Search code examples
javascriptnode.jsencryptionencryption-asymmetric

Browser encrypting Server decrypting

In the browser on the client I encrypt a rand_key variable using jsencrypt.js and a public key. The encrypted key is send via the body in a mail to the server. (This is the only way within my reach given the IT structure.) In my browser I have:

<!DOCTYPE html>
<html lang="en">
<head>
    <script type="application/javascript" src="jsencrypt.js"></script>
</head>
<body>
<script>
    var pubkey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALDjeFwFNhMCjMwcRVVKG1VvfsntEVPR3lNTujJnNk1+iSqZ4Tl5Lwq9GbwO+qlYVwXHNmeqG7rkEhL9uyDIZVECAwEAAQ=="
    var rand_key = 'vpeq91mckhntgldi';
    // Encrypt rand_key
    var encrypt = new JSEncrypt();
    //console.log('encrypt obj', encrypt);
    encrypt.setPublicKey(pubkey);
    var encrypted_rand_key = encrypt.encrypt(rand_key, 'base64');
    console.log('encrypted_rand_key', encrypted_rand_key);
</script>
</body>
</html>

On my PC running node (where I receive the email):

var CryptoJS = require("crypto-js");
// encrypted string copied from browser console
var encrypted = 'IuRaUfDHDIJsO0JZbEj7RS/1Sw0iSZPB267MN9lmF5Fn/kuMMRyKlAjplwvUJ9qvirajOcAQNnRZs9A+gVcWLQ=='
IuRaUfDHDIJsO0JZbEj7RS/1Sw0iSZPB267MN9lmF5Fn/kuMMRyKlAjplwvUJ9qvirajOcAQNnRZs9A+gVcWLQ==

var key_pri = new NodeRSA('-----BEGIN RSA PRIVATE KEY-----MIIBPAIBAAJBALDjeFwFNhMCjMwcRVVKG1VvfsntEVPR3lNTujJnNk1+iSqZ4Tl5Lwq9GbwO+qlYVwXHNmeqG7rkEhL9uyDIZVECAwEAAQJBAIS8vYX4FyLex/8mu9SLvsU23KL0dgs7MqW+77uA/hvZt5eb/C0EfUekap3LBuAF3XqVkOwIjsDyj74adrB6J1ECIQDfxT74mqu+xZjdlrfNZcchu/MrrW631aMF4rsRZccTbQIhAMpdneTSAATCwE8vt4bS6BBnv8Y8ZceNO6wGOvcW30b1AiAY2MEGP75kP3Ka4Dpmfy+eSk1VAzvxA7LHW4akBuYU/QIhAMk7gtGSCjaxuy6DUssdW2tE4C0uzj87sIUFxQkEk48pAiEAkHxKin7tcB4pVU2yurSbGkB+TbaCOfkIzR4griXq00k=-----END RSA PRIVATE KEY-----');

var decrypted = key_pri.decrypt(encrypted, 'utf8');
console.log('decrypted: ', decrypted);

Unfortunately I get an error message:

Error: Error during decryption (probably incorrect key). Original error: Error: error:040A1079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

How can I fix the decription on the server (pc) side ? Thanks !

Solution

  • The error gives you the information that the padding is wrong. JSencrypt is based on JSBN and only supports PKCS#1 v1.5 padding, but not OAEP. You have to configure NodeRSA to use the appropriate padding:

    var key_pri = new NodeRSA(privateKeyString, {
    encryptionScheme: 'pkcs1'
});

    Then, you're passing a Base64-encoded string to key_pri.decrypt, but it expects the actual data as a Buffer, so you first need to parse that:

    var decrypted = key_pri.decrypt(new Buffer(encrypted, 'base64'), 'utf8');