Signing/Decoding with Base-64 PKCS-8 in Node.js

Question

Currently working to try to get connected with the Walmart Partners API, and having some issues with their cryptography, and I have not found any documented assistance for this in Javascript/Node.

The documentation states:

Sign the byte array representation of this data by:

Decoding the Base-64, PKCS-8 representation of your Private Key. Note that the key is encoded using PKCS-8. Libraries in various languages offer the ability to specify that the key is in this format and not in other conflicting formats such as PKCS-1.

Use this byte representation of your key to sign the data using SHA-256 with RSA.

Encode the resulting signature using Base-64.

I have the private key, and found the "chilkat" package that is nicely documented. Only issue is our development system is Windows, and there's an issue with it on Windows 10 64bit. If I use the 64bit, it does not identify as a 64bit system, so I am not able to even get the package installed.

Also, it seems the chilkat package requires at least Node version 4, we attempted upgrading to Node 4 to use this, and the project is currently not able to use that version without some bugs as a result of some other packages we use. So at least until those bugs get resolved, Node 4 is not an option, which seems that Chilkat is out of the picture...

So I found anotehr NPM package to assist with this: https://github.com/rzcoder/node-rsa

Using that package, I'm having issues getting the decoding/signing to work... I'm finding the documentation quite confusing, and the only assistance I have found with similar questions was in C#...

Any advice on how I can achieve what Walmart is asking for with the node-rsa package?

score 5 · Answer 1 · answered May 04 '17 at 14:35

5

Using node-rsa, I was able to generate a valid Walmart API signature in two steps:

const NodeRSA = require('node-rsa');

// 1. Decode the private key with base64 then pkcs8
const key = new NodeRSA();
key.importKey(new Buffer(encodedPrivateKey, 'base64'), 'pkcs8-private-der');
const privateKey = key.exportKey();

// 2. Sign the data with the decoded private key and sha256 then encode it with base64
const data = `${consumerId}\n${url}\n${method}\n${timestamp}\n`;
const signature = new NodeRSA(privateKey, {signingScheme: 'sha256'}).sign(data).toString('base64');

answered May 04 '17 at 14:35

Joannic Laborde

51
3

Did you find that the order of the http headers matters? I'm using node-request and it re-orders the headers alphabetically, which doesn't match the specified order by walmart. – Sean Clark Aug 20 '18 at 21:29
What is the variable method? – Berry Blue Jan 12 '22 at 03:05
@BerryBlue That would be the HTTP method used in the request (`GET`, `POST`, etc.). – Joannic Laborde Jan 12 '22 at 13:30

score 0 · Answer 2 · answered Nov 28 '21 at 17:14

Using node-rsa, solution for decrypt.

const NodeRSA = require('node-rsa')
var key = NodeRSA(privateKey, 'pkcs8-private-pem', {'environment': 'node', 'encryptionScheme': 'pkcs1', 'signingScheme': 'sha256'}); 
var data = key.decrypt(encrypted, 'utf-8')

Signing/Decoding with Base-64 PKCS-8 in Node.js

2 Answers2