Я попытался найти какой-либо пакет или решение для подписи / проверки подписи S ​​/ MIME в Node.js, но нашел решения только с использованием внешних вызовов (дочерний процесс) к OpenSSL. Мне нужно запустить свой код в AWS Lambda как Node.js, поэтому вызов двоичного файла OpenSSL не является вариантом ...

Можно ли вообще проверять и подписывать подписи X.509 pkcs7-signature S / MIME (Base64), используя только Node.js?

Пример открытого ключа:

-----BEGIN CERTIFICATE-----
MIIDwzCCAqugAwIBAgIIKHUtBJ7PgSwwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UE
BhMCU0UxEjAQBgNVBAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQD
DAx0ZXN0LmFzMi5uZXQwHhcNMTgwMzE0MTI1MTAzWhcNMTkwMzE0MTI1MTAzWjBG
MQswCQYDVQQGEwJTRTESMBAGA1UEBwwJU3RvY2tob2xtMQwwCgYDVQQKDANBUzIx
FTATBgNVBAMMDHRlc3QuYXMyLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALXXVK5jP9H9JjOe9Iiba1235Xz/WuFUVP5I2Pl1ClkvGlUZRIQrje7K
Ar3OBuh8iOiNko+HuWXN505WvmiVESH9mrSSfXHDUU+JcCDkbNLDFJKiEAeZni6f
cTMMU7eWL/ZwVvAaOVXIjCC6l+nf6+rI9HNIKUpr96iIWDUMot5PQURFNUEg0OQ4
HFsuXtrm8CvbD/v3dj/2nke+HzIra27+2v3hFFP0EPCRz4+okh3a6pWrXnozrmRn
e+FFRH8mq0N0UH1AtiArDpCspnZJEGsquvj2/ruSHCarQpOS12MfPY6uFlGym3fZ
H1AxpDn11KIC3L3iNAMNCh7DWtxyrbcCAwEAAaOBtDCBsTAMBgNVHRMEBTADAQH/
MB0GA1UdDgQWBBTOWGctZLOpraEmeF77hpPcbHzbZzB1BgNVHSMEbjBsgBTOWGct
ZLOpraEmeF77hpPcbHzbZ6FKpEgwRjELMAkGA1UEBhMCU0UxEjAQBgNVBAcMCVN0
b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQDDAx0ZXN0LmFzMi5uZXSCCCh1
LQSez4EsMAsGA1UdDwQEAwICvDANBgkqhkiG9w0BAQsFAAOCAQEAQNhK/jVm6PRd
ui2ptx0wLd4QD7duPxULfYdhbab+Odp/LbQ08Mp1FZ8JjnJnH/z1H7SH4kPjEHIC
22VDvK1+MAjTq4iPKgpmtBSdC8dJ/S8rNE9nzpfuheM79ES8ERPNTi2Mumq1OM8L
43J+LMVwNyWx4JlI7egJgqzP5NKaPo35pI1Z/71eVGn6uPwlOdP9s8unwtOYSGZ+
mVUwQ/wiGuJ7VsxCeGPpG2rV38zUGQGiOqerkqHCLDL2K3ondA53M/myAhA7M2qP
BNPee9guEEXiI/W038rzPVSE8lETbNEnsTLxCI1uN68tEBRSZlBQwu/r/pOXP3fw
/HaEGP0gsQ==
-----END CERTIFICATE-----

Пример сообщения, подписанного соответствующим закрытым ключом:

This is an S/MIME signed message

------FF336B91207E7B459FAC35C0D274B8F8
Content-Type: text/plain

UNB+UNOC:3+esab+postnet+111101:1954+6045++++++'UNH+12011+INVOIC:D:93A:UN:EDIT30'BGM+380::9+006124412+9'DTM+137:20111101:102'UNT+55+12011'UNZ+1+6045'       
------FF336B91207E7B459FAC35C0D274B8F8
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIGTwYJKoZIhvcNAQcCoIIGQDCCBjwCAQExCTAHBgUrDgMCGjALBgkqhkiG9w0B
BwGgggPHMIIDwzCCAqugAwIBAgIIKHUtBJ7PgSwwDQYJKoZIhvcNAQELBQAwRjEL
MAkGA1UEBhMCU0UxEjAQBgNVBAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUw
EwYDVQQDDAx0ZXN0LmFzMi5uZXQwHhcNMTgwMzE0MTI1MTAzWhcNMTkwMzE0MTI1
MTAzWjBGMQswCQYDVQQGEwJTRTESMBAGA1UEBwwJU3RvY2tob2xtMQwwCgYDVQQK
DANBUzIxFTATBgNVBAMMDHRlc3QuYXMyLm5ldDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALXXVK5jP9H9JjOe9Iiba1235Xz/WuFUVP5I2Pl1ClkvGlUZ
RIQrje7KAr3OBuh8iOiNko+HuWXN505WvmiVESH9mrSSfXHDUU+JcCDkbNLDFJKi
EAeZni6fcTMMU7eWL/ZwVvAaOVXIjCC6l+nf6+rI9HNIKUpr96iIWDUMot5PQURF
NUEg0OQ4HFsuXtrm8CvbD/v3dj/2nke+HzIra27+2v3hFFP0EPCRz4+okh3a6pWr
XnozrmRne+FFRH8mq0N0UH1AtiArDpCspnZJEGsquvj2/ruSHCarQpOS12MfPY6u
FlGym3fZH1AxpDn11KIC3L3iNAMNCh7DWtxyrbcCAwEAAaOBtDCBsTAMBgNVHRME
BTADAQH/MB0GA1UdDgQWBBTOWGctZLOpraEmeF77hpPcbHzbZzB1BgNVHSMEbjBs
gBTOWGctZLOpraEmeF77hpPcbHzbZ6FKpEgwRjELMAkGA1UEBhMCU0UxEjAQBgNV
BAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQDDAx0ZXN0LmFzMi5u
ZXSCCCh1LQSez4EsMAsGA1UdDwQEAwICvDANBgkqhkiG9w0BAQsFAAOCAQEAQNhK
/jVm6PRdui2ptx0wLd4QD7duPxULfYdhbab+Odp/LbQ08Mp1FZ8JjnJnH/z1H7SH
4kPjEHIC22VDvK1+MAjTq4iPKgpmtBSdC8dJ/S8rNE9nzpfuheM79ES8ERPNTi2M
umq1OM8L43J+LMVwNyWx4JlI7egJgqzP5NKaPo35pI1Z/71eVGn6uPwlOdP9s8un
wtOYSGZ+mVUwQ/wiGuJ7VsxCeGPpG2rV38zUGQGiOqerkqHCLDL2K3ondA53M/my
AhA7M2qPBNPee9guEEXiI/W038rzPVSE8lETbNEnsTLxCI1uN68tEBRSZlBQwu/r
/pOXP3fw/HaEGP0gsTGCAlIwggJOAgEBMFIwRjELMAkGA1UEBhMCU0UxEjAQBgNV
BAcMCVN0b2NraG9sbTEMMAoGA1UECgwDQVMyMRUwEwYDVQQDDAx0ZXN0LmFzMi5u
ZXQCCCh1LQSez4EsMAcGBSsOAwIaoIHYMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTE4MDMxNDEzMzgwM1owIwYJKoZIhvcNAQkEMRYE
FOLO/ihBaZEe6+s2HipYsy+ie9WLMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUD
BAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZI
hvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEo
MA0GCSqGSIb3DQEBAQUABIIBAH4HrlzhccYzwmxlDjRWa0cn2eOIz6tYnOKqjcgQ
wVVM0BEkXusnz+3o/KMqpCjTDWcC4yOrJqJVVGKl11yGkUs/3PKZZyEGcKR0PRl0
R+2tTcwt7CT8uqH64sth23DUU7r4tAnbmMhI6Gwsc/6ttLC5qVJrg80dcWmmUx7J
AWrigTQUW70yU3HbyIm+fA87j0vilgL/eXMAWT/TB73x3zRz+UVRkEyPM+JWK0Xj
voMK1drjXrSm/xJrzo6/5p2o0X/yhi9V/QEctCU9nfrv1+uDVJek0uMTR/xwRUs6
Jua/lzQjxJwCGSGabfQ8VbAABZZNBzMAAMzgQEvfQZb8enA=

------FF336B91207E7B459FAC35C0D274B8F8--
3
Anders 14 Мар 2018 в 15:09

1 ответ

Лучший ответ

Да, это возможно с комбинацией crypto и node-forge!

function verify() {
  var crypto = require('crypto');
  // pkg_sig is the extracted Signature from the S/MIME
  // with added -----BEGIN PKCS7----- around it
  var msg = pkcs7.messageFromPem(pkg_sig);
  var sig = msg.rawCapture.signature;

  // pkg is the "clean" signed data from the S/MIME
  var buf = new Buffer(pkg, 'binary');

  var verifier = crypto.createVerify("RSA-SHA256");
  verifier.update(buf);
  var verified = verifier.verify(cert, sig, 'binary');

  console.log(verified);
}

function sign() {
  /*
  // Verified working AW, 2018-03-15
  // Signature successfully verified by OPENSSL

  openssl smime -verify -in packageCopy.txt -CAfile test.as2.net-sscert.pem
    Content-Type: text/plain

    UNB+UNOC:3+esab+postnet+111101:1954+6045++++++'UNH+12011+INVOIC:D:93A:UN:EDIT30'BGM+380::9+006124412+9'DTM+137:20111101:102'UNT+55+12011'UNZ+1+6045'       Verification successful
  */

  var p7 = pkcs7.createSignedData();
  p7.content = forge.util.createBuffer(pkg);
  p7.addCertificate(cert);
  p7.addSigner({
    key: forge.pki.privateKeyFromPem(key),
    certificate: cert,
    digestAlgorithm: forge.pki.oids.sha256
  });
  p7.sign();
  var pem = pkcs7.messageToPem(p7);
  console.log(pem);
}
1
Anders 22 Мар 2018 в 21:56