Essential Cryptography for JavaScript Developers by Alessandro Segala

Author:Alessandro Segala
Language: eng
Format: epub
Publisher: Packt Publishing Pvt Ltd
Published: 2022-01-17T00:00:00+00:00

Using RSA for encryption and decryption

Now that we've generated a new key pair, we can use it to encrypt and decrypt messages.

Before we dive into the code, it's important to point out that while you can use RSA to encrypt arbitrary data, it comes with some severe limitations. In particular, with a 2,048-bit key, the maximum amount of data that can be encrypted is 256 bytes, which is further reduced to just 190 bytes when we introduce the OAEP+SHA-256 padding, as we'll see in the following example.

Because of that, unless you're looking at encrypting only very short messages, in most cases, you will use RSA just to encrypt a symmetric key (such as a random 32-byte key to use with AES-256) to create a hybrid cryptosystem, just like we learned about in the introduction; we'll see code samples for doing this in the Hybrid encryption with RSA and AES section shortly.

To start, we can define a function to encrypt messages using RSA:

5.2: rsaEncrypt (from rsa-encrypt.js)

function rsaEncrypt(publicKey, plaintext) {

return crypto.publicEncrypt(

{

key: publicKey,

padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,

oaepHash: 'sha256'

},

plaintext

)

}

This function accepts two parameters – a public key and the plaintext message to encrypt. Recall that with public-key cryptography, you always use the public key to encrypt data and the private key to decrypt.

The main part of this function is the invocation of crypto.publicEncrypt, which receives two arguments, with the second being the plaintext message. The first one is a dictionary with a few options:

key is the public key; for example, a crypto.KeyObject object that's loaded with crypto.createPublicKey, as we saw earlier.

padding determines the padding algorithm to use. Plain RSA (also called "textbook RSA") is vulnerable to a few different attacks, so padding is used to add random data to the plaintext message before it's encrypted. While it's possible to use RSA without padding (also with Node.js), that should be avoided at all costs.There are two main padding algorithms, which are defined in Node.js as constants: crypto.constants.RSA_PKCS1_OAEP_PADDING (officially OAEP, or PKCS#1 v2 padding) and crypto.constants.RSA_PKCS1_PADDING (PKCS#1 v1.5). You should prefer OAEP in all cases whenever possible. PKCS#1 v1.5 is vulnerable to certain kinds of attacks and should only be used when strictly necessary, such as for compatibility with other systems that don't support OAEP.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.