使用nodejs / sequelize加密postgres数据

我已经创建了一个公共密钥，并将其存储在数据库中。现在，我尝试插入使用公共密钥加密的加密数据。

这就是我在做什么

  const createdTransaction = await this.model.create({
    organizationId,
    customerId,
    type: Sequelize.fn("pgp_pub_encrypt", type, publicKey)
  });

当我运行它时，出现此错误

original: error: Wrong key or corrupt data
      at Connection.parseE ()
      at Connection.parseMessage ()

[type具有Sequelize类型

  type: {
    type: Sequelize.BLOB(),
    required: true
  },

公钥按类型存储

Sequelize.BLOB('tiny')

它是这样创建的

const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: "spki",
    format: "pem"
  },
  privateKeyEncoding: {
    type: "pkcs8",
    format: "pem",
    cipher: "aes-256-cbc",
    passphrase: password
  }
});

这是图书馆将某些内容存储为bytea的方式。

这是正在运行的SQL

INSERT INTO "Transactions" ("id","organizationId","customerId","type","createdAt","updatedAt") VALUES ($1,$2,$3,pgp_pub_encrypt('PAYMENT', E'\\\\x2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d494943496a414e42676b71686b6947397730424151454641414f43416738414d49494343674b434167454130415a7667524d436e67585476303565597559740a715a732f7875693759566675325061546b623448646177464d2b596e3035564e6b647862305771687638306f5774672b592b4b2b4372726c3463624e56544f310a415058786c72724572423361586c594832646559676443693253346b3042567667356b372b2f5247654e78394f794a7949624d6f646e39526462372f4232656d0a7a57496a754941526a677270414f71786d4f753569504143697a796953706c7764327459394257554a4f63676969505764445a576b6d3349342b7279463270350a7158464c542b4f305632635539766e442b6530336c6d4c38567759747139626c58364b654139366f576a53396956354a30527a68356c6d702f4433376c4878570a6f496675365065693841335059474b6277753468694533674434672b734a77354765554f2b4c456a733242397634437a6f4577313435736e424350304b456a320a666a6e4f6872693132303572774a53723430794a4550505157596b51564f714f5867363664775969336130777847397a3665464477784e53726e65307258352b0a6e39786877766e4a2f3576424b58334e47554d68625a6b4d3852373575554e746b37655a453966566f66716673786d352b365357625457703542417445766b440a3655676c4d6d35466a613437776d346672385130307369562b78634a59596570676145326c784d556a3349543975593552314432417059616f504b475172712b0a6a6e42786f4542734573645a6765703058685a315065462b41727166786d30794654737570384c56394c6437533478364c5663667179626c79613466594250360a61616c6859383032695841634254644a4b4930654b7a77414662746358486365553350596c6a514d7552464b6e546449306b764b786d36797870734b727a61420a664a584f5a4c51516f72566a735a726a6c774136615655434177454141513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a'),$4,$5) RETURNING *;,

我也尝试过将公钥转换为二进制字符串和utf字符串。

但是错误仍然存​​在。

听起来我的公钥数据类型错误-应该是什么？

如果我这样做：

select encode(decode('2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d494943496a414e42676b71686b6947397730424151454641414f43416738414d49494343674b434167454130415a7667524d436e67585476303565597559740a715a732f7875693759566675325061546b623448646177464d2b596e3035564e6b647862305771687638306f5774672b592b4b2b4372726c3463624e56544f310a415058786c72724572423361586c594832646559676443693253346b3042567667356b372b2f5247654e78394f794a7949624d6f646e39526462372f4232656d0a7a57496a754941526a677270414f71786d4f753569504143697a796953706c7764327459394257554a4f63676969505764445a576b6d3349342b7279463270350a7158464c542b4f305632635539766e442b6530336c6d4c38567759747139626c58364b654139366f576a53396956354a30527a68356c6d702f4433376c4878570a6f496675365065693841335059474b6277753468694533674434672b734a77354765554f2b4c456a733242397634437a6f4577313435736e424350304b456a320a666a6e4f6872693132303572774a53723430794a4550505157596b51564f714f5867363664775969336130777847397a3665464477784e53726e65307258352b0a6e39786877766e4a2f3576424b58334e47554d68625a6b4d3852373575554e746b37655a453966566f66716673786d352b365357625457703542417445766b440a3655676c4d6d35466a613437776d346672385130307369562b78634a59596570676145326c784d556a3349543975593552314432417059616f504b475172712b0a6a6e42786f4542734573645a6765703058685a315065462b41727166786d30794654737570384c56394c6437533478364c5663667179626c79613466594250360a61616c6859383032695841634254644a4b4930654b7a77414662746358486365553350596c6a514d7552464b6e546449306b764b786d36797870734b727a61420a664a584f5a4c51516f72566a735a726a6c774136615655434177454141513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a','hex'),'escape') 

在将其转换为bytea之前，您的publicKey似乎已经作为ASCII铠装文本给出（尽管它并不完全有效）。如果要将ASCII铠装文本转换为二进制，则应使用特定于pgp的“ earear”函数，而不仅仅是将其转换为bytea。

使用nodejs / sequelize加密postgres数据

我已经创建了一个公共密钥，并将其存储在数据库中。现在，我尝试插入使用公共密钥加密的加密数据。

这就是我在做什么

  const createdTransaction = await this.model.create({
    organizationId,
    customerId,
    type: Sequelize.fn("pgp_pub_encrypt", type, publicKey)
  });

当我运行它时，出现此错误

original: error: Wrong key or corrupt data
      at Connection.parseE ()
      at Connection.parseMessage ()

[type具有Sequelize类型

  type: {
    type: Sequelize.BLOB(),
    required: true
  },

公钥按类型存储

Sequelize.BLOB('tiny')

它是这样创建的

const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: "spki",
    format: "pem"
  },
  privateKeyEncoding: {
    type: "pkcs8",
    format: "pem",
    cipher: "aes-256-cbc",
    passphrase: password
  }
});

这是图书馆将某些内容存储为bytea的方式。

这是正在运行的SQL

INSERT INTO "Transactions" ("id","organizationId","customerId","type","createdAt","updatedAt") VALUES ($1,$2,$3,pgp_pub_encrypt('PAYMENT', E'\\\\x2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d494943496a414e42676b71686b6947397730424151454641414f43416738414d49494343674b434167454130415a7667524d436e67585476303565597559740a715a732f7875693759566675325061546b623448646177464d2b596e3035564e6b647862305771687638306f5774672b592b4b2b4372726c3463624e56544f310a415058786c72724572423361586c594832646559676443693253346b3042567667356b372b2f5247654e78394f794a7949624d6f646e39526462372f4232656d0a7a57496a754941526a677270414f71786d4f753569504143697a796953706c7764327459394257554a4f63676969505764445a576b6d3349342b7279463270350a7158464c542b4f305632635539766e442b6530336c6d4c38567759747139626c58364b654139366f576a53396956354a30527a68356c6d702f4433376c4878570a6f496675365065693841335059474b6277753468694533674434672b734a77354765554f2b4c456a733242397634437a6f4577313435736e424350304b456a320a666a6e4f6872693132303572774a53723430794a4550505157596b51564f714f5867363664775969336130777847397a3665464477784e53726e65307258352b0a6e39786877766e4a2f3576424b58334e47554d68625a6b4d3852373575554e746b37655a453966566f66716673786d352b365357625457703542417445766b440a3655676c4d6d35466a613437776d346672385130307369562b78634a59596570676145326c784d556a3349543975593552314432417059616f504b475172712b0a6a6e42786f4542734573645a6765703058685a315065462b41727166786d30794654737570384c56394c6437533478364c5663667179626c79613466594250360a61616c6859383032695841634254644a4b4930654b7a77414662746358486365553350596c6a514d7552464b6e546449306b764b786d36797870734b727a61420a664a584f5a4c51516f72566a735a726a6c774136615655434177454141513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a'),$4,$5) RETURNING *;,

我也尝试过将公钥转换为二进制字符串和utf字符串。

但是错误仍然存​​在。

听起来我的公钥数据类型错误-应该是什么？

如果我这样做：

select encode(decode('2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d494943496a414e42676b71686b6947397730424151454641414f43416738414d49494343674b434167454130415a7667524d436e67585476303565597559740a715a732f7875693759566675325061546b623448646177464d2b596e3035564e6b647862305771687638306f5774672b592b4b2b4372726c3463624e56544f310a415058786c72724572423361586c594832646559676443693253346b3042567667356b372b2f5247654e78394f794a7949624d6f646e39526462372f4232656d0a7a57496a754941526a677270414f71786d4f753569504143697a796953706c7764327459394257554a4f63676969505764445a576b6d3349342b7279463270350a7158464c542b4f305632635539766e442b6530336c6d4c38567759747139626c58364b654139366f576a53396956354a30527a68356c6d702f4433376c4878570a6f496675365065693841335059474b6277753468694533674434672b734a77354765554f2b4c456a733242397634437a6f4577313435736e424350304b456a320a666a6e4f6872693132303572774a53723430794a4550505157596b51564f714f5867363664775969336130777847397a3665464477784e53726e65307258352b0a6e39786877766e4a2f3576424b58334e47554d68625a6b4d3852373575554e746b37655a453966566f66716673786d352b365357625457703542417445766b440a3655676c4d6d35466a613437776d346672385130307369562b78634a59596570676145326c784d556a3349543975593552314432417059616f504b475172712b0a6a6e42786f4542734573645a6765703058685a315065462b41727166786d30794654737570384c56394c6437533478364c5663667179626c79613466594250360a61616c6859383032695841634254644a4b4930654b7a77414662746358486365553350596c6a514d7552464b6e546449306b764b786d36797870734b727a61420a664a584f5a4c51516f72566a735a726a6c774136615655434177454141513d3d0a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a','hex'),'escape') 

在将其转换为bytea之前，您的publicKey似乎已经作为ASCII铠装文本给出（尽管它并不完全有效）。如果要将ASCII铠装文本转换为二进制，则应使用特定于pgp的“ earear”函数，而不仅仅是将其转换为bytea。