Creating RSA-SHA1 Signatures Using JavaScript

Question

Creating RSA-SHA1 Signatures Using JavaScript

I would like to generate RSA-SHA1 signatures with the RSA-Sign JavaScript Library . In particular, I would like to use this to sign OAuth requests.

However, the signature generated by the JavaScript library is different from the one I can generate, for example. with

$ echo -n "x" | openssl dgst -sha1 -sign priv.key -binary | openssl base64 | xargs echo -n
eV0ZrD7ZrTsuzHHYSwLfUJhXuM96D6ZyIzD5FFphzHbKRaO4TMeTR7bJjkuPib+l
EccM7t6YNDvRgOHyXJDVZZQTg5G4D4jnGVmOgeuti1etCCpLsb1Rl3sfJF/rIlgA
AmejvBbrEG+n8L+GeD6Vd3cneW7k2Rksnh+/BWnnR3c=

In contrast: this is what the library generates (base64 encoded):

Nzk1ZDE5YWMzZWQ5YWQzYjJlY2M3MWQ4NGIwMmRmNTA5ODU3YjhjZjdhMGZhNjcy
MjMzMGY5MTQ1YTYxY2M3Ng0KY2E0NWEzYjg0Y2M3OTM0N2I2Yzk4ZTRiOGY4OWJm
YTUxMWM3MGNlZWRlOTgzNDNiZDE4MGUxZjI1YzkwZDU2NQ0KOTQxMzgzOTFiODBm
ODhlNzE5NTk4ZTgxZWJhZDhiNTdhZDA4MmE0YmIxYmQ1MTk3N2IxZjI0NWZlYjIy
NTgwMA0KMDI2N2EzYmMxNmViMTA2ZmE3ZjBiZjg2NzgzZTk1Nzc3NzI3Nzk2ZWU0
ZDkxOTJjOWUxZmJmMDU2OWU3NDc3Nw==

(provided, of course, the same input and key, of course)

Is this possible due to the use of SHA1? In this case, I could try using another one.

I'm not a cryptography specialist, but OAuth RFC 5849 says that RSASSA-PKCS1-V1_5-SIGN needs to be used, which seems to be the case for the library.

Many thanks.

+5

javascript cryptography oauth rsa sha1

Simon 25 . '12 8:54

1

Gz Zheng · Accepted Answer · 2012-01-27T16:45:20+0000

openssl, JS-, , . , , .

, , , base64, , . , base64?

base64 ?

function doSign() {
  var rsa = new RSAKey();
  rsa.readPrivateKeyFromPEMString(document.form1.prvkey1.value); //replace with your private key
  var hSig = rsa.signString("x", "sha1");
  var base64_encoded_signature = hex2b64(hSig);
}

"base64_encoded_signature" , openssl, .

Creating RSA-SHA1 Signatures Using JavaScript

More articles: