[英]error:0409A06E:rsa routines data too large for key size
I'm generating a SAML response and it needs to be encrypted and signed with public and private keys.我正在生成一个 SAML 响应,它需要使用公钥和私钥进行加密和签名。 I generated
private.pem
and public.pem
in the terminal with the commands我使用命令在终端中生成了
private.pem
和public.pem
openssl genrsa -out private.pem 2048
openssl rsa -in ./private.pem -pubout -out public.pem
Then in nodeJS.然后在nodeJS中。
encrypt: function(message) {
return new Promise(function (resolve, reject) {
var publicKey = require("fs").readFileSync(__dirname + "/public.pem", "utf8");
var encrypted = require("crypto").publicEncrypt(publicKey, new Buffer(message));
resolve(encrypted.toString("base64"));
});
},
Once I call the message encrypt(xml)
, I get the following error一旦我调用消息
encrypt(xml)
,我会收到以下错误
{
library: 'rsa routines',
function: 'RSA_padding_add_PKCS1_OAEP_mgf1',
reason: 'data too large for key size',
code: 'ERR_OSSL_RSA_DATA_TOO_LARGE_FOR_KEY_SIZE'
}
Objective :目标:
I've to sign the message as per the demo here samltools.com ( Mode: SignMessage ), my SAML message looks like this .我必须按照此处的演示samltools.com (模式:SignMessage )对消息进行签名,我的 SAML 消息如下所示。 ( see SAML Response section ).
(请参阅 SAML 响应部分)。
The problem here is that you cannot directly encrypted with RSA
, a piece of data which is larger than the key size.这里的问题是您不能直接使用
RSA
加密,这是一条大于密钥大小的数据。
Surprising I know, it surprised me too.我很惊讶,我也很惊讶。
In reality very little payload data is encrypted directly with RSA or even elliptic curves.实际上,很少有有效载荷数据直接使用 RSA 甚至椭圆曲线进行加密。
You should be using RSA Diffie-Hellman to generate a shared secret.您应该使用 RSA Diffie-Hellman 生成共享密钥。
Signature of the file, is really signature of the hash of the file.文件的签名,实际上是文件的 hash 的签名。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.