and returns a Sign object that uses the given algorithm. On recent OpenSSL releases, openssl list-public-key-algorithms will display the available signing algorithms. One example is 'RSA-SHA256'.
不幸的是,"RSA-SHA256" 不是 openssl list-public-key-algorithms 的输出值之一(如下所示)。
那么这个函数的有效值是多少,或者它们是如何从下面的列表中提取出来的?
OpenSSL list result:
Name: OpenSSL RSA method
Type: Builtin Algorithm
OID: rsaEncryption
PEM string: RSA
Name: rsa
Type: Alias to rsaEncryption
Name: OpenSSL PKCS#3 DH method
Type: Builtin Algorithm
OID: dhKeyAgreement
PEM string: DH
Name: dsaWithSHA
Type: Alias to dsaEncryption
Name: dsaEncryption-old
Type: Alias to dsaEncryption
Name: dsaWithSHA1-old
Type: Alias to dsaEncryption
Name: dsaWithSHA1
Type: Alias to dsaEncryption
Name: OpenSSL DSA method
Type: Builtin Algorithm
OID: dsaEncryption
PEM string: DSA
Name: OpenSSL EC algorithm
Type: Builtin Algorithm
OID: id-ecPublicKey
PEM string: EC
Name: OpenSSL HMAC method
Type: Builtin Algorithm
OID: hmac
PEM string: HMAC
Name: OpenSSL CMAC method
Type: Builtin Algorithm
OID: cmac
PEM string: CMAC
好的,经过一些暴力破解和良好的猜测,有效算法输入字符串的结构似乎没有什么意义。开始看起来像规则的东西有很多例外。如果省略 public 密钥算法,RSA 似乎是默认算法。以下是有效值的不完整列表:
Public 仅密钥算法:
- "DSA"
单独哈希:
- "MD4"
- "MD5"
- "SHA"
- "DSS1"
- "MDC2"
- "SHA1"
- "SHA224"
- "SHA256"
- "SHA512"
Public-密钥-算法-哈希对:
- "RSA-MD4"
- "RSA-MD5"
- "RSA-SHA"
- "RSA-MDC2"
- "RSA-SHA1"
- "RSA-SHA224"
- "RSA-SHA256"
- "RSA-SHA512"
- "DSA-SHA"
- "DSA-SHA1"
我不是密码学家,所以 RSA 可能需要明确的哈希选择,或者 DSA 与 sha512 或 md5 不兼容,但我发现这些不一致更有可能是由 openSSL 的实现引起的。
我认为 Node 文档有误。对于 crypto.createSign(),使用以下命令列出可能性:
openssl list-message-digest-algorithms
运行 crypto.getHashes() 获取可用签名算法列表。
例如,如果您在节点 v8.15.0 中 运行 它,那么您将得到:
[ 'DSA',
'DSA-SHA',
'DSA-SHA1',
'DSA-SHA1-old',
'RSA-MD4',
'RSA-MD5',
'RSA-MDC2',
'RSA-RIPEMD160',
'RSA-SHA',
'RSA-SHA1',
'RSA-SHA1-2',
'RSA-SHA224',
'RSA-SHA256',
'RSA-SHA384',
'RSA-SHA512',
'dsaEncryption',
'dsaWithSHA',
'dsaWithSHA1',
'dss1',
'ecdsa-with-SHA1',
'md4',
'md4WithRSAEncryption',
'md5',
'md5WithRSAEncryption',
'mdc2',
'mdc2WithRSA',
'ripemd',
'ripemd160',
'ripemd160WithRSA',
'rmd160',
'sha',
'sha1',
'sha1WithRSAEncryption',
'sha224',
'sha224WithRSAEncryption',
'sha256',
'sha256WithRSAEncryption',
'sha384',
'sha384WithRSAEncryption',
'sha512',
'sha512WithRSAEncryption',
'shaWithRSAEncryption',
'ssl2-md5',
'ssl3-md5',
'ssl3-sha1',
'whirlpool' ]
在节点 v10.15.1 中你会得到:
[ 'RSA-MD4',
'RSA-MD5',
'RSA-MDC2',
'RSA-RIPEMD160',
'RSA-SHA1',
'RSA-SHA1-2',
'RSA-SHA224',
'RSA-SHA256',
'RSA-SHA384',
'RSA-SHA512',
'blake2b512',
'blake2s256',
'md4',
'md4WithRSAEncryption',
'md5',
'md5-sha1',
'md5WithRSAEncryption',
'mdc2',
'mdc2WithRSA',
'ripemd',
'ripemd160',
'ripemd160WithRSA',
'rmd160',
'sha1',
'sha1WithRSAEncryption',
'sha224',
'sha224WithRSAEncryption',
'sha256',
'sha256WithRSAEncryption',
'sha384',
'sha384WithRSAEncryption',
'sha512',
'sha512WithRSAEncryption',
'ssl3-md5',
'ssl3-sha1',
'whirlpool' ]
我正在为一个项目使用节点的加密签名,并且一直在尝试考虑各种算法的起伏。 crypto.createSign()的描述如下:
Creates and returns a Sign object that uses the given algorithm. On recent OpenSSL releases,
openssl list-public-key-algorithmswill display the available signing algorithms. One example is 'RSA-SHA256'.
不幸的是,"RSA-SHA256" 不是 openssl list-public-key-algorithms 的输出值之一(如下所示)。
那么这个函数的有效值是多少,或者它们是如何从下面的列表中提取出来的?
OpenSSL list result:
Name: OpenSSL RSA method
Type: Builtin Algorithm
OID: rsaEncryption
PEM string: RSA
Name: rsa
Type: Alias to rsaEncryption
Name: OpenSSL PKCS#3 DH method
Type: Builtin Algorithm
OID: dhKeyAgreement
PEM string: DH
Name: dsaWithSHA
Type: Alias to dsaEncryption
Name: dsaEncryption-old
Type: Alias to dsaEncryption
Name: dsaWithSHA1-old
Type: Alias to dsaEncryption
Name: dsaWithSHA1
Type: Alias to dsaEncryption
Name: OpenSSL DSA method
Type: Builtin Algorithm
OID: dsaEncryption
PEM string: DSA
Name: OpenSSL EC algorithm
Type: Builtin Algorithm
OID: id-ecPublicKey
PEM string: EC
Name: OpenSSL HMAC method
Type: Builtin Algorithm
OID: hmac
PEM string: HMAC
Name: OpenSSL CMAC method
Type: Builtin Algorithm
OID: cmac
PEM string: CMAC
好的,经过一些暴力破解和良好的猜测,有效算法输入字符串的结构似乎没有什么意义。开始看起来像规则的东西有很多例外。如果省略 public 密钥算法,RSA 似乎是默认算法。以下是有效值的不完整列表:
Public 仅密钥算法:
- "DSA"
单独哈希:
- "MD4"
- "MD5"
- "SHA"
- "DSS1"
- "MDC2"
- "SHA1"
- "SHA224"
- "SHA256"
- "SHA512"
Public-密钥-算法-哈希对:
- "RSA-MD4"
- "RSA-MD5"
- "RSA-SHA"
- "RSA-MDC2"
- "RSA-SHA1"
- "RSA-SHA224"
- "RSA-SHA256"
- "RSA-SHA512"
- "DSA-SHA"
- "DSA-SHA1"
我不是密码学家,所以 RSA 可能需要明确的哈希选择,或者 DSA 与 sha512 或 md5 不兼容,但我发现这些不一致更有可能是由 openSSL 的实现引起的。
我认为 Node 文档有误。对于 crypto.createSign(),使用以下命令列出可能性:
openssl list-message-digest-algorithms
运行 crypto.getHashes() 获取可用签名算法列表。
例如,如果您在节点 v8.15.0 中 运行 它,那么您将得到:
[ 'DSA',
'DSA-SHA',
'DSA-SHA1',
'DSA-SHA1-old',
'RSA-MD4',
'RSA-MD5',
'RSA-MDC2',
'RSA-RIPEMD160',
'RSA-SHA',
'RSA-SHA1',
'RSA-SHA1-2',
'RSA-SHA224',
'RSA-SHA256',
'RSA-SHA384',
'RSA-SHA512',
'dsaEncryption',
'dsaWithSHA',
'dsaWithSHA1',
'dss1',
'ecdsa-with-SHA1',
'md4',
'md4WithRSAEncryption',
'md5',
'md5WithRSAEncryption',
'mdc2',
'mdc2WithRSA',
'ripemd',
'ripemd160',
'ripemd160WithRSA',
'rmd160',
'sha',
'sha1',
'sha1WithRSAEncryption',
'sha224',
'sha224WithRSAEncryption',
'sha256',
'sha256WithRSAEncryption',
'sha384',
'sha384WithRSAEncryption',
'sha512',
'sha512WithRSAEncryption',
'shaWithRSAEncryption',
'ssl2-md5',
'ssl3-md5',
'ssl3-sha1',
'whirlpool' ]
在节点 v10.15.1 中你会得到:
[ 'RSA-MD4',
'RSA-MD5',
'RSA-MDC2',
'RSA-RIPEMD160',
'RSA-SHA1',
'RSA-SHA1-2',
'RSA-SHA224',
'RSA-SHA256',
'RSA-SHA384',
'RSA-SHA512',
'blake2b512',
'blake2s256',
'md4',
'md4WithRSAEncryption',
'md5',
'md5-sha1',
'md5WithRSAEncryption',
'mdc2',
'mdc2WithRSA',
'ripemd',
'ripemd160',
'ripemd160WithRSA',
'rmd160',
'sha1',
'sha1WithRSAEncryption',
'sha224',
'sha224WithRSAEncryption',
'sha256',
'sha256WithRSAEncryption',
'sha384',
'sha384WithRSAEncryption',
'sha512',
'sha512WithRSAEncryption',
'ssl3-md5',
'ssl3-sha1',
'whirlpool' ]