crypto-sign
v0.2.2
Published
REST API Signature crypto mechanisum for NBFC Data at rest Security and EIS ENC & DESC for channels. RBIH level Cryptographic metohds.
Downloads
18
Maintainers
rajeshatonemoneyReadme
Installation
const cryptoSign = require('crypto-sign');Refernce
http://sandbox.moneyone.in/digitalsign
Usage
Digital Signature
Configuration/Intiallization and Method calling
const digiSign = cryptoSign.digitalSignature;
/**
* API Signature
*/
// Sample public key from CR
let pub_jwk={
kty: 'RSA',
n: 'q3jotq3fX9nY9G89hdQCGPPZspzPpjjr5MO3qJRRhhPR7GDN1pgVAWoPHJlzx9Uvu43jgMKDU-f_05hbM-cIcs8JjEtbhsus6iJ5WbZUN7o9SwroDpCMTHaEf14CKzsk1088_Ub9ITX8769da2NLWvtiP6jmt0gauf60hY9iwY3BRnE91aL_Wd_CIXuS9pouCHeUP9CyNYWt8sdAoycuiv9utaRSTdLRrjcOmo-kWu4LtQnnZPD9SIlsGZi-t_ifbyLNPxz1CK2mY9oko2GE-aFkfHUI-1TACids1Y8fv1NACRGjMU4HsvuFjoNrYgxwTE8TDzwDNDnhJ-4tzULUBw',
e: 'AQAB',
alg: 'RS256',
kid: '90441819-9044-4856-b0ee-8c88035f4856',
use: 'sig'
};
//Initializing Digital Signature
let digiSignConfig = digiSign.config({
"prikeyFilePath": "./sample_certs/om_private_key.pem", //<file,buffer>
"pubkeyFileObj": pub_jwk, //<Object> From CR
});
// Generate digital signature
let token_payload = {
"ver" : "1.0",
"txnid" : "0b811819-9044-4856-b0ee-8c88035f8858",
"consentId" : "XXXX-XXXX-XXXX-XXXX",
"status" : "ACTIVE",
"createTimestamp" : "2018-12-06T11:39:57.153Z"
};
let apiSignedToken = digiSignConfig.generateAPISign({ payload: JSON.stringify(token_payload)});//pass payload as string
console.log(`API signatured token is `, apiSignedToken);
//validate and decode payload
let digiSignTokenValidityAndDecode = digiSign.verifyAPISign({
"pubkeyFileObj": pub_jwk, //JSON object
"encStr": apiSignedToken.token,
"payload": JSON.stringify(token_payload) //pass as string
});
console.log(`[TOKEN] API signatured token validate and decode payload \n `, digiSignTokenValidityAndDecode);
//validate payload
let digiSignTokenValidity = digiSign.verifyJWSSignature({
"pubkeyFileObj": pub_jwk, //JSON object
"encStr": apiSignedToken.token,
"header":"header"
});
console.log(`[TOKEN] API signatured token validation \n `, digiSignTokenValidity);
/**
* Consent Signature
*/
// Generate digital signature
let consent_payload = {
"ver": "1.0",
"txnid": "0b811819-9044-4856-b0ee-8c88035f8858",
"consentId": "XXXX-XXXX-XXXX-XXXX",
"status": "ACTIVE",
"createTimestamp": "2018-12-06T11:39:57.153Z"
};
let encryptedConsent = digiSignConfig.encryptConsent({ payload: consent_payload});//pass consent_payload as JSON Object
console.log(`Consent signature is `, encryptedConsent.signedConsent);
//Validate
let decryptedConsent = digiSign.decryptConsent({
"pubkeyFileObj": pub_jwk, //JSON object
"encStr": encryptedConsent.signedConsent,
});
console.log(`decrypted Consent is as string is `, decryptedConsent);
/**
* Get kid from signature
*/
let extractedKid=digiSign.getKidFromSign({sign:apiSignedToken.token});
console.log(`extractedKid is `,extractedKid);
/**
* Generate Hybrid Token
*/
let generatedHybridToken= digiSignConfig.generateJWTHybridToken(
{
"payload": { "iss": "FIU", "iat": (new Date().getTime() / 1000).toString().split('.')[0] }
})
console.log(`generatedHybridToken :: `, generatedHybridToken);
working with typescript
prepare config file "digi_certs.ts". config private .pem file and then export it to use any where in the application.
const fs = require('fs')
const digiSign = require('crypto-sign').digitalSignature;
//Initializing Digital Signature
const DigitalSignatureConfig= digiSign.config({
"prikeyFilePath": process.cwd()+"/app/assets/digi-sign/digiSign_private_key.pem", // required
"pubkeyFileObj": pub_jwk, //<Object> From CR
});
export {DigitalSignatureConfig, digiSign}EIS Digital Signature
Methods to Generate and Verify the Enterprise Level Payload Encryption, Digi Sign and AccessToken
const eisSignature = require('crypto-sign').eisSignature;
let sampleData={ "name": "Onemoney AA", "id": "onmoney" };
let GeneratePayloadEncNSign = eisSignature.eisGeneratePayloadEncNSign({
"payload":sampleData,
"ourPrivateKey":process.cwd()+"/test/sample_certs/eisSign_prvKey.pem" ,
"remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
});
console.log(`[ENCRYPT] GeneratePayloadEncNSign`, GeneratePayloadEncNSign);
let VerifyPayloadEncNSign = eisSignature.eisVerifyPayloadEncNSign({
"payload_enc": GeneratePayloadEncNSign.payload_enc,
"payload_sign": GeneratePayloadEncNSign.payload_sign,
"Nonce": GeneratePayloadEncNSign.Nonce,
"iv": GeneratePayloadEncNSign.iv,
"remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
});
console.log(`[DECRYPT] VerifyPayloadEncNSign `, VerifyPayloadEncNSign);
let generatePayloadEncNSignGen6 = eisSignature.eisGeneratePayloadEncNSignGen6({
"payload":sampleData,
"ourPrivateKey":process.cwd()+"/test/sample_certs/eisSign_prvKey.pem" ,
"remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
});
console.log(`[ENCRYPT] generatePayloadEncNSignGen6`, generatePayloadEncNSignGen6);
let verifyPayloadEncNSignGen6 = eisSignature.eisVerifyPayloadEncNSignGen6({
"payload_enc": generatePayloadEncNSignGen6.payload_enc,
"payload_sign": generatePayloadEncNSignGen6.payload_sign,
"Nonce": generatePayloadEncNSignGen6.Nonce,
"iv": generatePayloadEncNSignGen6.iv,
"remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
});
console.log(`[DECRYPT] verifyPayloadEncNSignGen6 `, verifyPayloadEncNSignGen6);
let GeneratePayloadEncNSignWithAccessToken = eisSignature.eisGeneratePayloadEncNSignWithAccessToken({
"accessToken":GeneratePayloadEncNSign.access_token,
"payload": sampleData,
"ourPrivateKey": process.cwd() + "/test/sample_certs/eisSign_prvKey.pem",
"remotePublicKey": process.cwd() + "/test/sample_certs/eisSign_pubKey.pem"
});
console.log(`[ENCRYPT] GeneratePayloadEncNSign`, GeneratePayloadEncNSignWithAccessToken);
let VerifyPayloadEncNSignWithAccessToken = eisSignature.eisVerifyPayloadEncNSignWithAccessToken({
"accessToken":GeneratePayloadEncNSign.access_token,
"payload_enc": GeneratePayloadEncNSignWithAccessToken.payload_enc,
"payload_sign": GeneratePayloadEncNSignWithAccessToken.payload_sign,
"ourPrivateKey": process.cwd() + "/test/sample_certs/eisSign_prvKey.pem",
"remotePublicKey": process.cwd() + "/test/sample_certs/eisSign_pubKey.pem"
});
console.log(`[DECRYPT] VerifyPayloadEncNSignWithAccessToken `, VerifyPayloadEncNSignWithAccessToken);
//YONO Reverse API AES ENC
let GeneratePayloadEncNSignWithAccessTokenForYONO = eisSignature.yonoGeneratePayloadEncNSignWithAccessToken({
"payload": sampleData,
"ourPrivateKey": process.cwd() + "/test/sample_certs/jwt_hybrid/ours/eisSign_prvKey.pem",
"remotePublicKey": process.cwd() + "/test/sample_certs/jwt_hybrid/yono_eisSign_pubKey.pem"
});
console.log(`[ENCRYPT] GeneratePayloadEncNSignWithAccessTokenForYONO `, GeneratePayloadEncNSignWithAccessTokenForYONO);
JWT Token
const JWT= cryptoSign.JWT;
let payload={"fipId":"1"};
let apiSecretKey="1234567";
let jwtoken= cryptoSign.JWT.createJwtToken(payload, apiSecretKey, "730d");
console.log("jwtoken is ", jwtoken);
let jwtoken_desc= cryptoSign.JWT.verifyJwtToken(jwtoken, apiSecretKey);
console.log("decrypted jwtoken is ", jwtoken_desc);
RBIH Encryption
let clientId="";//paste clientId here
let clientSecret="";//paste clientSecret here
let aesDetails=rbihEnc.encryptNGenerateAes({payload: clientId});
let clientSecretEnc=rbihEnc.encryptNGenerateAes({payload: clientSecret, Nonce: aesDetails.Nonce, iv: aesDetails.iv});
let clientIdEnc=aesDetails.payload_enc;
let pubKeyPath=fs.readFileSync(process.cwd()+"/sample_certs/rbih_uat/public.pem");
let ivEnc= rbihEnc.rsaEncrypt(aesDetails.iv,pubKeyPath);//enc sessionId
let nonceEnc= rbihEnc.rsaEncrypt(aesDetails.Nonce,pubKeyPath);//enc sessionKeyVersion release summary
0.0.1
- this is extracted from finpro-crypto v0.0.14
0.0.2
- JWT token creation and validation functions added.
0.0.5
- removed payload comapring after jose.JWS.verify() method.
0.0.8
- in verify method till now we are returning data/object derived from JWS.verify method now onwards for TOKEN validation we will return payload sent on verify if the JWS.verify didn't give any error.
0.0.9 [Beta]
- Introducing new Enterprise level security mechanisum for Payload.
- It includes
- Encryption
- Digi Sign of Payload
- AccessToken.
0.0.11
- Digi_Sign verification of HOST response.
0.0.13
- In JWT verifyJwtToken method made apiSecretKey as optional.
0.0.14
- In EIS security added two more ENC & DESC methods with ACCESSTOKEN.
0.0.15 - 0.0.16
- In JWT verifyJwtToken method added extra obj in decode Fn.
0.1.0
- JWT Hybrid Token as per the YONO reverse API doc implemented.
0.1.1
- EIS Function Added loading Pem File or FilePath.
0.1.2
- NPM Ignore file was added for excluding/ingoring the test scripts sample_certs folder to NPM Registry.
0.2.0
- New Utility for RBIH APIs Auth Mechanisum and REST API Enc & DESC Implementation (Beta).
- EIS Sign Decryption Remote Public key as String , getting error was resolved.
0.2.1
- 2 New utility methods for RBIH APIs Auth Mechanism to perform AES-256-GCM and RSA encryption with PKCS#1 padding.
- Test script to test RBIH methods.