Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why different default RSA padding at publicEncrypt and publicDecrypt ? #1093

Closed
cnasikas opened this issue Feb 5, 2018 · 5 comments
Closed

Why different default RSA padding at publicEncrypt and publicDecrypt ? #1093

cnasikas opened this issue Feb 5, 2018 · 5 comments

Comments

@cnasikas
Copy link

cnasikas commented Feb 5, 2018
edited
Loading

I am wondering why there is a different in RSA padding at publicEncrypt (RSA_PKCS1_OAEP_PADDING) and publicDecrypt (RSA_PKCS1_PADDING) functions in crypto lib ? Shouldn't be the same for consistency ?

  • Node.js Version: v8.9.4
  • OS: macOS High Sierra 10.13.3
  • Module: Crypto

Proof of concept:

import crypto from 'crypto'

function encrypt (plaintext) {
    return new Promise((resolve, reject) => {
      this._readFile('public.pem', 'utf8')
      .then((pubKey) => {
        let encBuffer = crypto.publicEncrypt(pubKey, Buffer.from(plaintext, 'utf-8'))
        resolve(encBuffer.toString('base64'))
      })
      .catch((err) => {
        reject(err)
      })
    })
  }

function decrypt (cipher) {
    return new Promise((resolve, reject) => {
      this._readFile('private.pem', 'utf8')
      .then((secKey) => {
        let decBuffer = crypto.publicDecrypt(secKey, Buffer.from(cipher, 'base64'))
        resolve(decBuffer.toString('utf8'))
      })
      .catch((err) => {
        console.log(err)
        reject(err)
      })
    })
  }




encrypt('test')
.then((cipher) => {
    console.log("Encrypted: " + cipher)
    return decrypt(cipher)
})
.then((plaintext) => {
    console.log("Decrypted: " + plaintext)
})

This will produce the following error (due to the difference in padding scheme):

Error: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01

I am not comfortable choosing the right RSA padding myself so I think it would be nice to be the same for both function or at least being explicit mention at the documention why there is different padding schemes.

Thanks a lot!
@bnoordhuis
Copy link
Member

Good question. My hunch would be that defaulting to PKCS#1 padding is for backwards compatibility with the API from before it supported multiple padding schemes. Perhaps @indutny can confirm, he wrote that.

@gireeshpunathil
Copy link
Member

ping @indutny for opinion.

@gireeshpunathil
Copy link
Member

ping @nodejs/crypto for opinion.

@shigeki
Copy link

shigeki commented Mar 23, 2018

The error in the above code is not caused by the padding scheme but the wrong use of decryption in

let decBuffer = crypto.publicDecrypt(secKey, Buffer.from(cipher, 'base64'))

The right result can be obtained after changing it as

let decBuffer = crypto.privateDecrypt(secKey, Buffer.from(cipher, 'base64'))

Anyway, publicEncrypt/privateDecrypt use OAEP while privateEncrypt/publicDecrypt use PKCS1.5 padding. I'm not sure the its reason but I guess it might be because the latter often is used for signature sign/verify which need PKCS1.5 padding scheme.

@gireeshpunathil
Copy link
Member

closing as answered, please re-open if it is still outstanding, thanks!

@sidorares sidorares mentioned this issue May 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bnoordhuis @shigeki @gireeshpunathil @cnasikas