Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto - sign.update, verifier.update default parameter for strings 'utf8' not really true? #7712

Closed
WhatFreshHellIsThis opened this issue Jul 13, 2016 · 6 comments
Closed

Crypto - sign.update, verifier.update default parameter for strings 'utf8' not really true? #7712

WhatFreshHellIsThis opened this issue Jul 13, 2016 · 6 comments
Labels
crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations.

Comments

@WhatFreshHellIsThis
Copy link

In the docs here:
https://nodejs.org/api/crypto.html#crypto_sign_update_data_input_encoding

It states:
"If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced."

I found if I didn't specify that parameter the calculated signature would be incorrect (not matching a standard implementation using Bouncy Castle crypto apis in Windows) if there were any unicode characters in the source string to be signed.

If I specified the parameter utf8 then it worked correctly both ways between Bouncy Castle's crypto apis in windows and Node crytpo under linux.

Same issue with verifier.update was found as well.

I suggest the docs should be updated to specify that it's (likely) binary by default if it's a string or a buffer or the sign.update and verifier.update code changed to act as documented.

Here is a snippet of code I was using for testing:
var sign = crypto.createSign('RSA-SHA256');
var testData = 'Что такое Unicode?';
sign.update(testData,'utf8');//<<===== The 'utf8' parameter should not be necessary as this is a string according to the docs, but it definitely is necessary.
@WhatFreshHellIsThis WhatFreshHellIsThis changed the title Crypto - sign.update, verifier.update default parameter for strings not really true? Crypto - sign.update, verifier.update default parameter for strings 'utf8' not really true? Jul 13, 2016
@MylesBorins MylesBorins added the crypto Issues and PRs related to the crypto subsystem. label Jul 13, 2016
@MylesBorins
Copy link
Contributor

/cc @nodejs/crypto

@addaleax
Copy link
Member

The default encoding has been changed to utf8 in Node v6 (#5522). The link to the docs you provided is for Node v6; Docs for v4 are at https://nodejs.org/dist/latest-v4.x/docs/api/.

I’m going ahead and closing this, but feel free to ask follow-up questions.

@WhatFreshHellIsThis
Copy link
Author

WhatFreshHellIsThis commented Jul 13, 2016
edited
Loading

Doh! I'm very sorry about that, I forgot how old the packaged Node is with Debian. Thank you for your patience.

Just FYI those node 4 docs actually say the same thing, perhaps those docs need to be updated?:
"If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced"

@addaleax addaleax added the v4.x label Jul 13, 2016
@addaleax
Copy link
Member

Umm, no, you’re right, that is in the v4 docs.

The docs were changed in #5500, even before #5522… /cc @mscdex

@addaleax addaleax reopened this Jul 13, 2016
@mscdex
Copy link
Contributor

mscdex commented Jul 13, 2016
edited
Loading

@addaleax #5500 was landed after #5522. The problem was that #5500 should not have been backported to v4.x. Or at least the references in it to 'utf8' should have been changed to 'binary' for v4.x.

@mscdex mscdex added the doc Issues and PRs related to the documentations. label Jul 13, 2016
addaleax added a commit to addaleax/node that referenced this issue Jul 19, 2016
@addaleax
doc: correct crypto encoding information
f297286 
The default encoding for crypto methods was changed in v6.0.0,
with v4.x keeping a default of `binary`.

Ref: nodejs#5500
Fixes: nodejs#7712
@addaleax addaleax mentioned this issue Jul 19, 2016
Closed
2 tasks
jasnell pushed a commit that referenced this issue Aug 1, 2016
@addaleax @jasnell
doc: correct crypto encoding information
d771d5e 
The default encoding for crypto methods was changed in v6.0.0,
with v4.x keeping a default of `binary`.

Ref: #5500
Fixes: #7712
PR-URL: #7799
Reviewed-By: Claudio Rodriguez <cjrodr@yahoo.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@tniessen
Copy link
Member

tniessen commented Jun 3, 2017

I think this was resolved thanks to @addaleax in #7799, feel free to reopen if I am wrong.

@tniessen tniessen closed this as completed Jun 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crypto Issues and PRs related to the crypto subsystem. doc Issues and PRs related to the documentations.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mscdex @MylesBorins @addaleax @WhatFreshHellIsThis @tniessen