03的开发日志
0%

Electron中使用crypto.sign提示Invalid digest: RSA-sha256

发表于 更新于 分类于
本文字数: 2.8k 阅读时长 ≈ 3 分钟
  1. 问题描述
  2. 原因
  3. 验证
  4. 问题解决

问题描述

以下这段代码,写在a.js文件中,通过node运行没问题:

1
2
3
4
5
6
7
8
9
10
11
import * as crypto from 'crypto';

const result = crypto.sign('RSA-SHA256', Buffer.from(str, 'utf8'), {
    key: crypto.createPrivateKey({
        key: '-----BEGIN PRIVATE KEY-----<私钥字符串>-----END PRIVATE KEY-----',
        format: 'pem',
        type: 'pkcs8'
    }),
    padding: crypto.constants.RSA_PKCS1_PADDING
}).toString('base64');
return result;

但是搬到electron下面,报如下错误:

1
2
3
4
5
6
TypeError: Invalid digest: RSA-sha256
    at Module.signOneShot (node:internal/crypto/sig:167:15)
    ......
    at WebContents.<anonymous> (node:electron/js2c/browser_init:2:89026)
    at WebContents.emit (node:events:513:28) {
  code: 'ERR_CRYPTO_INVALID_DIGEST'

原因

https://github.com/electron/electron/issues/31874#issuecomment-971638852

Node.js使用OpenSSL实现crypto模块,而Chromium使用BoringSSL(OpenSSL的一个fork)来实现,因此实现上存在差异

验证

查看支持的HASH函数,验证代码:

1
2
const crypto = require('crypto')
console.log(crypto.getHashes());

在Electron中的结果:

1
2
3
4
5
6
7
[
  'md4',        'md5',
  'ripemd160',  'sha1',
  'sha224',     'sha256',
  'sha384',     'sha512',
  'sha512-256'
]

在Node.js中的结果:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[
  'RSA-MD4',
  'RSA-MD5',
  'RSA-MDC2',
  'RSA-RIPEMD160',
  'RSA-SHA1',
  'RSA-SHA1-2',
  'RSA-SHA224',
  'RSA-SHA256',
  'RSA-SHA3-224',
  'RSA-SHA3-256',
  'RSA-SHA3-384',
  'RSA-SHA3-512',
  'RSA-SHA384',
  'RSA-SHA512',
  'RSA-SHA512/224',
  'RSA-SHA512/256',
  'RSA-SM3',
  'blake2b512',
  'blake2s256',
  'id-rsassa-pkcs1-v1_5-with-sha3-224',
  'id-rsassa-pkcs1-v1_5-with-sha3-256',
  'id-rsassa-pkcs1-v1_5-with-sha3-384',
  'id-rsassa-pkcs1-v1_5-with-sha3-512',
  'md4',
  'md4WithRSAEncryption',
  'md5',
  'md5-sha1',
  'md5WithRSAEncryption',
  'mdc2',
  'mdc2WithRSA',
  'ripemd',
  'ripemd160',
  'ripemd160WithRSA',
  'rmd160',
  'sha1',
  'sha1WithRSAEncryption',
  'sha224',
  'sha224WithRSAEncryption',
  'sha256',
  'sha256WithRSAEncryption',
  'sha3-224',
  'sha3-256',
  'sha3-384',
  'sha3-512',
  'sha384',
  'sha384WithRSAEncryption',
  'sha512',
  'sha512-224',
  'sha512-224WithRSAEncryption',
  'sha512-256',
  'sha512-256WithRSAEncryption',
  'sha512WithRSAEncryption',
  'shake128',
  'shake256',
  'sm3',
  'sm3WithRSAEncryption',
  'ssl3-md5',
  'ssl3-sha1',
  'whirlpool'
]

问题解决

RSA-SHA256改成SHA256,即可。