Search code examples
node.jsswiftencryptionrsapem

Node.js crypto publicEncrypt returns a too long value

I'm trying to encrypt a string from an RSA Public key, generated by an iOS device (in swift). I'm using crypto.publicEncrypt function, but the base64 string returned is too long for the key.

In my case, is a 3072 bits RSA key, so the expected encrypted value length is 384 bytes, but crypto.publicEncrypt() return 512.

I did try every options for this function and every modifications in the client side. I'm pretty sure the problem comes from the encryption, because the client can encrypt with the same key.

If someone can save my week end!?

My code:

// Dependencies
const crypto = require('crypto')

// The secret data
const message = Buffer.from("Secret message")

// Secret data encryption
const publicKey // Buffer from Binary Data of the public key, in PEM format
const pem = publicKey.toString('utf8')
const opts = {
    key: pem, // Public key
    oaepHash: 'RSA-SHA384', // Algorithm used by the client
    padding: crypto.constants.RSA_PKCS1_OAEP_PADDING // Every other paddings throw an exception
}
var bufferEncryption = crypto.publicEncrypt(opts, message)
const encryptedMessage = bufferEncryption.toString('base64')

// Sending encryptedMessage to the client...

// My issue
console.log(encryptedMessage.length) // 512 (expected: 384)

SOLVED: No problem with the code. The encryption function has the expected behaviour. My mistake cames from the response encoding to the client. I confused the expected bytes and the characters. The joy to work with different languages in the same time. Thank to @Maarten Bodewes for clearing up my confusion.

Solution

  • I'm not sure why you expect the key to be 384 characters. Base 64 uses 4 characters to encode 3 bytes (or 6 bits per character, 2^6=64 after all). If we assume the same amount of bytes - for US-ASCII compatible schemes such as Windows-1252 or indeed UTF-8 - then (384 / 3) * 4 = 512. The byte size you are talking about is the size without any encoding to text.

    There is another answer here that indicates that you could use binary as encoding. Unless I'm terribly mistaken that will convert to an analogue of a byte array.