Hi All,
i am trying to implement signature authentication scheme i am using below script from crypto module.

const apim = require('apim');
var crypto = require('crypto');

const key = new Buffer(context.get('private_key')); // i have stored PEM format private key in set variable.
var sign = crypto.createSign('rsa-sha256');
sign.update(signingString).sign(key, function(error, signature) {
if (error) {
console.error("sign error "+error);
} else {
console.log("signature with rsa-sha256 is "+signature.toString('base64'));
session.output.write(signature);
}
});

Getting below error

 Mon May 23 2022 20:57:10 [dsv][0x8580005c][crypto][error] apigw(dsv): tid(53743267)[request][10.251.117.103] gtid(982d310b628bf52603340ea3): *Fail to deserialize the key object* Mon May 23 2022 20:57:10 [dsv][0x8580005c][gatewayscript-user][error] apigw(dsv): tid(53743267)[request][10.251.117.103] gtid(982d310b628bf52603340ea3): sign error Error: *Fail to deserialize the key object*

Not sure i am doing something wrong. could you please suggest solutions?

------------------------------
Arjun Pilli
API Specialist
DSV
Johannesburg
+27 0840611655
------------------------------

Hi Arjun,

These are the supported methods:

https://www.ibm.com/docs/en/datapower-gateway/10.0.1?topic=apis-crypto-module#sign.sign

The key must be.

A string object that refers to a configured object that also supports prefix usage in XSLT.
A Buffer or Buffers object that contains the PEM formatted base64 encoded data of a key.
An Object.
An RSA private key in JWK form whose 'kty' member value is 'RSA'.
An elliptic curve private key in JWK form whose 'kty' member value is 'EC'.

So is your PEM base64 encoded?  If not then it won't work, you cannot pass just the raw PEM data.
context.get('private_key') is not meeting this criteria.

------------------------------
DOMINIC MICALE
------------------------------

Original Message:
Sent: Mon May 23, 2022 04:58 PM
From: Arjun Pilli
Subject: crypto.createSign('rsa-sha256') example

Hi All,
i am trying to implement signature authentication scheme i am using below script from crypto module.

const apim = require('apim');
var crypto = require('crypto');

const key = new Buffer(context.get('private_key')); // i have stored PEM format private key in set variable.
var sign = crypto.createSign('rsa-sha256');
sign.update(signingString).sign(key, function(error, signature) {
if (error) {
console.error("sign error "+error);
} else {
console.log("signature with rsa-sha256 is "+signature.toString('base64'));
session.output.write(signature);
}
});

Getting below error

 Mon May 23 2022 20:57:10 [dsv][0x8580005c][crypto][error] apigw(dsv): tid(53743267)[request][10.251.117.103] gtid(982d310b628bf52603340ea3): *Fail to deserialize the key object* Mon May 23 2022 20:57:10 [dsv][0x8580005c][gatewayscript-user][error] apigw(dsv): tid(53743267)[request][10.251.117.103] gtid(982d310b628bf52603340ea3): sign error Error: *Fail to deserialize the key object*

Not sure i am doing something wrong. could you please suggest solutions?

------------------------------
Arjun Pilli
API Specialist
DSV
Johannesburg
+27 0840611655
------------------------------

Binary data in Buffer object can be easily base64 encoded in GatewayScript with

buffer.toString('base64',...)

------------------------------
Hermann Stamm-Wilbrandt
Compiler Level 3 support & Fixpack team lead
IBM DataPower Gateways (⬚ᵈᵃᵗᵃ / ⣏⠆⡮⡆⢹⠁⡮⡆⡯⠂⢎⠆⡧⡇⣟⡃⡿⡃)
https://stamm-wilbrandt.de/en/blog/
------------------------------

Original Message:
Sent: Tue May 24, 2022 08:47 AM
From: DOMINIC MICALE
Subject: crypto.createSign('rsa-sha256') example

Hi Arjun,

These are the supported methods:

https://www.ibm.com/docs/en/datapower-gateway/10.0.1?topic=apis-crypto-module#sign.sign

The key must be.

A string object that refers to a configured object that also supports prefix usage in XSLT.
A Buffer or Buffers object that contains the PEM formatted base64 encoded data of a key.
An Object.
An RSA private key in JWK form whose 'kty' member value is 'RSA'.
An elliptic curve private key in JWK form whose 'kty' member value is 'EC'.

So is your PEM base64 encoded?  If not then it won't work, you cannot pass just the raw PEM data.
context.get('private_key') is not meeting this criteria.

------------------------------
DOMINIC MICALE

Original Message:
Sent: Mon May 23, 2022 04:58 PM
From: Arjun Pilli
Subject: crypto.createSign('rsa-sha256') example

Hi All,
i am trying to implement signature authentication scheme i am using below script from crypto module.

const apim = require('apim');
var crypto = require('crypto');

const key = new Buffer(context.get('private_key')); // i have stored PEM format private key in set variable.
var sign = crypto.createSign('rsa-sha256');
sign.update(signingString).sign(key, function(error, signature) {
if (error) {
console.error("sign error "+error);
} else {
console.log("signature with rsa-sha256 is "+signature.toString('base64'));
session.output.write(signature);
}
});

Getting below error

 Mon May 23 2022 20:57:10 [dsv][0x8580005c][crypto][error] apigw(dsv): tid(53743267)[request][10.251.117.103] gtid(982d310b628bf52603340ea3): *Fail to deserialize the key object* Mon May 23 2022 20:57:10 [dsv][0x8580005c][gatewayscript-user][error] apigw(dsv): tid(53743267)[request][10.251.117.103] gtid(982d310b628bf52603340ea3): sign error Error: *Fail to deserialize the key object*

Not sure i am doing something wrong. could you please suggest solutions?

------------------------------
Arjun Pilli
API Specialist
DSV
Johannesburg
+27 0840611655
------------------------------