travist / jsencrypt

A zero-dependency Javascript library to perform OpenSSL RSA Encryption, Decryption, and Key Generation.
http://www.travistidwell.com/jsencrypt
Other
6.69k stars 2.02k forks source link

OAEP Padding Not Supported #84

Open iSatishYadav opened 8 years ago

iSatishYadav commented 8 years ago

This encryption algorithm currently doesn't support OAEP Padding, so when the encrypted string is being decrypted with .NET's RSAServiceProvider, it gives Padding reading error. Please provide a Boolean parameter stating whether OAEP padding should be used for encryption. e.g. new JSEncrypt().encrypt("HelloWorld", true);

jssuttles commented 7 years ago

I'd just like to check to see if this is likely to be built or whether I need to work with the current padding scheme. I had server - server encryption and now I'm moving towards client - server encryption. The old server - server mechanism used RSA_PKCS1_OAEP_PADDING from ursa. I'd like to continue using that if possible.

alfaro28 commented 7 years ago

@jssuttles , I forked this and added support for OAEP padding as @iSatishYadav suggested https://github.com/alfaro28/jsencrypt

jssuttles commented 7 years ago

@alfaro28 Do you have a pull request? I don't really have the means to verify whether it works properly and securely. If they could merge your stuff in, that would be great.

jssuttles commented 7 years ago

@alfaro28 Also, can you change the alerts back to console.error? I think it might work better as an npm package that way.

akkigeekdev commented 5 years ago

@jssuttles , I forked this and added support for OAEP padding as @iSatishYadav suggested https://github.com/alfaro28/jsencrypt

Any help !!!!

JSEncrypt.js Once encrypted using OAEP padding true, decryption getting fail (in javascript itself). But can be decrypted by c#(RSACryptoServiceProvider)

JSEncrypt.min.js After encrypting using OAEP padding true, can not able to decrypt by c#(RSACryptoServiceProvider). Which was working in non minified file.

aWuttig commented 5 years ago

will this be supported by jsencrypt in the future?

2u4u commented 4 years ago

Hello! Any news on this? Does script support OAEP now?

wenjoy commented 4 years ago

Also encounter this issue, I guess there is still some work to make it.

lujiabz commented 4 years ago

@alfaro28 how to use sha256,it is sha1 now

xuelin2020 commented 1 year ago

Looking forward to adding OAEP 👀

caocuong2404 commented 1 year ago

Me too

travist commented 1 year ago

@alfaro28 if you submit a pull request, I will consider pulling it into this repo. Thanks!

alfaro28 commented 1 year ago

@travist I submitted the PR but please take in consideration I did this change several years ago and I'm no longer using this project

radek-anuszewski commented 1 year ago

Hi @travist, how's code review of @alfaro28 changes going on?

DhivyaDelphina commented 1 year ago

Hi @travist, any update here?

brucelpt commented 11 months ago

Hi @travist @jssuttles , how's code review of @alfaro28 changes going on?

jssuttles commented 11 months ago

Looks like there was a request for changes 7 months ago. I also made a request to change from alerts to something else. (I don't know how changes to a maybe dead PR are made...)

brucelpt commented 11 months ago

I switched to the node-forge library, which can easily support OAEP Padding, for example:

import forge from 'node-forge'
export function RSAOAEPPadding(pwd) {
  const publicKeyPem = `Your public key PEM format data`
  const publicKey = forge.pki.publicKeyFromPem(publicKeyPem)
  const encryptedBytes = publicKey.encrypt(pwd, 'RSA-OAEP', {
    md: forge.md.sha256.create()
  })
  // Convert the encrypted bytes to a Base64-encoded string
  const encryptedBase64 = forge.util.encode64(encryptedBytes)
  return encryptedBase64
}
travist commented 11 months ago

I will re-review the pull request this week and try to release a new version in the next few weeks.

RaulGRoque commented 10 months ago

@travist Any news about this new version please?

cjbathras commented 9 months ago

@travist any update? NodeJS 18.19.0 is the last version to support PKSC1 padding. All later versions don't allow it because of CVE-2023-46809. An OAEP padding option would be most helpful.

watharindukumara commented 6 months ago

@travist RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Could you let me know if there is a method to encrypt data using the encryption technique that was mentioned?