crypto-sign

Installation

    const cryptoSign = require('crypto-sign');

Refernce

http://sandbox.moneyone.in/digitalsign

Usage

Digital Signature

Configuration/Intiallization and Method calling

    
    const digiSign = cryptoSign.digitalSignature;

    /**
     * API Signature
     */
    // Sample public key from CR
    let pub_jwk={
      kty: 'RSA',
      n: 'q3jotq3fX9nY9G89hdQCGPPZspzPpjjr5MO3qJRRhhPR7GDN1pgVAWoPHJlzx9Uvu43jgMKDU-f_05hbM-cIcs8JjEtbhsus6iJ5WbZUN7o9SwroDpCMTHaEf14CKzsk1088_Ub9ITX8769da2NLWvtiP6jmt0gauf60hY9iwY3BRnE91aL_Wd_CIXuS9pouCHeUP9CyNYWt8sdAoycuiv9utaRSTdLRrjcOmo-kWu4LtQnnZPD9SIlsGZi-t_ifbyLNPxz1CK2mY9oko2GE-aFkfHUI-1TACids1Y8fv1NACRGjMU4HsvuFjoNrYgxwTE8TDzwDNDnhJ-4tzULUBw',
      e: 'AQAB',
      alg: 'RS256',
      kid: '90441819-9044-4856-b0ee-8c88035f4856',
      use: 'sig'
    };
    //Initializing Digital Signature 
    let digiSignConfig = digiSign.config({
      "prikeyFilePath": "./sample_certs/om_private_key.pem", //<file,buffer>
      "pubkeyFileObj": pub_jwk, //<Object> From CR
    });

    // Generate digital signature
    let token_payload = {
      "ver" : "1.0",
      "txnid" : "0b811819-9044-4856-b0ee-8c88035f8858",
      "consentId" : "XXXX-XXXX-XXXX-XXXX",
      "status" : "ACTIVE",
      "createTimestamp" : "2018-12-06T11:39:57.153Z"
    };
    let apiSignedToken = digiSignConfig.generateAPISign({ payload: JSON.stringify(token_payload)});//pass payload as string
    console.log(`API signatured token is `, apiSignedToken);

    //validate and decode payload
    let digiSignTokenValidityAndDecode = digiSign.verifyAPISign({
      "pubkeyFileObj": pub_jwk, //JSON object
      "encStr": apiSignedToken.token,
      "payload": JSON.stringify(token_payload) //pass as string
    });
    console.log(`[TOKEN] API signatured token validate and decode payload \n `, digiSignTokenValidityAndDecode);

    //validate payload
    let digiSignTokenValidity = digiSign.verifyJWSSignature({
      "pubkeyFileObj": pub_jwk, //JSON object
      "encStr": apiSignedToken.token,
      "header":"header"  
    });
    console.log(`[TOKEN] API signatured token validation \n `, digiSignTokenValidity);

    /**
     * Consent Signature
     */

    // Generate digital signature
    let consent_payload = {
      "ver": "1.0",
      "txnid": "0b811819-9044-4856-b0ee-8c88035f8858",
      "consentId": "XXXX-XXXX-XXXX-XXXX",
      "status": "ACTIVE",
      "createTimestamp": "2018-12-06T11:39:57.153Z"
    };
    let encryptedConsent = digiSignConfig.encryptConsent({ payload: consent_payload});//pass consent_payload as JSON Object
    console.log(`Consent signature is `, encryptedConsent.signedConsent);

    //Validate
    let decryptedConsent = digiSign.decryptConsent({
      "pubkeyFileObj": pub_jwk, //JSON object
      "encStr": encryptedConsent.signedConsent,
    });
    console.log(`decrypted Consent is as string is `, decryptedConsent);

    /**
     * Get kid from signature
     */
    let extractedKid=digiSign.getKidFromSign({sign:apiSignedToken.token});
    console.log(`extractedKid is `,extractedKid);    

    /**
     * Generate Hybrid Token
     */
  let generatedHybridToken= digiSignConfig.generateJWTHybridToken(
    {
      "payload": { "iss": "FIU", "iat": (new Date().getTime() / 1000).toString().split('.')[0] }
    })
    console.log(`generatedHybridToken :: `, generatedHybridToken);
  

working with typescript

prepare config file "digi_certs.ts". config private .pem file and then export it to use any where in the application.

    const fs = require('fs')
    const digiSign = require('crypto-sign').digitalSignature;

    //Initializing Digital Signature 
    const DigitalSignatureConfig=  digiSign.config({
      "prikeyFilePath": process.cwd()+"/app/assets/digi-sign/digiSign_private_key.pem", // required
      "pubkeyFileObj": pub_jwk, //<Object> From CR
    });
    export {DigitalSignatureConfig, digiSign}

EIS Digital Signature

Methods to Generate and Verify the Enterprise Level Payload Encryption, Digi Sign and AccessToken

    const eisSignature = require('crypto-sign').eisSignature;

    let sampleData={ "name": "Onemoney AA", "id": "onmoney" };

    let GeneratePayloadEncNSign = eisSignature.eisGeneratePayloadEncNSign({
      "payload":sampleData,
      "ourPrivateKey":process.cwd()+"/test/sample_certs/eisSign_prvKey.pem" ,
      "remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
    });
    console.log(`[ENCRYPT] GeneratePayloadEncNSign`, GeneratePayloadEncNSign);

    let VerifyPayloadEncNSign = eisSignature.eisVerifyPayloadEncNSign({
      "payload_enc": GeneratePayloadEncNSign.payload_enc,
      "payload_sign": GeneratePayloadEncNSign.payload_sign,
      "Nonce": GeneratePayloadEncNSign.Nonce,
      "iv": GeneratePayloadEncNSign.iv,
      "remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
    });
    console.log(`[DECRYPT] VerifyPayloadEncNSign `, VerifyPayloadEncNSign);
    
    let generatePayloadEncNSignGen6 = eisSignature.eisGeneratePayloadEncNSignGen6({
        "payload":sampleData,
        "ourPrivateKey":process.cwd()+"/test/sample_certs/eisSign_prvKey.pem" ,
        "remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
    });
    console.log(`[ENCRYPT] generatePayloadEncNSignGen6`, generatePayloadEncNSignGen6);
    
    let verifyPayloadEncNSignGen6 = eisSignature.eisVerifyPayloadEncNSignGen6({
        "payload_enc": generatePayloadEncNSignGen6.payload_enc,
        "payload_sign": generatePayloadEncNSignGen6.payload_sign,
        "Nonce": generatePayloadEncNSignGen6.Nonce,
        "iv": generatePayloadEncNSignGen6.iv,
        "remotePublicKey":process.cwd()+"/test/sample_certs/eisSign_pubKey.pem"
    });
    console.log(`[DECRYPT] verifyPayloadEncNSignGen6 `, verifyPayloadEncNSignGen6);
    
    let GeneratePayloadEncNSignWithAccessToken = eisSignature.eisGeneratePayloadEncNSignWithAccessToken({
      "accessToken":GeneratePayloadEncNSign.access_token,
      "payload": sampleData,
      "ourPrivateKey": process.cwd() + "/test/sample_certs/eisSign_prvKey.pem",
      "remotePublicKey": process.cwd() + "/test/sample_certs/eisSign_pubKey.pem"
    });
    console.log(`[ENCRYPT] GeneratePayloadEncNSign`, GeneratePayloadEncNSignWithAccessToken);

    let VerifyPayloadEncNSignWithAccessToken = eisSignature.eisVerifyPayloadEncNSignWithAccessToken({
      "accessToken":GeneratePayloadEncNSign.access_token,
      "payload_enc": GeneratePayloadEncNSignWithAccessToken.payload_enc,
      "payload_sign": GeneratePayloadEncNSignWithAccessToken.payload_sign,
      "ourPrivateKey": process.cwd() + "/test/sample_certs/eisSign_prvKey.pem",
      "remotePublicKey": process.cwd() + "/test/sample_certs/eisSign_pubKey.pem"
    });
    console.log(`[DECRYPT] VerifyPayloadEncNSignWithAccessToken `, VerifyPayloadEncNSignWithAccessToken);

    //YONO Reverse API AES ENC
    let GeneratePayloadEncNSignWithAccessTokenForYONO = eisSignature.yonoGeneratePayloadEncNSignWithAccessToken({
      "payload": sampleData,
      "ourPrivateKey": process.cwd() + "/test/sample_certs/jwt_hybrid/ours/eisSign_prvKey.pem",
      "remotePublicKey": process.cwd() + "/test/sample_certs/jwt_hybrid/yono_eisSign_pubKey.pem"
    });
    console.log(`[ENCRYPT] GeneratePayloadEncNSignWithAccessTokenForYONO `, GeneratePayloadEncNSignWithAccessTokenForYONO);

JWT Token

    const JWT= cryptoSign.JWT;
    let payload={"fipId":"1"};
    let apiSecretKey="1234567";
    let jwtoken= cryptoSign.JWT.createJwtToken(payload, apiSecretKey, "730d");
    console.log("jwtoken is ", jwtoken);

    let jwtoken_desc= cryptoSign.JWT.verifyJwtToken(jwtoken, apiSecretKey);
    console.log("decrypted jwtoken is ", jwtoken_desc);

RBIH Encryption

      let clientId="";//paste clientId here
      let clientSecret="";//paste clientSecret here
      let aesDetails=rbihEnc.encryptNGenerateAes({payload: clientId});
      let clientSecretEnc=rbihEnc.encryptNGenerateAes({payload: clientSecret, Nonce: aesDetails.Nonce, iv: aesDetails.iv});
      let clientIdEnc=aesDetails.payload_enc;
      let pubKeyPath=fs.readFileSync(process.cwd()+"/sample_certs/rbih_uat/public.pem");
      let ivEnc= rbihEnc.rsaEncrypt(aesDetails.iv,pubKeyPath);//enc sessionId
      let nonceEnc= rbihEnc.rsaEncrypt(aesDetails.Nonce,pubKeyPath);//enc sessionKey

Version release summary

1. 0.0.1

   1. this is extracted from finpro-crypto v0.0.14

2. 0.0.2

   1. JWT token creation and validation functions added.

3. 0.0.5

   1. removed payload comapring after jose.JWS.verify() method.

4. 0.0.8

   1. in verify method till now we are returning data/object derived from JWS.verify method now onwards for TOKEN validation we will return payload sent on verify if the JWS.verify didn't give any error.

5. 0.0.9 [Beta]

   1. Introducing new Enterprise level security mechanisum for Payload.
   2. It includes
   3. Encryption
   4. Digi Sign of Payload
   5. AccessToken.

6. 0.0.11

   1. Digi_Sign verification of HOST response.

7. 0.0.13

   1. In JWT verifyJwtToken method made apiSecretKey as optional.

8. 0.0.14

   1. In EIS security added two more ENC & DESC methods with ACCESSTOKEN.

9. 0.0.15 - 0.0.16

   1. In JWT verifyJwtToken method added extra obj in decode Fn.

10. 0.1.0

    1. JWT Hybrid Token as per the YONO reverse API doc implemented.

11. 0.1.1

    1. EIS Function Added loading Pem File or FilePath.

12. 0.1.2

    1. NPM Ignore file was added for excluding/ingoring the test scripts sample_certs folder to NPM Registry.

13. 0.2.0

    1. New Utility for RBIH APIs Auth Mechanisum and REST API Enc & DESC Implementation (Beta).
    2. EIS Sign Decryption Remote Public key as String , getting error was resolved.

14. 0.2.1

    1. 2 New utility methods for RBIH APIs Auth Mechanism to perform AES-256-GCM and RSA encryption with PKCS#1 padding.
    2. Test script to test RBIH methods.