Using a passphrase protected private key with crypto.createSign


I'm trying to sign and verify a message using the node.js crypto API and a passphrase protected private key which gets me this:

> var sig = crypto.createSign('RSA-SHA256').update('psst').sign(pk,'hex');
Enter PEM pass phrase:

And node just locks up at this point. I can't seem to find an option to pass the passphrase in programatically.

Problem courtesy of: Arne Claassen


Update: I fixed this in core

My fix for this has just landed in core, it hasn't make an official release yet but when it does you can use it like so:

var sig = crypto.createSign('RSA-SHA256').update('psst').sign({
  key: pk,
  passphrase: 'password'
}, 'hex');

Will update once this lands in a release. Landed in v0.11.8 release.

Original Answer:

Here's a solution that works, you can decrypt the private key when you app starts, and then use it normally, for example:

var  childProcess = require('child_process'),
  crypto = require('crypto');

var pk;

var sign = function () {
  var sig = crypto.createSign('RSA-SHA256').update('psst').sign(pk,'hex');

childProcess.exec('openssl rsa -in /path/to/private_key -passin pass:your_password', {},
    function (err, stdout, stderr) {
  if (err) throw err;
  pk = stdout; // Save in memory for later use
Solution courtesy of: Thom Seddon


There is currently no discussion for this recipe.

This recipe can be found in it's original form on Stack Over Flow.