spki | bash script wrapper for OpenSSL that generates and manages | SSH Utils library

The bug is in the str2ab() function, which uses a Uint16Array instead of a Uint8Array.

If this is fixed, the private key can be imported and the ciphertext generated with the PHP code can be decrypted:

(as of March 2021) node-jose does not support the following keys: Ed25519, Ed448, X25519, or X448. It also does not support the secp256k1 EC curve. For any of those it will return the error you're encountering. As a result it does not support the JWS Algorithms EdDSA or ES256K.

On the other hand https://github.com/panva/jose supports all of the above in Node.js runtime.

I found a solution for the above problem statement.

First I tried using chrome and firefox instead of chromium. But apline doesn't had chrome and so switched my base image to ubuntu. Also, in general, ubuntu is suggested [Reference: https://pythonspeed.com/articles/base-image-python-docker-images/] as a best docker base image for running Python Applications.

But even after changing to ubuntu as new docker base image with chrome and firefox, it is the same error (blank page white screen).

Below error as well,

I inserted your private key (that is hopefully a sample one) in https://lapo.it/asn1js/

and got this result:

The problem is the enc.encode(atob(encryptedToken)) line in the decrypt() method of the last JavaScript code snippet. The UTF-8 encoding corrupts the data, preventing successful decryption. If this is changed, decryption works as shown in the following.
The JavaScript code below is essentially the same as the first code snippet from the question, with the addition of exporting the private key in PKCS8 format:

According to a list of command line switches for Chromium (which works for your case) you need to use --ignore-certificate-errors-spki-list as a webdriver option argument.

Your code snippet options.add_argument('--ignore-certificate-errors-spki-list') implements this in a correct way (cf. doc, respectively the code base of Chromium for kIgnoreCertificateErrorsSPKIList[]). On a slight off-topic note, --ignore-certificate-errors (as suggested in various StackOverflow questions) is deprecated.

Anyhow, generally speaking your error message (see below)

[18912:1216:0116/175151.966:ERROR:ssl_client_socket_impl.cc(960)] handshake failed; returned -1, SSL error code 1, net_error -101

infers that the handshake between your Selenium ChromeDriver and the Chrome Browser has failed along the way of execution. If we take a look at ssl_client_socket_impl.cc, we can see SSLClientSocketImpl::DoHandshake() (which causes your error):

Ok I manage to find out why.. apparently decryptedHash is not really the actual hash value. I need to go to https://lapo.it/asn1js/ to convert it. I am not very well-verse in that area but I manage to find some clue by looking at this post https://crypto.stackexchange.com/questions/80768/openssl-extract-hash-algorithm-from-signature-data-pkcs1-v-1-5

It seems that the decryptedHash is in DER ANS1 format.

Added 3 more lines to my program and I am able to match the manualHash

There are some conflicting args between your args object and the options that you've set, make sure there are no unwanted ones listed.

The main reason it doesn't hide it: instead of excludeSwitches you should give an array of not desired switches in ignoreDefaultArgs:

Doesn't hide: ❌

The failed verification has two reasons:

• The PSS padding must be specified explicitly, since PKCS#1 v1.5 padding is the default, s. here.

• The conversion of the signature corrupts the data: The line: