computeRsaSha256Signature() returns Invalid argument: key error when key is public key or rsa private key

Question

I need to sign a message using RSA-SHA256 and a public key in my Google Apps Script.

I am trying to use Utilities.computeRsaSha256Signature(value, key) for this, but I just get an Invalid argument: key error.

For the purpose of this question I have generated a key-pair like this:

openssl genrsa -out private.pem 32
openssl rsa -in private.pem -out public.pem -outform PEM -pubout

My script looks like this:

function test() {
  var privKey = "-----BEGIN RSA PRIVATE KEY-----\nMCwCAQACBQC6fs8xAgMBAAECBQCxyL35AgMA3ecCAwDXJwICKLcCAnF9AgIbnA==\n-----END RSA PRIVATE KEY-----\n";
  var pubKey = "-----BEGIN PUBLIC KEY-----\nMCAwDQYJKoZIhvcNAQEBBQADDwAwDAIFALp+zzECAwEAAQ==\n-----END PUBLIC KEY-----\n";
  Utilities.computeRsaSha256Signature("value", pubKey); 
  Utilities.computeRsaSha256Signature("value", privKey);
}

When I run this I get an Invalid argument: key error on the first call to computeRsaSha256Signature.

The error suggests there is something wrong with they key, but I can't figure out what the problem is. I've tried with both the public and the private key and I've tried to strip the newlines but everything fails with the same message.

My code looks very similar to the example in the documentation so I'm not sure what I am doing wrong.

How can Utilities.computeRsaSha256Signature() be used successfully?

Answer 1

Keys starting with BEGIN PRIVATE KEY have a different format than the ones with BEGIN RSA PRIVATE KEY.

I was starting from a key in the "RSA" format but the computeRsaSha256Signature needs a key in the non-RSA format.

You can convert from the latter to the former with:

openssl pkcs8 -topk8 -inform pem -in private.pem -outform pem -nocrypt -out newPrivate.pem

Source: https://plus.google.com/106009755685055488206/posts/bYuPM6MGwsU