如何解决Node.js椭圆验证错误
我已经创建了一些要加密的数据,以确保不能修改该数据。我使用elliptic
创建了数据然后签名。然后,我修改数据。当我使用生成的签名验证数据完整性时,它返回true。
我对使用elliptic
感到困惑吗?
代码如下:
const EC = require("elliptic").ec
const ec = new EC("secp256k1")
class Wallet {
constructor(data,pubKey) {
this.keyPair = ec.genKeyPair();
if (typeof (pubKey) !== "undefined")
this.publicKey = pubKey
else
this.publicKey = this.keyPair.getPublic().encode("hex")
this.data = data
this.creationDate = Date.now()
}
toString() {
console.log("public key: " + this.publicKey)
}
sign() {
let raw = this.publicKey + this.data + this.creationDate;
console.log("signing data: " + raw)
return this.keyPair.sign(raw)
}
static verify(wallet,signature) {
let raw = wallet.publicKey + wallet.data + wallet.creationDate;
console.log("verifying data: " + raw)
return ec.keyFromPublic(wallet.publicKey,"hex").verify(raw,signature)
}
}
module.exports = Wallet
索引文件:
const Wallet = require("./Wallet")
let wallet = new Wallet("hello");
wallet.toString()
let signature = wallet.sign()
console.log("\n\nSignature: "+JSON.stringify(signature)+"\n\n")
wallet.data = "world"
console.log("wallet data: "+ wallet.data)
console.log("Verify: "+ (Wallet.verify(wallet,signature)))
console.log("\n\n---------------Another wallet hacking-------------\n\n")
let wallet2 = new Wallet("bar",wallet.publicKey);
wallet2.toString()
let signature2 = wallet2.sign()
console.log("\n\nSignature: "+JSON.stringify(signature)+"\n\n")
console.log("wallet data: "+ wallet2.data)
console.log("Verify: "+ (Wallet.verify(wallet2,signature)))
输出:
public key: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fc
signing data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fchello1604430087928
Signature: {"r":"9ed97af6f4f3becdfa910c91d4865b9c8d9a317ac47b4b7edbd5d4873ca3b3c3","s":"46e76b801de77ee596a7726b08b1db0cdbd9a6b0404bee7c49be0fccee85e99f","recoveryParam":0}
wallet data: world
verifying data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcworld1604430087928
Verify: true
---------------Another wallet hacking-------------
public key: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fc
signing data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcbar1604430087974
Signature: {"r":"9ed97af6f4f3becdfa910c91d4865b9c8d9a317ac47b4b7edbd5d4873ca3b3c3","recoveryParam":0}
wallet data: bar
verifying data: 045f349291f48e979d5895dedd523ceadf5f60b8b7e87706565f45d73561b1ba4e836ff6d7f27283cb0fece3a7b08abf37db995eae49666314f5b01954e21958fcbar1604430087974
Verify: true
解决方法
感谢@Topaco的回答。我了解elliptic
不会签署任何形式的内容。我还将该字符串错误地转换为array
和elliptic
的内容,仍然错误地转换为sign
和verify
。
考虑了
["0","4","3","7","d","0","6","2","a","9","5","f","e","b","8","1","c","h","l","o","8"]
与
相同 ["0","w","r","8"]
第一个包含hello
,第二个包含world
。
我通过将sha256
编码的字符串传递到sign
和verify
来解决它。
我安装了软件包crypto-js
,然后对字符串进行了编码:
const Sha256 = require("crypto-js/sha256")
// Signing
const encContent = Sha256(raw).toString()
this.keyPair.sign(encContent )
// Verifying
const encContent = Sha256(raw).toString()
ec.keyFromPublic(wallet.publicKey,"hex").verify(encContent,signature)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。