Open iSatishYadav opened 8 years ago
I'd just like to check to see if this is likely to be built or whether I need to work with the current padding scheme. I had server - server encryption and now I'm moving towards client - server encryption. The old server - server mechanism used RSA_PKCS1_OAEP_PADDING from ursa. I'd like to continue using that if possible.
@jssuttles , I forked this and added support for OAEP padding as @iSatishYadav suggested https://github.com/alfaro28/jsencrypt
@alfaro28 Do you have a pull request? I don't really have the means to verify whether it works properly and securely. If they could merge your stuff in, that would be great.
@alfaro28 Also, can you change the alerts back to console.error? I think it might work better as an npm package that way.
@jssuttles , I forked this and added support for OAEP padding as @iSatishYadav suggested https://github.com/alfaro28/jsencrypt
Any help !!!!
JSEncrypt.js Once encrypted using OAEP padding true, decryption getting fail (in javascript itself). But can be decrypted by c#(RSACryptoServiceProvider)
JSEncrypt.min.js After encrypting using OAEP padding true, can not able to decrypt by c#(RSACryptoServiceProvider). Which was working in non minified file.
will this be supported by jsencrypt in the future?
Hello! Any news on this? Does script support OAEP now?
Also encounter this issue, I guess there is still some work to make it.
@alfaro28 how to use sha256,it is sha1 now
Looking forward to adding OAEP 👀
Me too
@alfaro28 if you submit a pull request, I will consider pulling it into this repo. Thanks!
@travist I submitted the PR but please take in consideration I did this change several years ago and I'm no longer using this project
Hi @travist, how's code review of @alfaro28 changes going on?
Hi @travist, any update here?
Hi @travist @jssuttles , how's code review of @alfaro28 changes going on?
Looks like there was a request for changes 7 months ago. I also made a request to change from alerts to something else. (I don't know how changes to a maybe dead PR are made...)
I switched to the node-forge library, which can easily support OAEP Padding, for example:
import forge from 'node-forge'
export function RSAOAEPPadding(pwd) {
const publicKeyPem = `Your public key PEM format data`
const publicKey = forge.pki.publicKeyFromPem(publicKeyPem)
const encryptedBytes = publicKey.encrypt(pwd, 'RSA-OAEP', {
md: forge.md.sha256.create()
})
// Convert the encrypted bytes to a Base64-encoded string
const encryptedBase64 = forge.util.encode64(encryptedBytes)
return encryptedBase64
}
I will re-review the pull request this week and try to release a new version in the next few weeks.
@travist Any news about this new version please?
@travist any update? NodeJS 18.19.0 is the last version to support PKSC1 padding. All later versions don't allow it because of CVE-2023-46809. An OAEP padding option would be most helpful.
@travist RSA/ECB/OAEPWithSHA-256AndMGF1Padding
Could you let me know if there is a method to encrypt data using the encryption technique that was mentioned?
This encryption algorithm currently doesn't support OAEP Padding, so when the encrypted string is being decrypted with .NET's RSAServiceProvider, it gives Padding reading error. Please provide a Boolean parameter stating whether OAEP padding should be used for encryption. e.g. new JSEncrypt().encrypt("HelloWorld", true);