Essential Cryptography for JavaScript Developers by Alessandro Segala
Author:Alessandro Segala
Language: eng
Format: epub
Publisher: Packt Publishing Pvt Ltd
Published: 2022-01-17T00:00:00+00:00
Using RSA for encryption and decryption
Now that we've generated a new key pair, we can use it to encrypt and decrypt messages.
Before we dive into the code, it's important to point out that while you can use RSA to encrypt arbitrary data, it comes with some severe limitations. In particular, with a 2,048-bit key, the maximum amount of data that can be encrypted is 256 bytes, which is further reduced to just 190 bytes when we introduce the OAEP+SHA-256 padding, as we'll see in the following example.
Because of that, unless you're looking at encrypting only very short messages, in most cases, you will use RSA just to encrypt a symmetric key (such as a random 32-byte key to use with AES-256) to create a hybrid cryptosystem, just like we learned about in the introduction; we'll see code samples for doing this in the Hybrid encryption with RSA and AES section shortly.
To start, we can define a function to encrypt messages using RSA:
5.2: rsaEncrypt (from rsa-encrypt.js)
function rsaEncrypt(publicKey, plaintext) {
return crypto.publicEncrypt(
{
key: publicKey,
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
oaepHash: 'sha256'
},
plaintext
)
}
This function accepts two parameters â a public key and the plaintext message to encrypt. Recall that with public-key cryptography, you always use the public key to encrypt data and the private key to decrypt.
The main part of this function is the invocation of crypto.publicEncrypt, which receives two arguments, with the second being the plaintext message. The first one is a dictionary with a few options:
key is the public key; for example, a crypto.KeyObject object that's loaded with crypto.createPublicKey, as we saw earlier.
padding determines the padding algorithm to use. Plain RSA (also called "textbook RSA") is vulnerable to a few different attacks, so padding is used to add random data to the plaintext message before it's encrypted. While it's possible to use RSA without padding (also with Node.js), that should be avoided at all costs.There are two main padding algorithms, which are defined in Node.js as constants: crypto.constants.RSA_PKCS1_OAEP_PADDING (officially OAEP, or PKCS#1 v2 padding) and crypto.constants.RSA_PKCS1_PADDING (PKCS#1 v1.5). You should prefer OAEP in all cases whenever possible. PKCS#1 v1.5 is vulnerable to certain kinds of attacks and should only be used when strictly necessary, such as for compatibility with other systems that don't support OAEP.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4131)
Ego Is the Enemy by Ryan Holiday(3991)
Offensive Shellcode from Scratch by Rishalin Pillay(3677)
Exploring Deepfakes by Bryan Lyon and Matt Tora(3268)
Robo-Advisor with Python by Aki Ranin(3048)
Learning C# by Developing Games with Unity 2021 by Harrison Ferrone(2875)
Speed Up Your Python with Rust by Maxwell Flitton(2852)
Liar's Poker by Michael Lewis(2812)
Agile Security Operations by Hinne Hettema(2807)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic and Jasmin Redzepagic(2806)
OPNsense Beginner to Professional by Julio Cesar Bueno de Camargo(2805)
Extreme DAX by Michiel Rozema & Henk Vlootman(2790)
Essential Cryptography for JavaScript Developers by Alessandro Segala(2741)
Elevating React Web Development with Gatsby by Samuel Larsen-Disney(2732)
Python for ArcGIS Pro by Silas Toms Bill Parker(2647)
AI-Powered Commerce by Andy Pandharikar & Frederik Bussler(2642)
Incident Response Techniques for Ransomware Attacks by Oleg Skulkin(2628)
Distributed .NET with Microsoft Orleans by Bhupesh Guptha Muthiyalu Suneel Kumar Kunani(2628)
Cryptography Algorithms by Massimo Bertaccini(2627)