spacewander / lua-resty-rsa Goto Github PK

resty -e '
local cjson = require("cjson")
local resty_string = require "resty.string"

local find = string.find
local sub = string.sub
local gsub = string.gsub
local resty_rsa = require "resty.rsa"
local RSA_PUBLIC_KEY = [[
-----BEGIN PUBLIC KEY-----
aa
-----END PUBLIC KEY-----
]]

local rsa_public_key,err = string.gsub(RSA_PUBLIC_KEY, "aa", "-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEAAQUAA4GNADCBiQKBgQC3f/TBa4c+jMjYiHJQAuW4Ay6m Y1KnIPAUeKMVdaZgeW+1f0SCpCT9g1AVhgbQ2coeoNmLsL/16xqs9QccFDvJzs7k YKcHI/STLKTvaEXFt3VTbnl+Sxq96L4bX7StBq9qS1Yo+cdzshsFQ/5rCJ2sy8pR zHPoC9+Vb0t+MrN4fQIDAQAB -----END PUBLIC KEY-----")
ngx.say("rsa_public_key: ", rsa_public_key)

local pub, err = resty_rsa:new({ public_key = rsa_public_key, algorithm = 'SHA1' })
ngx.say("new rsa err: ", err)
if not pub then
ngx.say("new rsa err: ", err)
end
local verify, err = pub:verify("ssss", "xxxxxxxxxxx")
if not verify then
ngx.say("verify err: ", err)
return
end
ngx.say(verify)

'
我使用上面的测试代码，测试后，结果只打印了
rsa_public_key: -----BEGIN PUBLIC KEY-----
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEAAQUAA4GNADCBiQKBgQC3f/TBa4c+jMjYiHJQAuW4Ay6m Y1KnIPAUeKMVdaZgeW+1f0SCpCT9g1AVhgbQ2coeoNmLsL/16xqs9QccFDvJzs7k YKcHI/STLKTvaEXFt3VTbnl+Sxq96L4bX7StBq9qS1Yo+cdzshsFQ/5rCJ2sy8pR zHPoC9+Vb0t+MrN4fQIDAQAB -----END PUBLIC KEY-----
-----END PUBLIC KEY-----

公钥有问题的情况下，似乎直接退出了，而没有报错信息返回。

定义pubkey，resty_rsa:new(RSA_PUBLIC_KEY, true);

返回错误 no start line

您好，首先感谢提供封装好的rsa库。

我的问题是，我现在使用私钥创建了签名。但是验签时，创建ras对象，一直报错： no start line.
但实际传入的公钥是有开头-----BEGIN PUBLIC KEY-----的。
我的私钥和公钥，不是用generate_rsa_keys生成，使用openssl genrsa 等命令生成的。

这点，不知道作者是否知道原因呢

I got the error message when I decrypted data encrypted by java.
How should I modify the lua scripts.

OpenSSL_add_all_digests这种函数只初始化一次就可以了吧 ，应该在require module的时候显示调用一下，而不是 在每次建立实例的时候调用，因为重复调用相当于空操作

要加密的数据比较大（超过256字节），我用java分段加密，lua怎么实现分段解密呢？
麻烦有解决的兄弟，提供一下方案

90 if ffi_cast("void *", rsa) == nil then
91 return err()
92 end
进入return err(),nginx进程就退出了。无法加密解密

我的安装环境(安装了nginx－lua和 luajit的)
[root@Ciaos_Aliyun_01 nginx]# sbin/nginx -V
nginx version: nginx/1.6.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-pcre=../pcre-8.34 --with-zlib=../zlib-1.2.8 --with-http_realip_module --with-http_stub_status_module --with-http_addition_module --with-google_perftools_module --with-openssl=../openssl-1.0.1g --add-module=../ngx_cache_purge-2.1 --add-module=../lua-nginx-module-0.9.8 --with-http_gzip_static_module

[root@Ciaos_Aliyun_01 nginx]# ldd sbin/nginx
linux-vdso.so.1 => (0x00007fffbf3ff000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003496800000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x0000003498c00000)
libluajit-5.1.so.2 => /usr/local/luajit/lib/libluajit-5.1.so.2 (0x00007f8383a1c000)
libm.so.6 => /lib64/libm.so.6 (0x0000003497400000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x000000349cc00000)
libprofiler.so.0 => /usr/lib/libprofiler.so.0 (0x00007f8383809000)
libc.so.6 => /lib64/libc.so.6 (0x0000003496400000)
/lib64/ld-linux-x86-64.so.2 (0x0000003496000000)
libfreebl3.so => /lib64/libfreebl3.so (0x0000003498800000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003496c00000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00000036fea00000)
libz.so.1 => /lib64/libz.so.1 (0x0000003497800000)
libunwind.so.8 => /usr/lib/libunwind.so.8 (0x00007f83835e8000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00000036fe600000)

这个例子是sha1withrsa 的签名嘛？ 我签名结果跟其他语言不同啊。java 和 oc 签名结果是一致的。确定证书没问题。

rsa.lua 中的 PADDING 模式目前看只支持4种，RSA_PKCS1_PSS_PADDING 这种pss模式的padding是否支持呢

你好，generate_rsa_keys(1024) 产生的公钥，最后一个\n符后面有时候会多出一些特殊字符，截图是我用cjson.encode转成json数据的

lua-resty-rsa生成的 公私钥样例(pkcs#1)如下

用支付宝工具生成的公私钥样例(pkcs#1)如下

将支付宝私钥(pkcs#1)转成PEM格式后， 做签名一切正常。 但是将支付宝公钥转成PEM个时候，创建rsa公钥对象都失败。

    --  pubkey是用支付宝工具生成的pkcs#1公钥转成PEM格式的公钥
    local pubkey = [[-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9HI/Xedl1uKkzaZOTzW
CyAD3zojrXO6XLgmD+CGnwj/gYm2MaeEp1xw+5FKVfUoGF/J8rRzBOY4nslg7JsL
hO3Q8pqa94T942i4DauVgwY+ieDrGuaJ895QaCHHltu62XCVVyXRKmisbZteXJYr
NYyPetdVoaqjoXi+0jQPIvPzOz0y1JFGwvw+kTOvDrN8IlMCrJEpDI7QRlhLTRKV
tv1dRYC8hSjj2VkOVq4uEH+SUc9rvIRt44G6eHWIR1C1HiosjOiY/wT+kfVfkm+Y
qntaOmT9jy20y1A97ZCj9SuTEWGbx9pZvMcVwvh+z63Ds27hvnPssNHyDqjejsCx
hQIDAQAB
-----END RSA PUBLIC KEY-----]];

 local pub, err  = resty_rsa:new({ public_key = pubkey, algorithm = 'SHA256'});
    if not pub then
        return res:json {  msg = err };
    end

错误信息为： "wrong tag: nested asn1 error: nested asn1 error: Field=n, Type=RSA: ASN1 lib"

您好，我在RSA加密时遇到问题，failed to encrypt client secret: wrong tag: nested asn1 error: Type=RSA: ASN1 lib。实在没有找到问题所在。
OpenSSL 1.0.1e-fips

patch:
rsa.lua.patch

API update:

  rsa:generate_rsa_keys(bits,pkcs8)

test:

local rsa = require("resty.rsa")
local pub, prv, err = rsa:generate_rsa_keys(512, true)
print(pub)
print(prv)
print(err)

When I do as your example in README.md,I got the error as below:

2018/04/24 19:57:26 [error] 125048#124724: *47909566 lua entry thread aborted: runtime error: ...y_For_Windows_1.13.5.1001_64Bit\x64\nginx//resty\rsa.lua:149: cannot resolve symbol 'RSA_new': 找不到指定的程序。

stack traceback:
coroutine 0:
[C]: in function '__index'
...y_For_Windows_1.13.5.1001_64Bit\x64\nginx//resty\rsa.lua:149: in function 'generate_rsa_keys'

使用方式

出现错误

环境
openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

openresty version
nginx version: openresty/1.15.8.1rc1

代码
local algorithm = "SHA256"
local priv, err = resty_rsa:new({ private_key = private_key, algorithm = algorithm })

opm安装的版本里面没有generate_rsa_keys方法，请问使用哪一个版本好呢？

what version support lua

Could you please push the current version of lua-resty-rsa to opm? The one I just installed using opm get still has the line C.OpenSSL_add_all_digests() in it, which you have since removed from your git repository.

您好，我遇到一个问题，openresty发出了alert信息。信息如下：

23988#0: *21 ignoring stale global SSL error (SSL: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:Field=n, Type=RSA error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib), client: 45.251.104.133, server:

我的使用方式：

local resty_rsa = require("resty.rsa")
local private_key = [[
-----BEGIN RSA PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMGd9EohSbkULL68zFoY/AikrTLnvdsUkjN5ulyDWZcDlA4SD/GDTC2Nn5Jz5YjYt+USbsfex/ob2+HfSPtRr3gtCv97xOHjijnt2arfwljxlhTpPLF3bNQJLeeoHpdAX3B+oV1JPcEra4xcTtJRzFIkdduLO3Vye3rFe0UaBonTAgMBAAECgYAkc0o0UoQAle2+kuid5ao9LlN1C+/QONU1X6tYE1pgdcn/xCLAQwmqYcky1yLVWod0Vr4IXsajLW993H1u4vf3gh9TEodNa5L4Ps8mG5MDvP14ZePhKKkrGGpEXQWnJn+mnaNhgumOcnJDngocxvW/VBGjN/XwsdXkUT+p76XwwQJBAN+O9rlSiRSlH/Nizv3PtnGofKd3lxn7QwolPhAOhXYbTEuw0BJ3ubAikLnf2ngJbUrIi2xFyCtaDrhOcHnngMMCQQDdtq/1EPPeCJX6ehOkAoBOMEtf7t6Y0fiKuowlMk02OhNoORDhY/ESnOPkNo5CCM/QkaYSPL+/wKVgteotV0GxAkAlYTQjvIcrKojzGxxdF/P7gR6Gqdpb/8Uv1xZPfP4Xx2y0YzYHQHmN19m3GpTe6USa8nlNe0WC6iX37zWjTHAdAkAW+x2n8Dbm18r76HVqtZuo/xaA/hhyjKkPcCCgpmMccM6cKfYW9q4BOOPiPslmDNXFj6NAFq3laUl7CcAZLQcxAkB30sZP/PSjeXtCVxT+3MeDSBNL67HTqFttWespYNRdvgVY/YYdXJh3d+t3ks7znCP0EYzA1f7k1kAot5fW11s
-----END RSA PRIVATE KEY-----
]]
local priv, err = resty_rsa:new({ private_key = private_key })
if not priv then
ngx_log(ERR,"new rsa err:" , err)
end
我可以正常使用 priv:decrypt()方法，而且也可以解密出相应的结果。

请问如何解决alert的消息问题？
不胜感激

lua-resty-rsa is not automatically beeing installed when adding it as dependency:

dependencies = {
  "lua ~> 5.1",
  "lua-resty-jwt ~> 0.2.2",
  "lua-resty-rsa >= 1.0",
}

Luarocks only reflects the 0.04 version if this module: https://luarocks.org/modules/p0pr0ck5/lua-resty-rsa
Are there any plans to reference the latest version?

I use a multiline string to init a new pubkey and got 'bad end line ' ERR .
example:

pubkey = [[-----BEGIN PUBLIC KEY-----
asdfasdfasdfasdfasdfasdfasdfasdfas
gafasdfasdfasdfasdfasdfasdf
dfasdfasdfasdfas
fasdfasdfasdfasdfas
-----END PUBLIC KEY-----]]

pub , err = rsa:new({public_key = pubkey})

then pub is nil , err is 'bad end line'

does the opt value require specific format ?
thanks a lot

-- conf/test.lua:

local resty_rsa = require "resty.rsa"
local rsa_public_key, rsa_priv_key, err = resty_rsa:generate_rsa_keys(2048)  -----这里是rsa_priv_key
if not rsa_public_key then
    ngx.say('generate rsa keys err: ', err)
end

ngx.say(rsa_public_key)
--[[
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAuw4T755fepEyXTM66pzf6nv8NtnukQTMGnhmBFIFHp/P2vEpxjXU
BBDUpzKkVFR3wuK9O1FNmRDAGNGYC0N/9cZNdhykA1NixJfKQzncN31VJTmNqJNZ
W0x7H9ZGoh2aE0zCCZpRlC1Rf5rL0SVlBoQkn/n9LnYFwyLLIK5/d/y/NZVL6Z6L
cyvga0zRajamLIjY0Dy/8YIwVV6kaSsHeRv2cOB03eam6gbhLGIz/l8wuJhIn1rO
yJLQ36IOJymbbNmcC7+2hEQJP40qLvH7hZ1LaAkgQUHjfi8RvH2T1Jmce7XGPxCo
Ed0yfeFz+pL1KeSWNey6cL3N5hJZE8EntQIDAQAB
-----END RSA PUBLIC KEY-----
]]--

ngx.say( rsa_private_key)    ------------------这里为rsa_private_key

rsa_priv_key
rsa_private_key
两个地方变量名称不一样，我说特么怎么输出为空。。。

�ԄN%��I��뫔\ �ҢR���"���%E�dtO
��r�N�m��a�I��Ų�]�A_O<���H���A���#_����\��cG�_�xn�{E������+�NxD��?Ą2&0���f�*
��Ŭ�k�9���ƒ5ל�:��XzP�
�!�{y����"�L|}�d��Mԁ�tS�U��;�v�P_�s�kp��+�m��_�(�����58�w�HW� �]�^z̜�_�EP�R՛2�w�,����qӱ�>�>C�T�{�=`�9�<��!���

我用这个库去解密文出现错误信息：data greater than mod len

接口中输入的公钥抬头为：
-----BEGIN RSA PUBLIC KEY-----
然而openssl生成的公钥抬头为：
-----BEGIN PUBLIC KEY-----
没有RSA关键字，只有私钥里才有，希望更正一下。

我看示例显示解密时候接受的是 字符串，但是现在我的需求是，也就是让下面的参数encrypted 直接使用加密后的二进制内容，或者能接受base64的内容参数也可以啊，因为原始被加密的数据是二进制的，不是明文可读的：
local priv, err = resty_rsa:new({ private_key = rsa_priv_key , key_type = resty_rsa.KEY_TYPE.PKCS8 })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local my_bytes = priv:decrypt(encrypted)

私钥加密需求（private key encrypt demand）

lua-resty-rsa是一个遵循”公钥加密、私钥解密“的类库，公钥是对外部开放的Key，存在公钥被获后模拟加密请求的风险。为了业务的安全希望能够做到遵循”私钥加密、公钥解密“这种模式，目前lua-resty-rsa并没有支持该场景。希望升级该类库能够支持”私钥加密、公钥解密“这种模式。
（Lua-resty-rsa is a class library that follows the "public key encryption and private key decryption" principle. Public keys are open to the public, and there is a risk of simulating encryption requests after the public key is obtained. For the sake of business security, it is hoped that the "private key encryption and public key decryption" mode can be followed. Currently, lua-resty-rsa does not support this scenario. It is hoped that the class library can be upgraded to support the "private key encryption and public key decryption" mode.）

我尝试按照之前Issue里面的代码改了，but failed

使用sencrypt.js公钥加密后，再使用当前库来私钥解密，解不出来，该怎么解决？

这里有一位朋友已经添加上了，不过也没有给用例。签名中他默认使用SHA256，而我还想可选SHA1
还有，用其它语言，同一个私钥，签名结果不一致。
您能不能完善一下您的类，加上签名和验签方法？非常感谢。

how sign or verify with specified charset, GBK?

I used opm to obtain lua-resty-rsa, and found a useless test file x.lua in resty_modules/lualib.

Currently, the version installed from package manager is still 1.15.8.
Hopefully OpenSSL 1.1.1 doesn't break anything since OpenSSL 1.1.0.

可否增加一个函数，判断传入的 证书 / 私钥 是否合法，合法 返回证书的过期时间等信息

Is fixed by: #48

See error below:

RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-rsa

#7 sha256:8e140f869c9afba48a99b5bdbfdcadd85370bfdf13d1a224e06edc0c1b694738

#7 1.632 Installing https://luarocks.org/lua-resty-rsa-1.1.0-2.src.rock

#7 2.437 

#7 2.437 Error: Couldn't extract archive /tmp/luarocks_lua-resty-rsa-1.1.0-2-PKcgv1/lua-resty-rsa.git: unrecognized filename extension

#7 ERROR: executor failed running [/bin/sh -c /usr/local/openresty/luajit/bin/luarocks install lua-resty-rsa]: exit code: 1

这是generate出来的
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAtv4b3uiZ95VbrmP1aHBa+dnCi1ji8zckQba5815A42DwKGZiDqwm
Q7B9BAXKSWyCOCqRd8f39LYuz4fAPuIXWLwzjXkrdYv2wcvOr+8NpIQ05/Kwy8kt
o3Pa3h3Q1Vw7ItWznnz28t6ejPrc0L1l3N/HkMrZnyH23x8FJ8o6k1FhBH28YpuC
9tg4KSbTiOnuHZ/TPnJ2hammRmFEKRpf1PV2lySjVrHXSAQ9+Sr4TwvQJGo9vWCx
QjIvgoD06l8NvnLPu4lsYI8BAkMIsd5rzIp6XYyEHV88+wx6e/AmYf1P4Tkd9XZ3
d8NdWkMd8wJgzncrCnYhmBA/6Wm7orINhwIDAQAB
-----END RSA PUBLIC KEY-----

这是我的：
-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKp7UqlyK65w6k3qH99W
rp7xtiCNy1uHTX67nVadoOoMCDGXYJpdmQ8bZ3WQRPu0Xw9/s58c/F2BKLD+jAy9
mFZOyxfVCwgKww4mcKWwFApRG3tHwJaDdlm/iXQdpBB/X2mFk3CXmDNK086NXmJX
cMqIQKMxmfbEqSSAIdKzLK4gNrakP2i4/tNZt2yDvv458EuY+BfB+qYFl0LjVS9m
JoBbXH2dvRtljIrzw0906cPcd+8g/6va0j7beVKIICwrvqop1ziLF51KI5jF/fRf
QlgUKMeypwxXhkBcEM6oqPkonutm/8XdPDTXki7+qsCWJNFI2puJkOmYWZ4uGbPQ
hQIDAQAB
-----END RSA PUBLIC KEY-----

用上面的new出来没问题，也可以正常加解密，用我的错误 new rsa err: wrong tag

复现数据如下
公钥：
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkGMUV0URISM02kn7XAg6Q2RnN2nK+bVaxFPTJ4kApWRNoKy2r2pLyoW4SN3GBNBVroJI6MAOCcv8hcbwUCuMCS07d/tr7n/VxrnWxg7YQ55l+SqDCwPIVapcadNhQK89uG+0d4WNrPfFMln515gGjYHpHlrBwjXRa1gu+mLiN//tzn0URCOpz3bbXIvyR1TqT0FmqllOkv6tOHBZ29grdqBc4QarmwBrlQbxiCAWJ+IJMTXhjROp+aNPZHV5q6stB9phkMnde4Rb2tM4cDizRyYvq8EP9Ev8ahy7qFnoZLglZdo2zQkUKIVDqlojvqjJvRe/NuPk0IC50kjlcQQ0QIDAQAB
-----END PUBLIC KEY-----
算法：MD5
原始数据：9r7e36RUCB96+EyTraTKbNlfd0IkFmxBNvYYyoHyDsDXQfiIas4qISPE36pY7ysDfSVaB3i8NFMXuHyefHXcO0ChLpnNHtWusQrvjkyvWIGb1ioBDGkQbp0BvYzkVV19deqESwdV7+yNFXoGKmXgOxkNkUbxVwU34G6c6r+tEycYZi1WFpD1IxwEK+QjfKs1A/5AdGgZGJdM8odtfm9rC+THq66bzxqG5D6nnL4YSzI+cLIoo8dPvoMqXSopBvfPNeaTTbaKfk+WPaBfP3TJC0mDj+JQGHC4SvIt6wlEaBf3HuNoL9IZsVcpDBQ9/ZB2xwCGEcEPLx4mMVHcXcvt1jMbv5kNHr/iq5ImwwZ2MfU1TCrPOM66AKYkIbtIjArg
签名：jEBunT5tkqESrx+DPXoY+XMnqz9YCNm2+6SxdAKu/LR2q9weIPydYPylwrJRQEUsrh2A6p1soZEt67A38W+COYC3k/8WvHL18Rdm6QJAML4m6ooC3qwRZfuZKGzV3sY1KFpzgch0TTu2OHIXkFOecPMB9SOU9SyY1xYR1raqtCl/c69S+1poq5d220N/r3eRfe6OAUnh/6k2gMyZrvvpJqzYTGvHlXVhNgEElX4qV38nMXi1jCheBJ95bZInvJUoXTjyxDrsFCJuc80+Y1t8gBaSpv6bBLP8daFspsv6onCDTYiiBQKy9i9m6twX/FaBL9XE+KSIoOHU2aWZTyRcNA==
rsa version: 1.1.0
通过其他渠道验证可以通过，但是rsa运行时提示 verify(): verify err: wrong signature length，是我使用不当还是什么情况？请帮忙解决