Nodejs 椭圆验证错误
Nodejs elliptic verification wrong
我创建了一些要加密的数据,以确保数据无法被修改。使用 elliptic 我创建了数据然后对其进行了签名。然后我修改数据。当我使用生成的签名验证数据完整性时,它 returns true.
我对 elliptic 的使用感到困惑吗?
代码如下:
const EC = require("elliptic").ec
const ec = new EC("secp256k1")
class Wallet {
constructor(data, pubKey) {
this.keyPair = ec.genKeyPair();
if (typeof (pubKey) !== "undefined")
this.publicKey = pubKey
else
this.publicKey = this.keyPair.getPublic().encode("hex")
this.data = data
this.creationDate = Date.now()
}
toString() {
console.log("public key: " + this.publicKey)
}
sign() {
let raw = this.publicKey + this.data + this.creationDate;
console.log("signing data: " + raw)
return this.keyPair.sign(raw)
}
static verify(wallet, signature) {
let raw = wallet.publicKey + wallet.data + wallet.creationDate;
console.log("verifying data: " + raw)
return ec.keyFromPublic(wallet.publicKey, "hex").verify(raw, signature)
}
}
module.exports = Wallet
索引文件:
const Wallet = require("./Wallet")
let wallet = new Wallet("hello");
wallet.toString()
let signature = wallet.sign()
console.log("\n\nSignature: "+JSON.stringify(signature)+"\n\n")
wallet.data = "world"
console.log("wallet data: "+ wallet.data)
console.log("Verify: "+ (Wallet.verify(wallet, signature)))
console.log("\n\n---------------Another wallet hacking-------------\n\n")
let wallet2 = new Wallet("bar", wallet.publicKey);
wallet2.toString()
let signature2 = wallet2.sign()
console.log("\n\nSignature: "+JSON.stringify(signature)+"\n\n")
console.log("wallet data: "+ wallet2.data)
console.log("Verify: "+ (Wallet.verify(wallet2, signature)))
输出:
public key: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fc
signing data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fchello1604430087928
Signature: {"r":"9ed97af6f4f3becdfa910c91d4865b9c8d9a317ac47b4b7edbd5d4873ca3b3c3","s":"46e76b801de77ee596a7726b08b1db0cdbd9a6b0404bee7c49be0fccee85e99f","recoveryParam":0}
wallet data: world
verifying data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcworld1604430087928
Verify: true
---------------Another wallet hacking-------------
public key: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fc
signing data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcbar1604430087974
Signature: {"r":"9ed97af6f4f3becdfa910c91d4865b9c8d9a317ac47b4b7edbd5d4873ca3b3c3","s":"46e76b801de77ee596a7726b08b1db0cdbd9a6b0404bee7c49be0fccee85e99f","recoveryParam":0}
wallet data: bar
verifying data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcbar1604430087974
Verify: true
感谢@Topaco 的回答。我了解 elliptic 不签署任何内容。我还将字符串转换为 array 和 elliptic 仍然是 sign 和 verify 内容错误。
考虑过
["0","4","3","7","d","0","6","2","d","a","a","7","a","9","5","3","f","a","5","6","5","9","3","2","3","d","d","d","0","7","6","4","e","b","8","a","2","e","9","1","9","6","b","4","d","1","f","6","c","1","8","5","0","9","3","5","a","6","0","b","9","a","6","1","5","6","4","d","1","8","a","5","9","c","b","d","e","2","8","f","6","1","9","5","7","1","0","1","c","4","2","f","b","1","2","b","b","4","2","4","1","3","a","4","3","e","e","4","3","6","8","8","f","1","9","d","a","3","6","f","c","9","1","c","6","1","9","9","6","7","h","e","l","l","o","1","6","0","4","4","4","7","6","8","8","9","2","8"]
与
相同
["0","4","3","7","d","0","6","2","d","a","a","7","a","9","5","3","f","a","5","6","5","9","3","2","3","d","d","d","0","7","6","4","e","b","8","a","2","e","9","1","9","6","b","4","d","1","f","6","c","1","8","5","0","9","3","5","a","6","0","b","9","a","6","1","5","6","4","d","1","8","a","5","9","c","b","d","e","2","8","f","6","1","9","5","7","1","0","1","c","4","2","f","b","1","2","b","b","4","2","4","1","3","a","4","3","e","e","4","3","6","8","8","f","1","9","d","a","3","6","f","c","9","1","c","6","1","9","9","6","7","w","o","r","l","d","1","6","0","4","4","4","7","6","8","8","9","2","8"]
第一个包含hello,第二个包含world。
我通过将 sha256 编码的字符串传递给 sign 和 verify.
来修复它
我安装了包 crypto-js 然后我对字符串进行编码:
const Sha256 = require("crypto-js/sha256")
// Signing
const encContent = Sha256(raw).toString()
this.keyPair.sign(encContent )
// Verifying
const encContent = Sha256(raw).toString()
ec.keyFromPublic(wallet.publicKey, "hex").verify(encContent , signature)
我创建了一些要加密的数据,以确保数据无法被修改。使用 elliptic 我创建了数据然后对其进行了签名。然后我修改数据。当我使用生成的签名验证数据完整性时,它 returns true.
我对 elliptic 的使用感到困惑吗?
代码如下:
const EC = require("elliptic").ec
const ec = new EC("secp256k1")
class Wallet {
constructor(data, pubKey) {
this.keyPair = ec.genKeyPair();
if (typeof (pubKey) !== "undefined")
this.publicKey = pubKey
else
this.publicKey = this.keyPair.getPublic().encode("hex")
this.data = data
this.creationDate = Date.now()
}
toString() {
console.log("public key: " + this.publicKey)
}
sign() {
let raw = this.publicKey + this.data + this.creationDate;
console.log("signing data: " + raw)
return this.keyPair.sign(raw)
}
static verify(wallet, signature) {
let raw = wallet.publicKey + wallet.data + wallet.creationDate;
console.log("verifying data: " + raw)
return ec.keyFromPublic(wallet.publicKey, "hex").verify(raw, signature)
}
}
module.exports = Wallet
索引文件:
const Wallet = require("./Wallet")
let wallet = new Wallet("hello");
wallet.toString()
let signature = wallet.sign()
console.log("\n\nSignature: "+JSON.stringify(signature)+"\n\n")
wallet.data = "world"
console.log("wallet data: "+ wallet.data)
console.log("Verify: "+ (Wallet.verify(wallet, signature)))
console.log("\n\n---------------Another wallet hacking-------------\n\n")
let wallet2 = new Wallet("bar", wallet.publicKey);
wallet2.toString()
let signature2 = wallet2.sign()
console.log("\n\nSignature: "+JSON.stringify(signature)+"\n\n")
console.log("wallet data: "+ wallet2.data)
console.log("Verify: "+ (Wallet.verify(wallet2, signature)))
输出:
public key: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fc
signing data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fchello1604430087928
Signature: {"r":"9ed97af6f4f3becdfa910c91d4865b9c8d9a317ac47b4b7edbd5d4873ca3b3c3","s":"46e76b801de77ee596a7726b08b1db0cdbd9a6b0404bee7c49be0fccee85e99f","recoveryParam":0}
wallet data: world
verifying data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcworld1604430087928
Verify: true
---------------Another wallet hacking-------------
public key: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fc
signing data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcbar1604430087974
Signature: {"r":"9ed97af6f4f3becdfa910c91d4865b9c8d9a317ac47b4b7edbd5d4873ca3b3c3","s":"46e76b801de77ee596a7726b08b1db0cdbd9a6b0404bee7c49be0fccee85e99f","recoveryParam":0}
wallet data: bar
verifying data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcbar1604430087974
Verify: true
感谢@Topaco 的回答。我了解 elliptic 不签署任何内容。我还将字符串转换为 array 和 elliptic 仍然是 sign 和 verify 内容错误。
考虑过
["0","4","3","7","d","0","6","2","d","a","a","7","a","9","5","3","f","a","5","6","5","9","3","2","3","d","d","d","0","7","6","4","e","b","8","a","2","e","9","1","9","6","b","4","d","1","f","6","c","1","8","5","0","9","3","5","a","6","0","b","9","a","6","1","5","6","4","d","1","8","a","5","9","c","b","d","e","2","8","f","6","1","9","5","7","1","0","1","c","4","2","f","b","1","2","b","b","4","2","4","1","3","a","4","3","e","e","4","3","6","8","8","f","1","9","d","a","3","6","f","c","9","1","c","6","1","9","9","6","7","h","e","l","l","o","1","6","0","4","4","4","7","6","8","8","9","2","8"]
与
相同["0","4","3","7","d","0","6","2","d","a","a","7","a","9","5","3","f","a","5","6","5","9","3","2","3","d","d","d","0","7","6","4","e","b","8","a","2","e","9","1","9","6","b","4","d","1","f","6","c","1","8","5","0","9","3","5","a","6","0","b","9","a","6","1","5","6","4","d","1","8","a","5","9","c","b","d","e","2","8","f","6","1","9","5","7","1","0","1","c","4","2","f","b","1","2","b","b","4","2","4","1","3","a","4","3","e","e","4","3","6","8","8","f","1","9","d","a","3","6","f","c","9","1","c","6","1","9","9","6","7","w","o","r","l","d","1","6","0","4","4","4","7","6","8","8","9","2","8"]
第一个包含hello,第二个包含world。
我通过将 sha256 编码的字符串传递给 sign 和 verify.
我安装了包 crypto-js 然后我对字符串进行编码:
const Sha256 = require("crypto-js/sha256")
// Signing
const encContent = Sha256(raw).toString()
this.keyPair.sign(encContent )
// Verifying
const encContent = Sha256(raw).toString()
ec.keyFromPublic(wallet.publicKey, "hex").verify(encContent , signature)