我一直在使用自生成的 RSA 证书颁发机构来签署我的服务器和客户端证书，到目前为止 grpc node mutual authentication 工作正常。

出于同样的原因，我尝试将 secp256k1 与 ECDSA 算法一起使用，假设 BTC 或 ETH 的密钥将直接用于 grpc 身份验证。不幸的是我无法获得正确的输出。以下是详细信息。

• 操作系统：Ubuntu 18.04 64 位
• 语言：节点
• 身份验证：SSL/TLS
• 签名算法：ecdsa-withsha256
• 密钥生成类型：secp256k1
• 源代码：来自 grpc 节点示例的 dynamic_codegen

以下所有内容和步骤都可以从repository

1. 使用 gen.sh 生成服务器和客户端的 EC secp256k1 私钥和 TLS 证书。

# 1. Generate EC private key and self-signed certificate
openssl ecparam -genkey -out ca.key -name secp256k1 
openssl req -x509 -new -key ca.key -out ca.cert -subj "/C=FR/ST=Occitanie/L=Toulouse/O=Tech School/OU=Education/CN=*.techschool.guru/emailAddress=root.guru@gmail.com"

echo "CA's self-signed certificate"
openssl x509 -in ca.cert -noout -text

# 2. Generate web server's private key and certificate signing request (EC)
openssl ecparam -genkey -out server.key -name secp256k1 
openssl req  -key server.key -new -out server.req -subj "/C=FR/ST=Ile de France/L=Paris/O=PC Book/OU=Computer/CN=*.pcbook.com/emailAddress=server@gmail.com"

# 3. Use CA's private key to sign web server's CSR and get back the signed certificate
openssl x509 -req -in server.req -days 60 -CA ca.cert -CAkey ca.key -CAcreateserial -out server.cert -extfile server.ext

echo "Server's signed certificate"
openssl x509 -in server.cert -noout -text

# 4. Generate client's private key and certificate signing request (EC)
openssl ecparam -genkey -out client.key -name secp256k1 
openssl req -key client.key -new  -out client.req -subj "/C=FR/ST=Alsace/L=Strasbourg/O=PC Client/OU=Computer/CN=*.client.com/emailAddress=client@gmail.com"

# 5. Use CA's private key to sign client's CSR and get back the signed certificate
openssl x509 -req -in client.req -days 60 -CA ca.cert -CAkey ca.key -CAcreateserial -out client.cert -extfile client.ext

echo "Client's signed certificate"
openssl x509 -in client.cert -noout -text

# 6. To verify the server certificate aginst by root CA
echo "server's certificate verification"
openssl verify -show_chain -CAfile ca.cert server.cert

# 7. To verify the client certificate aginst by root CA.
echo "client's certificate verification"
openssl verify -show_chain -CAfile ca.cert client.cert

2. 在 greeter_server.js 中实现服务器端身份验证

function main() {
  var server = new grpc.Server();

  server.addService(hello_proto.Greeter.service,{sayHello: sayHello});
  server.bindAsync('0.0.0.0:50051',grpc.ServerCredentials.createSsl(
    fs.readFileSync('./credentials/ca.cert'),[{
        cert_chain: fs.readFileSync('./credentials/server.cert'),private_key: fs.readFileSync('./credentials/server.key')
    }],true
  ),() => {
    server.start();
  });
}

3. 在 greeter_client.js 中实现客户端身份验证

var client = new hello_proto.Greeter(target,grpc.credentials.createSsl(fs.readFileSync('./credentials/ca.cert'),fs.readFileSync('./credentials/client.key'),fs.readFileSync('./credentials/client.cert')));

4. 试试吧！

npm install 
node greeter_server.js
node greeter_client.js

5. 输出

/grpc-auth-secp256k1/greeter_client.js:57
    console.log('Greeting:',response.message);                                    ^

TypeError: Cannot read property 'message' of undefined
    at Object.callback (grpc-auth-secp256k1/greeter_client.js:57:39)
    at Object.onReceiveStatus (grpc-auth-secp256k1/node_modules/@grpc/grpc-js/build/src/client.js:176:36)
    at Object.onReceiveStatus (grpc-auth-secp256k1/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:342:141)
    at Object.onReceiveStatus OpenssLabs/grpc-auth-secp256k1/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:305:181)
    at grpc-auth-secp256k1/node_modules/@grpc/grpc-js/build/src/call-stream.js:124:78
    at processTicksAndRejections (internal/process/task_queues.js:75:11)

grpc 相互验证通过 RSA Certificate 成功，但使用 secp256k1 失败。所以我的问题：

1. 如何像openssl调试一样显示grpc TLS握手信息？
2. 是否有解决问题的线索？

谢谢

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）