Allow to use Node.js crypto library in the sandbox

[JoseExposito]

App Details:

Postman for Mac
Version 5.3.0
OS X 10.11.6 / x64

Feature Request:

This is not a bug report, just a feature request.

It'd be nice if Node's crypto module could be accessible from the sandbox.

I'm trying to generate a ES256 JWT token before each request in my collection but CryptoJS does not implement the ECDSA algorithm. Also, crypto implements much more functionality that CryptoJS and I'm sure there are many use cases where this feature will be useful.

Thanks a lot for your excellent work on Postman 😄

[harryi3t]

@JoseExposito I am glad that you like our product so much :) Adding support for crypto is already on our roadmap. Will keep you posted.

Thank you for your patience.

[frankiedrake]

Also waiting for crypto :D Thanks!

[EskoCruz]

Same 😃

[pburgr]

mee too

[davidschwab]

@harryi3t @kamalaknn Postman/Newman is an awesome platform, but this too is a blocker for RSA support. Exposing the native node.js crypto module would solve, any ETA?

FYI - this issue looks similar.

Update: In case anyone else can do the same, I worked around this by creating an external microservice to create the needed signed JWT using the RS256 algorithm.

[kingwrcy]

+1,please support RSA encrypt/decrypt/sign/verify。

[brugr9]

+1: crypto.createHmac('sha1', pm.apiToken)

[Ruku1590]

When can we expect this to be available?

[runev]

+1

[speaud]

I agree that it'd be great to integrate NodeJS and it's packages with PM.

In this case you could possibly use the builtin sandbox crypto-js package - https://www.getpostman.com/docs/v6/postman/scripts/postman_sandbox

[JagpreetKaur]

When this will be available? Need to use cryto so many times

[runev]

This - or at least something which allows us to create RSA-SHA256 signatures based on draft-cavage-http-signatures-10 has to be added.

We've currently had to develop a minor reverse proxy app in Node, which we use to dispatch all Postman requests through to be able to set the Signature header - only because Postman doesn't support RSA-SHA256 using CryptoJS.

It's a pain.

[logiiiiiiiii]

+1

[hodga]

+1

[anhthang]

+1

[msutormin]

2 years passed and still no crypto. Sadly it doesn't seem like a high priority feature.

[BoCsA]

+1

[joseviro]

+1

[nery]

+1

[Lukazar]

+1

[thoys]

+1

[andrew-property-xyz]

Need crypto in sandbox. All google cloud APIs require OAuth2 tokens signed using RS256. The workaround of using eval(pm.globals.get('jsrsasign-js')) does not work for me. Completely stumped and now looking at other tools to deliver automated testing of my APIs. Clearly this is not a priority and would love to understand the thinking behind supporting crypto-js when RS256 is so commonly used...

[arlemi]

@andrew-property-xyz There are a few options to import external libraries, see:

• Fetching an external library
• Postman External Require

[andrew-property-xyz]

Hi Arlemi - thanks for getting back to me. With a little more perseverance, I managed to resolve the issue I was having and now have the 'jsrsasign-js' library imported and working. Whose idea was it to have both an underscore and a hyphen in our language...! ;) (it wasn't quite as simple as that but it was the first hurdle)

[arlemi]

Glad you got it working @andrew-property-xyz ! If you have a code sample/collection to share I'm sure people in this thread would also be grateful. 😄

[secure12]

4 years passed and still no crypto in Postman... nice...

[d-lach]

This is a joke.

[muhaimincs]

what a joke

[ga250182]

When we can expect crypto lib made available in postman

[a-badalyan]

21.10.2022 ping

[pbmzero]

Not having the crypto library easily importable makes it hard to consume soap wss-v1.1 spec because the UsernameTokenProfile requires sha-1 encrypt the authentication headers wsse:Nonce :
https://www.oasis-open.org/committees/download.php/13392/wss-v1.1-spec-pr-UsernameTokenProfile-01.htm

The SOAP API vendor I'm consuming actually recommended instead use testing framework rather than postman for this reason

[mtubul]

any updates reagrding the ability to load crypto module? need it since i am using WebAuthn module which using the crypto module under the hood and i was highly happy if we had it

[karelbilek]

Related to #2678 but honestly I don't think it will ever be fixed

[karelbilek]

What did work for me:

• copy-paste the minified version of https://kjur.github.io/jsrsasign/ to the pre-request script ( from https://raw.githubusercontent.com/kjur/jsrsasign/master/jsrsasign-all-min.js ) - about 200 lines of minified code
• on top of the script, write var navigator = {}; var window={} to satisfy some random checks in the code

then you can actually use the API of the library, as described here

https://kjur.github.io/jsrsasign/

I am not sure if the API you want is there though; maybe you can find another library

[khiem20tc]

Need to use "crypto" build-in node in Sandbox Postman to create signature authentication for APIs. Have any suggestions for replacement solutions?

[lachlanritchie1]

@davidschwab how did you create the external microservice you mentioned here? If you can point us to us some exmaples that would be great. Thank you.

@harryi3t @kamalaknn Postman/Newman is an awesome platform, but this too is a blocker for RSA support. Exposing the native node.js crypto module would solve, any ETA?

FYI - this issue looks similar.

Update: In case anyone else can do the same, I worked around this by creating an external microservice to create the needed signed JWT using the RS256 algorithm.

[YannMathieu]

@khiem20tc Take a look at https://gist.github.com/aroemen/91d4368cf5714f5d32ea5bdb53d221f9. I have been able to use it for Auth0 Private Key JWT machine to machine authentication.

[foliv57]

Hi, any news on that feature request ? "crypto-js" is now discontinued, meaning that having access to NodeJS crypto module becomes a must-have for any modern encryption. Thank you