问题描述
通过使用 require('node-forge') & require('pkcs11js') 创建了一个 CSR,我使用了存储在 HSM 中的私有签名密钥,同时通过“https://redkestrel.co.uk/”对 CSR 进行解码产品/解码器/”,出现错误:
失败 - CSR 的签名无效。
附上结果 CSR 和代码片段。
public async Task<IActionResult> logout()
{
var cookiesTobedeleted = Request.Cookies.Keys;
foreach (string cookie in cookiesTobedeleted)
{
Response.Cookies.Delete(cookie);
}
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
以下是生成的示例 CSR
var csr = forge.pki.createCertificationRequest();
csr.publicKey = forge.pki.publicKeyFromPem(pempublicKey);
csr.setSubject([{
name: ‘commonName’,value: ‘example.org’
},{
name: ‘countryName’,value: ‘US’
},{
shortName: ‘ST’,value: ‘Virginia’
},{
name: ‘localityName’,value: ‘Blacksburg’
},{
name: ‘organizationName’,value: ‘Test’
},{
shortName: ‘OU’,value: ‘Test’
}]);
csr.signatureOid = csr.siginfo.algorithmOid = ‘1.2.840.113549.1.1.5’;
csr.certificationRequestInfo = forge.pki.getCertificationRequestInfo(csr);
var toBeEncrypted = forge.asn1.toDer(csr.certificationRequestInfo);
pkcs11.C_SignInit(session,{ mechanism: pkcs11js.CKM_SHA1_RSA_PKCS },keys.privateKey);
pkcs11.C_SignUpdate(session,Buffer.from(toBeEncrypted.getBytes()));
var signature = pkcs11.C_SignFinal(session,Buffer.from(new ArrayBuffer(256)));
csr.signature = signature.toString(‘binary’);
var pemCsr = forge.pki.certificationRequestToPem(csr);
console.log(‘CSR created: \n %s’,pemCsr);
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)