search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.28k stars 645 forks source link

Started to bugs, version 11.0. #615

Closed smallfawn closed 8 months ago

smallfawn commented 8 months ago

When I use KJUR crypto. Cipher. The encrypt (" text ", key) tip Error: Cipher. Encrypt: unsupported key or algorithm But when I switched back to version 10.9 it worked

const {KEYUTIL,KJUR} = require('jsrsasign');

const publicKey =

    "-----BEGIN PUBLIC KEY-----\n" +
    "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANuiHtpFZeUZCiCdFJsrgDIc398KCOF5\n" +
    "Cr0bmma8SejrJWxCAThggEm9VTvsWPH6iLou8Lyo1zsC4bG2v9XIGusCAwEAAQ==\n" +
    "-----END PUBLIC KEY-----";

const key = KEYUTIL.getKey(publicKey);
console.log(key);
console.log(KJUR.crypto.Cipher.encrypt("哈哈哈", key));

error Error: Cipher.encrypt: unsupported key or algorithm

kjur commented 8 months ago

I'm sorry but RSA encryption/decryption is not supported from version 11.0 because of Marvin attack vulnerability. https://github.com/kjur/jsrsasign/security/advisories/GHSA-rh63-9qcf-83gf