GitHub API secret encryption with libsodium in Node.js:UnhandledPromiseRejectionWarning:Error:bad public key size

yuvru6vn  于 2024-01-07  发布在  Node.js
关注(0)|答案(2)|浏览(148)

我想通过GitHub REST API设置一个仓库密码。我使用文档中的示例:

  1. const sodium = require('tweetsodium');
  3. const key = "base64-encoded-public-key";
  4. const value = "plain-text-secret";
  6. // Convert the message and key to Uint8Array's (Buffer implements that interface)
  7. const messageBytes = Buffer.from(value);
  8. const keyBytes = Buffer.from(key, 'base64');
  10. // Encrypt using LibSodium.
  11. const encryptedBytes = sodium.seal(messageBytes, keyBytes);
  13. // Base64 the encrypted secret
  14. const encrypted = Buffer.from(encryptedBytes).toString('base64');
  16. console.log(encrypted);

字符串
我收到这个错误:

  1. (node:6008) UnhandledPromiseRejectionWarning: Error: bad public key size
  2.     at checkBoxLengths (C:\Users\User\probot\node_modules\tweetnacl\nacl-fast.js:2158:54)
  3.     at Function.nacl.box.before (C:\Users\User\probot\node_modules\tweetnacl\nacl-fast.js:2231:3)
  4.     at Object.nacl.box (C:\Users\User\probot\node_modules\tweetnacl\nacl-fast.js:2225:20)
  5.     at Object.tweetSodium.seal (C:\Users\User\probot\node_modules\tweetsodium\dist\index.umd.js:53:33)
  6.     at createSecret (C:\Users\User\probot\src\service\secret.js:55:33)
  7.     at Object.<anonymous> (C:\Users\User\probot\src\service\secret.js:73:1)
  8.     at Module._compile (internal/modules/cjs/loader.js:1138:30)
  9.     at Object.Module._extensions..js (internal/modules/cjs/loader.js:1158:10)
  10.     at Module.load (internal/modules/cjs/loader.js:986:32)
  11.     at Function.Module._load (internal/modules/cjs/loader.js:879:14)
  12. (node:6008) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
  13. (node:6008) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Problem:如何正确加密和解密密钥,以便在我的API中使用?
解决方案:@Topaco提到需要使用base64编码的密钥,比如2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=,解决了上面描述的错误。
已编辑

我将在不同的仓库中使用不同的密钥。我应该为每个仓库生成一个新的base64编码密钥吗?

node.js

2条答案

按热度按时间
2nc8po8w

2nc8po8w1#

示例代码不太清楚key实际上是什么以及从哪里获得它。您需要从/repos/{owner}/{repo}/codespaces/secrets/public-key端点获得的“存储库公钥”。
将存储库公钥与新secret中的值一起使用:

  1. const key = "base64-encoded-public-key"; // this is the repository public key you need to fetch from GitHub
  2. const value = "plain-text-secret"; // the secret value

字符串
然后,您可以创建或更新密钥:

  1. const res = await octokit.actions.createOrUpdateRepoSecret({
  2.     owner: "GITHUBUSER",  
  3.     repo: "GITHUB_REPO", 
  4.     secret_name: "KEY_NAME", 
  5.     encrypted_value: encrypted,
  6.   });

展开查看全部
赞(0)分享  回复(0)举报  2024-01-07
hgb9j2n6

hgb9j2n62#

这是我使用的代码。

  1. const crypto = require('crypto');
  3. const sodium = require('tweetsodium');
  4. const { Octokit } = require("@octokit/core");
  6. // Create a personal access token at https://github.com/settings/tokens/new?scopes=repo
  7. const octokit = new Octokit({ auth: process.env.GH_PERSONAL_ACCESS_TOKEN });
  9. module.exports = async () => {
  10.   const encryptionKey = crypto.randomBytes(16).toString('hex');
  11.   const publicKeyResponse = await octokit.request('GET /repos/<USERNAME>/<REPO>/actions/secrets/public-key');
  12.   const publicKey = publicKeyResponse.data.key;
  13.   const publicKeyId = publicKeyResponse.data.key_id;
  15.   // Convert the message and key to Uint8Array's (Buffer implements that interface)
  16.   const messageBytes = Buffer.from(encryptionKey);
  17.   const keyBytes = Buffer.from(publicKey, 'base64');
  19.   // Encrypt using LibSodium.
  20.   const encryptedBytes = sodium.seal(messageBytes, keyBytes);
  22.   // Base64 the encrypted secret
  23.   const encryptedEncryptionKey = Buffer.from(encryptedBytes).toString('base64');
  25.   await octokit.request('PUT /repos/<USERNAME>/<REPO>/actions/secrets/ENCRYPTION_KEY', {
  26.     owner: '<USERNAME>',
  27.     repo: '<REPO>',
  28.     secret_name: 'ENCRYPTION_KEY',
  29.     key_id: publicKeyId,
  30.     encrypted_value: encryptedEncryptionKey,
  31.   });
  33.   return encryptionKey;
  34. };

字符串

展开查看全部
赞(0)分享  回复(0)举报  2024-01-07
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com