Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Welcome to use automatic RSA signature JS tool, 3KB size🎉😊🎉 #164

Closed
xiangyuecn opened this issue Sep 26, 2019 · 3 comments
Closed

Welcome to use automatic RSA signature JS tool, 3KB size🎉😊🎉 #164

xiangyuecn opened this issue Sep 26, 2019 · 3 comments

Comments

@xiangyuecn
Copy link

xiangyuecn commented Sep 26, 2019
edited

Translation support provided by fanyi.baidu.com. Maybe the bull's head is not the horse's mouth. Looking at Chinese is closer to my intention.

Welcome to use automatic RSA signature JS tool, 3KB size🎉😊🎉

欢迎使用RSA自动签名JS工具,3KB大小🎉😊🎉

Signature operation is too cumbersome for each manual update of certificates. Especially when there are many domain names.
每次手动更新证书时签名操作太繁琐。尤其是域名很多的情况下。

This JS code will free your hands from the need to jump from window to window to sign manually. But only RSA certificates are supported, ECC is not supported.
这段JS代码将解放你的双手, 不用在多个窗口之间跳来跳去进行手动签名了。但仅支持RSA证书,不支持ECC。

How to use

如何使用

Step1. Open https://gethttpsforfree.com/.
Step1. 打开 https://gethttpsforfree.com/页面。

Step2. Copy the following code to the browser console for execution.
Step2. 复制下面的代码到浏览器控制台里面执行。

Step3. According to the normal process operation in the page, fill in the private key, all signature operations will be completed automatically in the middle of the page.
Step3. 按页面中的正常流程操作,填写好私钥,中途所有签名操作都会自动完成。

(function(){

var privateSign=function(txt){
    //Signature
    try{
        var key=document.querySelector(".privateSignKey").value.replace(/-+.+?PRIVATE.+?-+|\s/g,"");
        var byts=Base64.decode(key);
        var asn1=ASN1.decode(byts);
        if(asn1.sub.length<9){//PKCS#8
            asn1=asn1.sub[2].sub[0];
        };
        var get=function(n){
            var item=asn1.sub[n];
            var start = item.stream.pos+item.header;
            var end = item.stream.pos+item.header+item.length;
            var hex = item.stream.hexDump(start, end);
            hex=hex.replace(/\s/g,"");
            hex=hex.replace(/^00/g,"");//type=02 INTEGER:Remove the highest bit-filled 0x00
            return RSA.HexToB64(hex);
        };
        var n=get(1);
        var e=get(2);
        var d=get(3);
        
        var rsa=RSA(n,e,d);
        var sign=rsa.sign(txt,"SHA256");
        if(!rsa.verify(txt,sign,"SHA256")){
            alert("private key seems to be wrong!");
            return "";
        };
        return RSA.B64ToHex(sign);
    }catch(e){
        console.error(e);
        alert("private key parse error!");
        return "";
    }
};

var install=function(){
    HTMLInputElement.prototype._setAttribute=HTMLInputElement.prototype.setAttribute;
    HTMLInputElement.prototype.setAttribute=function(k,v){
        var This=this;
        This._setAttribute.apply(This,arguments);
        
        if(!(k=="placeholder"&&v==RESULT_PLACEHOLDER)){
            return;
        };
        var signExec=function(){
            var find=This.parentNode.querySelectorAll("input");
            var arr=[];
            for(var i=0;i<find.length;i++){
                if(find[i].value.indexOf("openssl")+1){
                    arr.push(find[i]);
                };
            };
            if(arr.length!=1){
                alert("no input box for signature was found!");
                return;
            };
            This.value=privateSign(/"(.+)"/.exec(arr[0].value)[1]);
        };
        
        setTimeout(signExec,100);
        //blur exec
        This._setAttribute(k,"blur retry autofill sign. "+v);
        if(!This.isBindSignExec){
            This.isBindSignExec=true;
            This.addEventListener("blur",function(){
                if(This.value==""){
                    signExec();
                };
            });
        };
    };
    
    var div=document.createElement("div");
    div.innerHTML=`
        <div class="field">
            <div style="color:#0b1">Account Privete Key (RSA PKCS#1 or PKCS#8) (It's just for signature!):</div>
            <textarea class="privateSignKey" placeholder="-----BEGIN RSA PRIVATE KEY----- OR -----BEGIN PRIVATE KEY----- ..."></textarea>
        </div>
    `;
    validate_account.appendChild(div);
};

var script=document.createElement("script");
script.src="https://xiangyuecn.github.io/Recorder/assets/ztest-rsa.js";
script.onload=function(){
    setTimeout(function(){
        install();
    },1000);//emmm... doc was ready
};
document.querySelector("head").appendChild(script);

})();

Why did you write this tool?

为什么编写这个工具

I used fszlin/certes to write a C# client to apply for a multi-domain name certificate, but often operated until the end of the library always throws out the request error message, but every time I use gethttpsforfree manually, I can complete the application at one time. So I'm going to discard certes and just use gethttpsforfree.
我使用了fszlin/certes来编写了一个C#客户端用来申请多域名证书,但经常操作到最后这个库老是抛出申请错误信息,无奈每次手动用gethttpsforfree都能一次性完成申请。所以我就准备丢弃certes,仅仅使用gethttpsforfree。

But every time gethttpsforfreeissues multiple domain names, the signature operation is too tired. Copy to copy. Because I implemented an RSA signature function in xiangyuecn/Recorder of my H5 repository some time ago, I took it directly and installed the auto-signature function on gethttpsforfree.
但gethttpsforfree每次签发多个域名时签名操作太累了,复制来复制去,由于前段时间在我的H5录音库xiangyuecn/Recorder内实现了一个RSA签名功能,因此直接拿过来给gethttpsforfree安装上了自动签名功能。

3KB? Not only 3KB

3KB?并非只有3KB

The tool uses my integrated ztest-rsa.js. It contains: CryptoJS v3.1.2 SHA256; Tom Wu's RSA Library, which has modified some bugs in RSA source code and provided sign method. These two sources can be downloaded and integrated by themselves.
工具内使用了我整合的ztest-rsa.js。里面包含了:CryptoJS v3.1.2的SHA256;Tom Wu的RSA库,已修改RSA源码内的部分bug和提供sign方法。可自行下载这两个源码自己整合。

This code has too many limitations and no desire to submit PR. This library shuts down wiki.
本代码功能局限性太大,没有提交PR的欲望。这个库又关闭了wiki。
@diafygi
Copy link
Owner

diafygi commented Sep 27, 2019

Closing as spam

@diafygi diafygi closed this as completed Sep 27, 2019
@xiangyuecn
Copy link
Author

@diafygi Think of it as SPAM and it will always be. However, it can not be denied that it can operate normally, safely and reliably 😊.

I have upgraded my support for PKCS#8,I believe that this code has been able to adapt to complex and changeable environments.

There is no denying that the signature part is the most tedious and error-prone part of gethttpsforfree entire request process. This tool has successfully helped me to request a certificate and is simpler and faster than ever before.

In addition, I studied README. I think adding optional auto-signature function can help to operate quickly and avoid human errors. And because this feature is optional, users can choose not to provide private keys, just as before. I wonder if I want to submit a PR, but the source code of uncompressed RSA libraries may be quite large, only about 30 KB after compression.

@xiangyuecn
Copy link
Author

In addition, I found that adding 1 to line 302 was very difficult to understand. I know it's because the positive integer increases by 0x00, but as long as the first four digits of the value are less than 0x8, it won't increase this. So it can be solved by replacing the 0x00 at the beginning, which seems to be better understood.

gethttpsforfree/js/index.js

Line 302 in bd24e41

var modulusStart = modulusRaw.header + modulusRaw.stream.pos + 1;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@diafygi @xiangyuecn