I have a signed data being passed to my server along with the public key in hex format, with which this data was signed. Hash algorithm is the same for all requests sha-256, but public keys are different for every request because rsa public+private pair is generated on the client.
So my question is - how can I verify the signature with public key in hex format? In node's
crypto docs I see that I need to have a pem-format file, but I don't have one. And actually there will be many requests of this kind, so it wouldn't be good to create these files.
Best How To :
Don't. Seriously. Don't. Rolling your own cryto will be bad.
Instead, use https or, if you really must do it yourself, try to implement Diffie-Hellman. At least with DH, you aren't creating your own algorithm. As to why this is bad, consider an attacker who wants to read your data. If you merely sign it, it's really not that different than signing a letter in real life. It's your signature and (mostly) no one else can do it. But if I steal that letter of yours, write my own and sign it with my signature (using your name), the recipient will know it wasn't from you. But wait! What if you never contacted this recipient before? They won't know who's writing and signing using your name. Is it really you? Or is it me? You need to do a key-exchange to prevent this.