我尝试使用加密nodejs模块。但我没有成功地使它工作。
import * as crypto from 'crypto';
import { RsaPrivateKey } from 'crypto';
const privateKey = crypto.privateDecrypt(rsaPrivateKey, Buffer.from('')).toString();
我有一个密码短语。我需要这样做,以便在AWS中导入我的证书。有人有主意吗?
我知道我们可以在golang中使用
if x509.IsEncryptedPEMBlock(block) {
der, wrongPass := x509.DecryptPEMBlock(block, []byte(o.passphrase))
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,XXXXXXXXX
解密很容易实现,使用NodeJS的加密模块使用两个函数crypto.createPrivateKey()导入加密密钥和keyObject.export()导出未加密密钥:
crypto = require('crypto');
encryptedPkcs1 = `-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,B2FBBDCE627586CB04423335D9D4EC59
ekUVpHooHO3d5Ao0gTovipGK9DAP0MBXffEvBrtvcNcxhd9vaE6PsIxQPGwxnc/C
v9Y5RiClNwgZHtRol+i+QeZYLQHUQdOs3toymUgpIcN19IHyxU4C17PCWLZQpuVy
7hcD150dxkGv6Ai53QHIIl4Zybk6neBSbHpJtCnKjRMc6dNONpmFGqO/9SCmH/Bv
lHtPNZ9VsCDI67OO9fMQ3AqfpeGmCwJF8HgXf0nquQH1BJkZsYc4bq/xfGLFII0N
odWD1XEnwL4DWQ1r2wH0IvAXyVQUpwUmDeuDeeslQe9S5IERxovlFKIGsJnIrDLu
j420LLuiMjvj4Cipl91zZjlypsxCXgP7Ta8SDNNWo6yi0qAk1VbMAaeu2GsI6mn5
IUmGr0mkZsSxGFSc9614z+2aJjXEuX1jZ1q83nnZMTz0zEKu/0B6M5h+2B7kG5W1
-----END RSA PRIVATE KEY-----`
encryptedKey = crypto.createPrivateKey({
key: encryptedPkcs1,
passphrase: 'myPassword'})
decryptedKey = encryptedKey.export({
format: 'pem',
type: 'pkcs1',})
请注意,在实践中,现在的密钥不应该小于2048位出于安全原因。这里的512位密钥仅用于测试。
输出为:
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAL2D8iI9YRKCxsqDrw9WDFddW+xD2FBx383pxiW4el8M2OangbWH
FzOf8Y8ZQiw5tfocUqTvMhOcS1gThT5zUusCAwEAAQJBAJjTO0IzPwF/ZjFPKa9z
U3ZsOcF4IIsWmUTivMAUWNImFS0XiecmhiOpdgjP4LQ5gkphcC7f9VYS6Xw4suen
ZOECIQDp3GtcMdHJzQKn4fDnmTStHeEVDoqvs2tVE/HaWoYhMQIhAM900ZGxJIxK
GYrdkGU2ETvvkyRH7JStGlj3dIJDGE7bAiEAiSIFmpRkLm+XJRbqiwRdzT3+JLjY
Plt5jvQZGC+JA6ECICzJB0TwfPdcN89mrXlsBqRtv9IhRM2D4SA7q4dDfMfpAiEA
s9/2kHpLVmtpEDyw+u4Qrgt6/xUR1B39nceE1bEBo+U=
-----END RSA PRIVATE KEY-----