OAEP Padding Not Supported

[iSatishYadav]

This encryption algorithm currently doesn't support OAEP Padding, so when the encrypted string is being decrypted with .NET's RSAServiceProvider, it gives Padding reading error. Please provide a Boolean parameter stating whether OAEP padding should be used for encryption. e.g. new JSEncrypt().encrypt("HelloWorld", true);

[jssuttles]

I'd just like to check to see if this is likely to be built or whether I need to work with the current padding scheme. I had server - server encryption and now I'm moving towards client - server encryption. The old server - server mechanism used RSA_PKCS1_OAEP_PADDING from ursa. I'd like to continue using that if possible.

[alfaro28]

@jssuttles , I forked this and added support for OAEP padding as @iSatishYadav suggested https://github.com/alfaro28/jsencrypt

[jssuttles]

@alfaro28 Do you have a pull request? I don't really have the means to verify whether it works properly and securely. If they could merge your stuff in, that would be great.

[jssuttles]

@alfaro28 Also, can you change the alerts back to console.error? I think it might work better as an npm package that way.

[akkigeekdev]

@jssuttles , I forked this and added support for OAEP padding as @iSatishYadav suggested https://github.com/alfaro28/jsencrypt

Any help !!!!

JSEncrypt.js Once encrypted using OAEP padding true, decryption getting fail (in javascript itself). But can be decrypted by c#(RSACryptoServiceProvider)

JSEncrypt.min.js After encrypting using OAEP padding true, can not able to decrypt by c#(RSACryptoServiceProvider). Which was working in non minified file.

[aWuttig]

will this be supported by jsencrypt in the future?

[2u4u]

Hello! Any news on this? Does script support OAEP now?

[wenjoy]

Also encounter this issue, I guess there is still some work to make it.

[lujiabz]

@alfaro28 how to use sha256，it is sha1 now

[xuelin2020]

Looking forward to adding OAEP 👀

[caocuong2404]

Me too

[travist]

@alfaro28 if you submit a pull request, I will consider pulling it into this repo. Thanks!

[alfaro28]

@travist I submitted the PR but please take in consideration I did this change several years ago and I'm no longer using this project

[radek-anuszewski]

Hi @travist, how's code review of @alfaro28 changes going on?

[DhivyaDelphina]

Hi @travist, any update here?

[brucelpt]

Hi @travist @jssuttles , how's code review of @alfaro28 changes going on?

[jssuttles]

Looks like there was a request for changes 7 months ago. I also made a request to change from alerts to something else. (I don't know how changes to a maybe dead PR are made...)

[brucelpt]

I switched to the node-forge library, which can easily support OAEP Padding, for example:

import forge from 'node-forge'
export function RSAOAEPPadding(pwd) {
  const publicKeyPem = `Your public key PEM format data`
  const publicKey = forge.pki.publicKeyFromPem(publicKeyPem)
  const encryptedBytes = publicKey.encrypt(pwd, 'RSA-OAEP', {
    md: forge.md.sha256.create()
  })
  // Convert the encrypted bytes to a Base64-encoded string
  const encryptedBase64 = forge.util.encode64(encryptedBytes)
  return encryptedBase64
}

[travist]

I will re-review the pull request this week and try to release a new version in the next few weeks.

[RaulGRoque]

@travist Any news about this new version please?

[cjbathras]

@travist any update? NodeJS 18.19.0 is the last version to support PKSC1 padding. All later versions don't allow it because of CVE-2023-46809. An OAEP padding option would be most helpful.

[watharindukumara]

@travist RSA/ECB/OAEPWithSHA-256AndMGF1Padding

Could you let me know if there is a method to encrypt data using the encryption technique that was mentioned?