search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.27k stars 643 forks source link

wrong ctext length #523

Closed Neneil94 closed 2 years ago

Neneil94 commented 2 years ago

I am trying to decrypt data with rs.KJUR.crypto.Cipher.decrypt.

let hexKey = rs.b64utohex(privateKey); 
let rsaKey = new rs.RSAKey();
rsaKey.readPKCS5PrvKeyHex(hexKey);

let hexString = rs.ArrayBuffertohex(data); // --> length of hex string is 512

let result = rs.KJUR.crypto.Cipher.decrypt(hexString, rsaKey, 'RSAOAEP256');

Result of calling this: decrypt ist the following Error:

[Unhandled promise rejection: Error: wrong ctext length]
at http://192.168.2.100:19000/node_modules/expo/AppEntry.bundle?platform=ios&dev=true&hot=false&minify=false:266574:21 in RSADecryptOAEP
at node_modules/jsrsasign/lib/jsrsasign.js:234:14111 in KJUR.crypto.Cipher.decrypt

Am I doing something wrong? Thx!

kjur commented 2 years ago

Could you provide your keys, messages and codes for my further investigation?

kjur commented 2 years ago

I hope Following may help you. https://github.com/kjur/jsrsasign/blob/master/test/qunit-do-crypto-cipher.html https://github.com/kjur/jsrsasign/blob/master/sample_node/datadecrypt https://github.com/kjur/jsrsasign/blob/master/sample_node/dataencrypt

Neneil94 commented 2 years ago

Yes of course.

rsaKey:

RSAKey {
  "coeff": BigInteger {
    "0": 3371570,
    "1": 55316830,
    "10": 8856916,
   ...
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
  "d": BigInteger {
    "0": 3371570,
    "1": 55316830,
    ...
    "34": 20189908,
    "35": 15239497,
    "36": 23881506,
    "37": 2017432,
    "4": 23816031,
    "5": 38866201,
    "6": 17254087,
    "7": 29710725,
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
  "dmp1": BigInteger {
    "0": 3371570,
    "1": 55316830,
    "10": 8856916,
   ...
    "5": 38866201,
    "6": 17254087,
    "7": 29710725,
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
  "dmq1": BigInteger {
    "0": 3371570,
    "1": 55316830,
    "10": 8856916,
    "11": 26577173,
    ...
    "6": 17254087,
    "7": 29710725,
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
  "e": 7.86420472185414e+295,
  "isPrivate": true,
  "isPublic": false,
  "n": BigInteger {
    "0": 3371570,
    "1": 55316830,
    "10": 8856916,
    ...
    "5": 38866201,
    "6": 17254087,
    "7": 29710725,
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
  "p": BigInteger {
    "0": 3371570,
    "1": 55316830,
    "10": 8856916,
    ...
    "6": 17254087,
    "7": 29710725,
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
  "q": BigInteger {
    "0": 3371570,
    ...
    "3": 28429765,
    "30": 36061731,
    "31": 14190768,
    "32": 2961973,
    "33": 63983956,
    "34": 20189908,
    "35": 15239497,
    "36": 23881506,
    "37": 2017432,
    "4": 23816031,
    "5": 38866201,
    "6": 17254087,
    "7": 29710725,
    "8": 7616578,
    "9": 56335451,
    "s": 0,
    "t": 38,
  },
}

hexString:

2c5876f252bd44de0333bc2dca246b221c7c24386bcc5c5b2789f0bdb4537b3fc6e81dfc003ad61c13f01c96996fcbebd01f....

The data has been ecrypted with WebCrypto API:

window.crypto.subtle.encrypt({ name: "RSA-OAEP" }, publicKey, data);
Neneil94 commented 2 years ago

keyPair was created that way:

window.crypto.subtle.generateKey({
        name: "RSA-OAEP",
        modulusLength: 2048,
        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
        hash: { name: "SHA-256" },
    }, true, ["encrypt", "decrypt"]);
kjur commented 2 years ago

Could you provide your private key with PKCS#8 or PKCS#1 format?

Neneil94 commented 2 years ago

Thats not PKCS format but does this format helps you?

{"alg":"RSA-OAEP-256","d":"BocE5dhBH...","dp":"biPv7VTHH07xEwF...5uFibc","dq":"Z_m6hP...","e":"A...","ext":true,"key_ops":["decrypt"],"kty":"RSA","n":"w0mE33ovZ6D...","p":"8mUHTzl...","q":"zj-aVKbM3gobCa8wTF...","qi":"RhgwYQ..."}
kjur commented 2 years ago

Sorry but I can help you with this key right now. As for helping your investigation, how about using PKCS#1.5 encryption not OAEP encryption. OAEP may requires some parameters. PKCS#1.5 don't require them.

kjur commented 2 years ago

You don't seem to provide your private key properly. Your private key generated by WebCrypto subtle can be exported by subtle.exportKey("pkcs8", privateKey) method and you can get PKCS#8 plain private key. It can be imported by KEYUTIL.getKey() method of jsrsasign. I hope this solves your issue. Thanks.

Neneil94 commented 2 years ago

Thank you for your time! Last question, is it possible to convert my jwk formatted key into pem format e.g. with https://www.npmjs.com/package/jwk-to-pem and try to import it with let rsaKey = new rs.RSAKey().readPrivateKeyFromPEMString;?

kjur commented 2 years ago

You can use KEYUTIL class for it.

var keyobj = KEYUTIL.getKey(jwkObj); // jwkObj is JSON data for private key. keyobj may be RSAKey object if jwk is RSA.
var pem = KEYUTIL.getPEM(keyobj, "PKCS8PRV"); // pem will plain PKCS#8 RSA private key