Matthew Raymer
1 year ago
10 changed files with 168 additions and 25 deletions
Binary file not shown.
@ -0,0 +1 @@ |
|||
hello! |
@ -0,0 +1,5 @@ |
|||
-----BEGIN EC PRIVATE KEY----- |
|||
MHcCAQEEIOjRzTX6T5FkhmOscZZdGp1b1PuOgk2p/YoJ7abFaJPPoAoGCCqGSM49 |
|||
AwEHoUQDQgAEQazvs+7/4y9drkN8RZCB3ZCFVhMZQLtcJmgeY5x9+RXqYE18VHJs |
|||
qagywecu9JLckZFFcraOX2hsifyEPQgCYw== |
|||
-----END EC PRIVATE KEY----- |
@ -0,0 +1 @@ |
|||
A¬ï³îÿã/]®C|E��Ý�…V@»\&hcœ}ùê`M|Trl©¨2Áç.ô’Ü‘‘Er¶Ž_hl‰ü„=c |
Binary file not shown.
@ -0,0 +1,4 @@ |
|||
-----BEGIN PUBLIC KEY----- |
|||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQazvs+7/4y9drkN8RZCB3ZCFVhMZ |
|||
QLtcJmgeY5x9+RXqYE18VHJsqagywecu9JLckZFFcraOX2hsifyEPQgCYw== |
|||
-----END PUBLIC KEY----- |
Binary file not shown.
@ -0,0 +1,67 @@ |
|||
|
|||
# NOTES on working with Cryptographic Keys |
|||
|
|||
Since the VAPID key pair was created using cyprto.createECDH we could reconstitute our public key |
|||
using only the private key: |
|||
``` |
|||
const curveName = 'prime256v1'; |
|||
const ecdh = crypto.createECDH(curveName); |
|||
const privateKeyBuffer = Buffer.from(privateKey, 'base64'); |
|||
ecdh.setPrivateKey(privateKeyBuffer); |
|||
const rawPublicKeyBuffer = ecdh.getPublicKey(); |
|||
|
|||
``` |
|||
|
|||
Unfortunately, crypto module creates only "raw" keys. And when working with jsonwebtoken.sign method |
|||
we must have a PEM or something with ASN metadata. So, we create PEMs using eckeys-util module: |
|||
|
|||
``` |
|||
const pems = ecKeyUtils.generatePem({curveName, privateKey: ecdh.getPrivateKey(), publicKey: rawPublicKeyBuffer }); |
|||
|
|||
console.log("privateKey: ", pems.privateKey); |
|||
console.log(); |
|||
console.log("publicKey: ", pems.publicKey); |
|||
|
|||
const jwtToken = jwt.sign(jwtInfo, pems.privateKey, { algorithm: 'ES256' }); |
|||
``` |
|||
|
|||
|
|||
I trie here to create my own ASN1 metadata but this seems doomed due to ignorance of what were the required |
|||
components: |
|||
``` |
|||
const asn1Header = Buffer.from('3059301306072a8648ce3d020106082a8648ce3d030107034200', 'hex'); |
|||
const derPublicKeyBuffer = Buffer.concat([asn1Header, rawPublicKeyBuffer]); |
|||
const base64DerPublicKey = derPublicKeyBuffer.toString('base64'); |
|||
console.log("base64DerPublicKey: ", base64DerPublicKey) |
|||
``` |
|||
Such an approach creates a DER key pair. An alternative to that method is: |
|||
``` |
|||
const ders = ecKeyUtils.generateDer({curveName, privateKey: ecdh.getPrivateKey(), publicKey: rawPublicKeyBuffer }); |
|||
console.log("privateKey: ", ders.privateKey); |
|||
console.log("publicKey: ", ders.publicKey); |
|||
``` |
|||
|
|||
... using eckeys-util again ... but I'm not 100% sure if these have all the necessary ASN1 metadata AND |
|||
the DER key will produce this error ... |
|||
|
|||
``` |
|||
Error: secretOrPrivateKey must be an asymmetric key when using ES256 |
|||
at module.exports [as sign] (/usr/src/app/node_modules/jsonwebtoken/sign.js:124:22) |
|||
|
|||
``` |
|||
... when used in the sign method. So, apparently, sign does not like the DER binary format but it is |
|||
fine with PEM. |
|||
|
|||
## When sending a notification request to the Mozilla endpoint it does not like the Crypto-Key header: |
|||
|
|||
``` |
|||
{ |
|||
"code":400, |
|||
"errno":110, |
|||
"error":"Bad Request", |
|||
"message":"Invalid aes128gcm Crypto-Key header", |
|||
"more_info":"http://autopush.readthedocs.io/en/latest/http.html#error-codes" |
|||
} |
|||
|
|||
``` |
|||
|
Loading…
Reference in new issue