I am using node-forge to generate and validate certificates
I am generating and validating certificates and everything seems to work perfectly, but when it comes to the part where I do need to provide a signature to certificate it fails
To clarify: I need to provide signature to certificate where the signature is hashed using RSA, and the signature contains data about the client and his roles
the way I am creating signature
const createSignture = (privateKey, data) => {
// The signature method takes the data we want to sign, the
// hashing algorithm, and the padding scheme, and generates
// a signature in the form of bytes
const signature = crypto.sign("sha256", Buffer.from(data), {
key: privateKey,
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
});
return signature.toString("base64");
};
When I am creating a certificate using forge I am doing it like:
const cert = forge.pki.createCertificate();
....
cert.signature = createSignture(privateKey, userUniqueId);
...
And when I am verifying the certificate, I am trying to verify the signature
const verifySignture = (publicKey, signture, data) => {
// To verify the data, we provide the same hashing algorithm and
// padding scheme we provided to generate the signature, along
// with the signature itself, the data that we want to
// verify against the signature, and the public key
return crypto.verify(
"sha256",
Buffer.from(data),
{
key: publicKey,
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
},
signture
);
};
const certSignture = cert.signature;
const decodedSignature = Buffer.from(forge.util.binary.raw.decode(certSignture)).toString("base64");
verifySignture(publicKey, decodedSignature, userUniqueId) // This always returns false
I am not very sure that I should provide the roles, userId etc.. in the signture.
I've tried for many hours and nothing is working so I would really appreciate any help
