Search code examples
node.jsapirestprivate-keypgp

NOdeJs Rest API response encoded with private key

I have been supplied with a public and private key to call a restAPI in nodejs. Both keys are in clear ASCII format.

I use the following code to encript my message:


(async () => {
    // put keys in backtick (``) to avoid errors caused by spaces or tabs

    // ENCRYPT

    const publicKeyArmored = fs.readFileSync(publicKeyFile, {
      encoding: 'utf8',
      flag: 'r'
    });
    
    const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });

    const encrypted = await openpgp.encrypt({
        message: await openpgp.createMessage({ text: 'Hello, World!' })
    ,   encryptionKeys: publicKey
    // ,        signingKeys: privateKey // optional
    });
    
    console.log("Encrypted:", encrypted); // '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----'
}

However when I try to decrypt the response, all the code examples I have found seem to require a passphrase to use the private key supplied, but this is not encoded in any way, it's again plain ascii, begining with :

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

lQO+BGHApmABCAC70QG0T3bh1MVRGKmY9cOM2NFEie2KXCLGXUPa+2B5JOnDypGX
msoLau8FtKIqvAVAYSsONlE4P4RcltyrOTHLMvWhu73ZTJIBu6GGkgM6bKOtu2Rp
/VbPylPIXrkA3A4s0089VGgmFqJul04lit2svLwxD31ZEIY3Ke3kd0dV0nM4npRO
EZUPR5Qr6KCwBsL+ZHbDuG2YrC7oKcnJTXcdszrF7+FLAwI8viZhJOXyagJRioXd
/H/IpauXyvejN22/eRjch9IRMSz+qh0avj9tcuuJ1k4sBQQukeoIoPwFe9Rb9TY2 .....

the following code suggests I need a passphrase, but this key does not appear to require one:


async function decrypt() {
  const privateKey = (await openpgp.key.readArmored([privateKeyArmored])).keys[0];
  await privateKey.decrypt(passphrase);

  const encryptedData = fs.readFileSync("encrypted-secrets.txt");
  const decrypted = await openpgp.decrypt({
    message: await openpgp.message.readArmored(encryptedData),
    privateKeys: [privateKey],
  });

  console.log(decrypted.data);
}

SO how do I use it without a passphrase?

Thank you in advance for your xmas spirit and any help!

Solution

  • Your private key is ASCII armored, so it is possible to transfer it in text representation. After calling gpg --dearmor on it you'll get the binary data. Also private key may be stored using the password encryption, or not encrypted at all (in the second case you will not need to call privateKey.decrypt()). To check this you may use the command gpg --list-packets keyfile.asc.