change the fuckin key algo

2024-12-21 14:54:11 +01:00 · 2024-10-13 12:38:08 -04:00 · 2024-10-13 12:38:08 -04:00 · 0bb0d8de72
commit 0bb0d8de72
parent b171ba34a4
4 changed files with 8 additions and 10 deletions
--- a/index.js
+++ b/index.js
@ -205,7 +205,7 @@ app.get('/.well-known/webfinger', function(req,res){
 		return res.send(JSON.stringify(resJson));
 	} else {
 		res.status(404);
-		res.send();
+		res.send("unknown user");
 	}
 })

--- a/lib/apCryptoShit.js
+++ b/lib/apCryptoShit.js
@ -21,16 +21,16 @@ function getKeyId(){

 function sign(str){
    _precheck()
-    var signerObject = crypto.createSign("RSA-SHA256");
+    var signerObject = crypto.createSign("RSA-SHA256");// needs to be "RSASSA-PKCS1-v1_5 with SHA-256" I'm assuming this is RSA_PKCS1_PADDING...???
    signerObject.update(str);
-    return signerObject.sign({key:getPrivateKey(),padding:crypto.constants.RSA_PKCS1_PSS_PADDING}, "base64");
+    return signerObject.sign({key:_privKey,padding:crypto.constants.RSA_PKCS1_PADDING}, "base64");
 }

 function verify(str,signature){
    _precheck();
    var verifierObject = crypto.createVerify("RSA-SHA256");
    verifierObject.update(str);
-    var verified = verifierObject.verify({key:_pubKey, padding:crypto.constants.RSA_PKCS1_PSS_PADDING}, signature, "base64");
+    return verifierObject.verify({key:_pubKey, padding:crypto.constants.RSA_PKCS1_PADDING}, signature, "base64");
 }

 // private
--- a/lib/apGet.js
+++ b/lib/apGet.js
@ -64,7 +64,8 @@ module.exports = async function apGet(url,ttl) {
        
        axiosOpts.headers.Signature=Authorization;

-        console.log("axios request info: \n"+JSON.stringify(axiosOpts,null,2))
+        console.log("axios request info: \n"+JSON.stringify(axiosOpts,null,2));
+        console.log('string that was signed: \n---\n'+plaintext+'\n---')
        
        let response
        try {
--- a/utils/ensure-keys-work.js
+++ b/utils/ensure-keys-work.js
@ -3,9 +3,6 @@ const cryptoShit = require('../lib/apCryptoShit.js')

 var signature = cryptoShit.sign("hello world")

-console.info("signature: %s", signature);
-//verify String
-var verifierObject = crypto.createVerify("RSA-SHA256");
-verifierObject.update("hello world");
-var verified = verifierObject.verify({key:cryptoShit.getPublicKey(), padding:crypto.constants.RSA_PKCS1_PSS_PADDING}, signature, "base64");
+var verified = cryptoShit.verify("hello world", signature)
+
 console.info("is signature ok?: %s", verified);