Digital signature in Node.js
What is a digital signature?
In short it is a piece of data sent by the sender to the receiver to establish the identity of the sender. Upon receiving the data, receiver can identify if the sender is the one it says it is.
It is made possible by making use of Asymmetric Cryptography. Sender encrypts some data with the private key, to generate the signature. The signature and public key will be sent to the receiver. Receiver decrypts the signature using the public key and compares the decrypted value, to the expected data (data encrypted by the sender). Both the sender and receiver has to agree beforehand, on what will be the data they would be using.
Wiki Link: Digital Signature
Node.js Implementation - Sender
const crypto = require('crypto');
const privateKey = `-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDCtTEic76GBqUetJ1XXrrWZcxd8vJr2raWRqBjbGpSzLqa3YLvVxVeK49iSlI+5uLX/2WFJdhKAWoqO+03oH4TDSupolzZrwMFSylxGwR5jPmoNHDMS3nnzUkBtdr3NCfq1C34fQV0iUGdlPtJaiiTBQPMt4KUcQ1TaazB8TzhqwIDAQABAoGAM8WeBP0lwdluelWoKJ0lrPBwgOKilw8W0aqB5y3ir5WEYL1ZnW5YXivS+l2stNELrEdapSbE9hieNBCvKMViABQXj4DRw5Dgpfz6Hc8XIzoEl68DtxL313EyouZDjOiOGWW5UTBatLh05Fa5rh0FbZn8GsHrA6nhz4Fg2zGzpyECQQDi8rN6qhjEk5If+fOBT+kjHZ/SLrH6OIeAJ+RYstjOfS0bWiM9Wvrhtr7DZkIUA5JNsmeANUGlCrQ2cBJU2cJJAkEA26HyehCmnCkCjit7s8g3MdT0ys5WvrAFO6z3+kCbCAsGS+34EgnFyz8dDdfUYP410R5+9Cs/RkYesqindsvEUwJBALCmQVXFeKnqQ99n60ZIMSwILxKnDhm6Tp5Obssryt5PSQD1VGC5pHZ0jGAEBIMXlJWtvCprScFxZ3zIFzy8kyECQQDBlUhHVo3DblIWRTVPDNW5Ul5AswW6JSM3qgkXxgHfYPg3zJOuMnbn4cUWAnnq06VToHF9fPDUW9GK3yRbjNaJAkAB2Al6yY0KUhYLtWoEpQ40HlATbhNel2cn5WNs6Y5F2hedvWdhS/zLzbtbSlOegp00d2/7IBghAfjAc3DE9DZw-----END RSA PRIVATE KEY-----`;
const publicKey = `-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCtTEic76GBqUetJ1XXrrWZcxd8vJr2raWRqBjbGpSzLqa3YLvVxVeK49iSlI+5uLX/2WFJdhKAWoqO+03oH4TDSupolzZrwMFSylxGwR5jPmoNHDMS3nnzUkBtdr3NCfq1C34fQV0iUGdlPtJaiiTBQPMt4KUcQ1TaazB8TzhqwIDAQAB-----END PUBLIC KEY-----`;
//Sender creates the signature using the private key
const data = 'a' + 'b';
const signer = crypto.createSign('sha256');
signer.update(data);
const signature = signer.sign(privateKey,'base64');
console.log(signature);//UszR3gGQKsc6w93kqg8aTYpOaGDiFHSOapCaT6wvMQy1wlCqn8v7lWN1q6P01AhhhCII3ar9ykmVCk+CfCSrbXsxIIORtnLWePugekKgyqvVc8HylYt1MPsttr22vhCe7fxD7kytH9H/scJakk9mFEnPjswVwxvo0Z4mPQP2uj8=
//Now the signature and public key will be sent to the receiver
Node.js Implementation - Receiver
const crypto = require('crypto');
//public key received from sender
const publicKey = `-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCtTEic76GBqUetJ1XXrrWZcxd8vJr2raWRqBjbGpSzLqa3YLvVxVeK49iSlI+5uLX/2WFJdhKAWoqO+03oH4TDSupolzZrwMFSylxGwR5jPmoNHDMS3nnzUkBtdr3NCfq1C34fQV0iUGdlPtJaiiTBQPMt4KUcQ1TaazB8TzhqwIDAQAB-----END PUBLIC KEY-----`;
//signature received from sender
const signature = `UszR3gGQKsc6w93kqg8aTYpOaGDiFHSOapCaT6wvMQy1wlCqn8v7lWN1q6P01AhhhCII3ar9ykmVCk+CfCSrbXsxIIORtnLWePugekKgyqvVc8HylYt1MPsttr22vhCe7fxD7kytH9H/scJakk9mFEnPjswVwxvo0Z4mPQP2uj8=`;
const expected = 'a' + 'b';
const verifier = crypto.createVerify('sha256');
verifier.update(expected);
const valid = verifier.verify(publicKey, signature,'base64');
console.log(valid);//true
Comments
Post a Comment