Home/ Questions/Q 6110265
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T14:29:44+00:00

Is there a good way to validate signatures in Node.JS (v0.4+) with public keys?

  • 0

Is there a good way to validate signatures in Node.JS (v0.4+) with public keys?

Current crypto module allows this with certificates but not with public keys. For example:

var crypto = require("crypto");

verifier = crypto.createVerifier("sha1");
verifier.update("signed data");
verifier.verify(CERT, signature);

Variable CERT needs to be signed certificate (I guess the public key is pulled from that) but all I have is the public key and not a certificate.

Only solid way to achieve this seems to be dumping the contents of the data, public key and signature into files and execute openssl dgst

fs.writeFileSync("public.key", pubkey);
fs.writeFileSync("sig.sha1", signature);
fs.writeFileSync("data.txt", data);
exec("openssl dgst -sha1 -verify public.key -signature sig.sha1 data.txt", ...)

But creating (and deleting) files every time I need to verify a signature seems like a total waste.

Any good ideas how to do it better?

UPDATE 2011-08-03

Crypto module in Node.js v0.5 allows verifying both with certificates and public keys (RSA or X.509)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Why don’t you just take your public key and put it into a self-signed certificate? Then node’s crypto module will work fine for you.

    http://www.akadia.com/services/ssh_test_certificate.html

    I would think that doing this would be much more efficient than forking an openssl subprocess.

    • 0