diff --git a/src/keys/rsa-browser.js b/src/keys/rsa-browser.js index 7b524a33..b17f62e3 100644 --- a/src/keys/rsa-browser.js +++ b/src/keys/rsa-browser.js @@ -129,8 +129,8 @@ RSA encryption/decryption for the browser with webcrypto workarround Explanation: - Convert JWK to PEM - Load PEM with nodeForge - - Convert msg buffer to nodeForge buffer: it's already uint8array, so do nothing - - Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array + - Convert msg buffer to nodeForge buffer: ByteBuffer is a "binary-string backed buffer", so let's make our buffer a binary string + - Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array(buffer) */ @@ -140,7 +140,8 @@ const jwkToPem = require('pem-jwk').jwk2pem function convertKey (key, pub, msg, handle) { const pem = jwkToPem(key) const fkey = pki[pub ? 'publicKeyFromPem' : 'privateKeyFromPem'](pem) - const fomsg = handle(Buffer.from(msg), fkey) + const fmsg = Buffer.from(msg).toString('binary') + const fomsg = handle(fmsg, fkey) return Buffer.from(fomsg, 'binary') } diff --git a/src/keys/rsa.js b/src/keys/rsa.js index 3557e3c9..06605a32 100644 --- a/src/keys/rsa.js +++ b/src/keys/rsa.js @@ -69,10 +69,12 @@ exports.hashAndVerify = async function (key, sig, msg) { // eslint-disable-line return verify.verify(pem, sig) } +const padding = crypto.constants.RSA_PKCS1_PADDING + exports.encrypt = function (key, bytes) { - return crypto.publicEncrypt(jwkToPem(key), bytes) + return crypto.publicEncrypt({ key: jwkToPem(key), padding }, bytes) } exports.decrypt = function (key, bytes) { - return crypto.privateDecrypt(jwkToPem(key), bytes) + return crypto.privateDecrypt({ key: jwkToPem(key), padding }, bytes) }