nodejs rsa加密，lua rsa解密

一、私钥和公钥是要换行的，如果换行丢了，必然会解密失败，对比如下一个正确的公钥，一个错误的公钥

正确的：

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK4lnJureFpR6ZwfkvsC
i5eqatbAMyZqaGlH7Ty9Pqstv5vOeUASq2Il8Wfx47EmbxuCMKmA7wP9bqw7CCVh
tmLUMO70RwM4MlR0FXJQmIdLCl1GoALzvBL/npk3k25NzHzT0xSQ41tzfZo0nhXl
Wlf624j1LkV8CmPd8lv6FcWcuGbdPuW+JuR0zY5Cm1zCBcP0ZF3+pUpXEiSPwG9G
1lRroInR+0BoauU/6vJoFK5A2pU0GclXRzqe7BWaF+a2wPj3W7WlVzBv8T0Ktnq5
k28foh/W3PX+gbX62XKBt9/AMUJqg2RISi6Nd97iI122f3ElfFkZemM8/HHF6i9g
+QIDAQAB
-----END PUBLIC KEY-----

错误的：

-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0XmUiK2uvfBtCCH14kiFGp0mP +IyopW5XT5yYpkVUiwIw7BUH2+8G/FaNP0v5u+k+z6oRkdjtLBzy/MdRU9VxSAIL EvKNx3mIbemK8xiu5AL0PfarvK6NH3Rx5aY+w9EjN3W5HLSzNSkPezB2tAabzCLI iOrrH/YHbXF65uD07wIDAQAB -----END PUBLIC KEY-----

我们在界面输入公钥和私钥的时候，使用的控件一定要是多行控件，如果是单行输入框，那么会 被强制当成一行，换行就丢失了，加解密自然会失败

二、nodejs用rsa加密，lua端rsa解密如何实现

node端:直接利用crypto进行处理

   const crypto = require('crypto');
   generateSign: function(data, privateKey) {
        console.log('sign——data')
        console.log(data)
        const sign = crypto.createSign('sha256').update(data, 'utf8');
        const sign2 = sign.sign(privateKey, 'base64');
        console.log('sign2')
        console.log(sign2)
        return sign2;
    },

lua端:先要对signature进行base64解密，然后再进行rsa验证，主要代码如下

local decode_base64 = ngx.decode_bas
local decodedBaseStr = decode_base64(signagure)
local alg = "RS256"
local r = rsa_crypt.alg_verify[alg](data, decodedBaseStr, rsaPubKey)
print("verify rsa")
print(r)

rsa_crypt.lua

#!/usr/local/bin/lua

local openssl_digest = require "openssl.digest"
local openssl_hmac = require "openssl.hmac"
local openssl_pkey = require "openssl.pkey"

return {

 alg_verify = {
    ["HS256"] = function(data, signature, key) return signature == alg_sign["HS256"](data, key) end,
    ["HS384"] = function(data, signature, key) return signature == alg_sign["HS384"](data, key) end,
    ["HS512"] = function(data, signature, key) return signature == alg_sign["HS512"](data, key) end,
    ["RS256"] = function(data, signature, key)
      local pkey_ok, pkey = pcall(openssl_pkey.new, key)
      assert(pkey_ok, "Consumer Public Key is Invalid")
      local digest = openssl_digest.new('sha256'):update(data)

      return pkey:verify(signature, digest)
    end,
    ["RS512"] = function(data, signature, key)
      local pkey_ok, pkey = pcall(openssl_pkey.new, key)
      assert(pkey_ok, "Consumer Public Key is Invalid")
      local digest = openssl_digest.new('sha512'):update(data)
      return pkey:verify(signature, digest)
    end,
    ["ES256"] = function(data, signature, key)
      local pkey_ok, pkey = pcall(openssl_pkey.new, key)
      assert(pkey_ok, "Consumer Public Key is Invalid")
      assert(#signature == 64, "Signature must be 64 bytes.")
      local asn = {}
      asn[1] = asn_sequence.resign_integer(string_sub(signature, 1, 32))
      asn[2] = asn_sequence.resign_integer(string_sub(signature, 33, 64))
      local signatureAsn = asn_sequence.create_simple_sequence(asn)
      local digest = openssl_digest.new('sha256'):update(data)
      return pkey:verify(signatureAsn, digest)
    end
  }

}