1. 技术文章
  2. 'EVP_DecryptFinal_ex:bad decrypt' error on nodejs

'EVP_DecryptFinal_ex:bad decrypt' error on nodejs

我的未来我决定 提交于 2020-01-26 04:02:05

问题


I got this error from nodejs server when perform a http POST request login:

digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

I created keys by: 

openssl genpkey -out privateKEY.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096

and 

openssl pkey -in privateKEY.pem -out publicKEY.pem -pubout

How can I solve this?

This is the code:

var mysql = require('mysql');
var express = require('express');
var cors = require('cors');
const jwt = require('jsonwebtoken');
var sanitizer = require('sanitizer');
const fs = require("fs");

var app = express();
app.use(cors());

var connection = mysql.createConnection({
    host: '127.0.0.1',
    user: 'andrea',
    password: 'password',
    database: 'cars_market_place'
});

try{
    connection.connect();
}catch(err){
    console.error("Error:"+err);
}

const RSA_PRIVATE_KEY = fs.readFileSync('./privateKEY.pem');

function LinkMysql(query) {

    return new Promise(function(resolve, reject) {

        connection.query(query, function(err, result) {

            if (err)
                console.log('error: ' + err);

            resolve(result);

        });

    });

}  

app.post('/login', async function(request, response) { 

    let username = request.query.username;
    let password = request.query.password;

    if (username && password) {

        usernameS = sanitizer.sanitize(request.query.username);

        getUser(connection.escape(usernameS)).then( function(user){

            if (!user) {
                console.log("user not found:"+ username);
                response.status(401).json({ msg: 'No such user found', user: username });
            }

            if (user.password === password) {

                const jwtBearerToken = jwt.sign({}, RSA_PRIVATE_KEY, {
                    algorithm: 'RS256',
                    expiresIn: 120,
                    subject: user.username
                })

                response.json({ msg: 'ok', token: jwtBearerToken });
            } else {
                response.status(401).json({ msg: 'Password is incorrect' });
            }
        }).catch( (err) => {
            console.error('error='+err);
        });

    }

});

    function getUser(username){

        return new Promise((resolve, reject) => {

            query = 'SELECT * FROM `users` WHERE `users`.`username` = ' + username;
            console.log('query='+query);

            LinkMysql(query).then(function(data) {

                console.log("data="+data[0].username);
                console.table(data);
                resolve(data[0]);
                reject(null);

            }).catch((err)=> {
                console.log('Error:'+err);
            });

        });

    }

app.listen(8080);
console.log('server listing on 8080');

回答1:


I solved adding the passphrase that I passed in an object together with RSA_PRIVATE_KEY to jwt.sign. 

jwt.sign({},{key:RSA_PRIVATE_KEY, passphrase:pass}, {...});


来源:https://stackoverflow.com/questions/59721820/evp-decryptfinal-exbad-decrypt-error-on-nodejs

标签
node.js
OpenSSL
jwt
rsa
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!