node-forge package error with RSA enc/dec - node.js

I'm using node-forge npm on my meteor.js web app. I'm trying to do RSA encryption on some plain text according to this example: https://github.com/digitalbazaar/forge#rsa
The problem arrives when I want to decrypt the ciphertext where I want to get back the plaintext where it says the encryption block is invalid.
Following the example, I have to encrypt the bytes from the string so all that is done, but I don't understand why it fails on decryption? Any guesses?
rsaEncrypt:function(pubPem,privPem,plainText){
console.log(plainText);
var str = plainText;
var bytes = [];
for (var i = 0; i < str.length; ++i) {
bytes.push(str.charCodeAt(i));
}
console.log("BAJTOVI:");
console.log(bytes);
var publicKey = pki.publicKeyFromPem(pubPem);
console.log(publicKey);
var encrypted = publicKey.encrypt(bytes);
console.log("Encryption: ");
console.log(encrypted);
var privateKey = pki.privateKeyFromPem(privPem);
var decrypted = privateKey.decrypt(encrypted);
console.log("Decryption: ");
console.log(decrypted);
function bin2String(decrypted) {
var result = "";
for (var i = 0; i < decrypted.length; i++) {
result += String.fromCharCode(parseInt(decrypted[i], 2));
}
return result;
}
console.log("OPET TEXT:");
console.log(result);
return decryted;
},
The problem i get from the server:
Exception while invoking method 'rsaEncrypt' Error: Encryption block is invalid.
I20151110-21:22:05.279(1)? at Object._decodePkcs1_v1_5 [as decode] (/Users/mrcina/Meteor Projects/cryptonic/.meteor/local/isopacks/npm-container/npm/node_modules/node-forge/js/rsa.js:1446:11)
I20151110-21:22:05.279(1)? at Object.key.decrypt (/Users/mrcina/Meteor Projects/cryptonic/.meteor/local/isopacks/npm-container/npm/node_modules/node-forge/js/rsa.js:1083:19)
I20151110-21:22:05.279(1)? at [object Object].Meteor.methods.rsaEncrypt (server/methods.js:49:32)
I20151110-21:22:05.279(1)? at maybeAuditArgumentChecks (livedata_server.js:1698:12)
I20151110-21:22:05.279(1)? at livedata_server.js:708:19
I20151110-21:22:05.279(1)? at [object Object]._.extend.withValue (packages/meteor/dynamics_nodejs.js:56:1)
I20151110-21:22:05.279(1)? at livedata_server.js:706:40
I20151110-21:22:05.279(1)? at [object Object]._.extend.withValue (packages/meteor/dynamics_nodejs.js:56:1)
I20151110-21:22:05.280(1)? at livedata_server.js:704:46
I20151110-21:22:05.280(1)? at tryCallTwo (/Users/mrcina/.meteor/packages/promise/.0.5.1.1wnrf8h++os+web.browser+web.cordova/npm/node_modules/meteor-promise/node_modules/promise/lib/core.js:45:5)
THis line: var decrypted = privateKey.decrypt(encrypted);

Forge doesn't use arrays of integers to represent bytes; it uses binary-encoded strings. Try simplifying your code to the following:
rsaEncrypt:function(pubPem,privPem,plainText){
console.log(plainText);
var publicKey = pki.publicKeyFromPem(pubPem);
console.log(publicKey);
var encrypted = publicKey.encrypt(forge.util.encodeUtf8(plainText));
console.log("Encryption: ");
console.log(encrypted);
var privateKey = pki.privateKeyFromPem(privPem);
var decrypted = forge.util.decodeUtf8(privateKey.decrypt(encrypted));
console.log("Decryption: ");
console.log(decrypted);
return decrypted;
}

Related

Make Nodejs encrypt and decrypt function up to date

I'm trying to make my small function up to date, it generate 2 warnings:
(node:8944) [DEP0106] DeprecationWarning: crypto.createDecipher is deprecated.
(node:8944) Warning: Use Cipheriv for counter mode of aes-256-ctr:
Code:
var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
password = 'd6F3Efeq';
function encrypt(text){
var cipher = crypto.createCipher(algorithm,password)
var crypted = cipher.update(text,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
function decrypt(text){
var decipher = crypto.createDecipher(algorithm,password)
var dec = decipher.update(text,'hex','utf8')
dec += decipher.final('utf8');
return dec;
}
This encrypt and decrypt wonderfully, but it generate some errors. I tried the new syntax, and I have a hard time figuring it out. If someone could provide an up to date demo, you're the best. Thank you
PS: I don't want to use createDecipherIv, I only want to use a key if this make sense
Install crypto-js:
npm i --save crypto-js
and use it:
const crypto = require('crypto-js'),
password = 'd6F3Efeq';
function encrypt(text){
const result = crypto.AES.encrypt(text, password);
return result.toString();
}
function decrypt(text){
const result = crypto.AES.decrypt(text, password);
return result.toString(crypto.enc.Utf8);
}
or You can use cryptr

how to use Crypto to encrypt and decrypt binary data in Nodejs

I have new to use Crypto to encrypt an audio data in NodeJs. I got some error output when I trying to decrypt the data. here is my test code.
function encrypt (buf, key) {
const cipher = crypto.createCipheriv('des-ecb', key, new Buffer(0))
let c = cipher.update(Buffer.from(buf))
c += cipher.final('binary')
return c
}
function decrypt (buf, key) {
const cipher = crypto.createDecipheriv('des-ecb', key, new Buffer(0))
let c = cipher.update(buf)
c += cipher.final('binary')
return c
}
let pcmbuf = fs.readFileSync("test.pcm")
let enc = encrypt(pcmbuf,gen_key())
let dec = decrypt(enc,gen_key())
fs.writeFileSync('dec.pcm',dec)
It has produced an Error when I running this code. The detail is like bellow.
internal/crypto/cipher.js:104
var ret = this._handle.final();
^
Error: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length
at Decipheriv.final (internal/crypto/cipher.js:104:26)
at decrypt (/home/zsc/asr-js/test.js:60:17)
at Object.<anonymous> (/home/zsc/asr-js/test.js:67:11)
at Module._compile (module.js:660:30)
at Object.Module._extensions..js (module.js:671:10)
at Module.load (module.js:573:32)
at tryModuleLoad (module.js:513:12)
at Function.Module._load (module.js:505:3)
at Function.Module.runMain (module.js:701:10)
at startup (bootstrap_node.js:190:16)
How could I fix that problem. thanks for answer my problem!
Apparently the problem is with the padding...because of different languages of encrypting/decrypting...the answer is here on node.js github issues page
Quoting the answer
So calling decrypt.setAutoPadding(false); after you create the decipher instance will make it work as expected:
var crypto = require('crypto');
//the encrypted result
var theCipher = "ccZmMULq3tlzAY+iafZz+96xz+qFsAuGpEjhN7CckJTcdBT03fgobfSVGCGYzILyPNSA3e3msUqHUTCpv8kRnWvFdLv9c+GTEhg+Lj5dOThGDHtkQX2j5bd6Eubw9/l+Lcwj0PeyW0ZoVkB5Nnp1yCnmKAn2Euliq+IurgthT+wln6cQmTjXfL4IB5VxwUEb72FcbeiCfbKxa+MxxbcQTCpli3ErSptwdp9on2k87JTPFqyyMmMRFA9VgOXpHNe43IwFzME01DyHZ+Rp/eQguTmY9FtkFIZeD2e2nrbbDbW6tlk/KOtdhGVIlIGMPNS5m8LYqlrGZlJU3JythEy+J0z1wW1owjVe9Yto2OtUe8WeKI744enBKAX4FnD4My7+/XRjbF5kf6loT9lqeMCdXFb3LDej3GVcKWbJuZjXmD4="
var key = "abcdefghijklmnopqrstuvwx"
var decrypt = crypto.createDecipheriv('des-ede3', key, "");
//Add the auto padding here....IT HAVE TO BE after creating the decipher immeditely
decrypt.setAutoPadding(false);
var s = decrypt.update(theCipher, 'base64', 'utf8');
console.log(s + decrypt.final('utf8'));
Finally. I found a way to solve that case. Pass binary encoded string as the parameter instead pass buffer. Code as below.
function encrypt (buf, key) {
const cipher = crypto.createCipheriv('des-ecb', key, new Buffer(0))
let c = cipher.update(buf,'binary','base64')
c += cipher.final('base64')
return c
}
function decrypt (buf, key) {
const cipher = crypto.createDecipheriv('des-ecb', key, new Buffer(0))
let c = cipher.update(buf,'base64','base64')
c += cipher.final('base64')
return c
}
let pcmbuf = fs.readFileSync("test.pcm")
let enc = encrypt(pcmbuf.toString('binary'),gen_key())
let dec = decrypt(enc,gen_key())
fs.writeFileSync('dec.pcm',Buffer.from(dec,'base64'))

Crypto module is not working with latest node 7.10

The following code snippet is working in Node 0.12.18 (replace Buffer.from to new Buffer) but it's not working with the latest Node version (7.10.0)
Can anybody explain me why this is happening?? Anything is missing in below code.
/* Node.js */
var crypto = require('crypto');
var algorithm = 'aes-256-ctr';
var data = "Dhanet-Kalan-Chittorgarh"
var encryption_key = "VHUz1dxrhsowwEYGqUnPcE4wvAyz7Vmb";
var encryption_data = _encrypt()
console.log('data for encryption :: ' + data);
console.log('encrypted data :: ' + encryption_data);
console.log('decrypted data :: ' + _decrypt(encryption_data));
function _decrypt(_encryption_data){
var decipher, dec, chunks, itr_str;
// remove itr string
itr_str = _encryption_data.substring(_encryption_data.length-24);
_encryption_data = _encryption_data.substring(0, _encryption_data.length-24);
decipher = crypto.createDecipheriv(algorithm, encryption_key, Buffer.from(itr_str, "base64"));
chunks = []
chunks.push( decipher.update( Buffer.from(_encryption_data, "base64").toString("binary")) );
chunks.push( decipher.final('binary') );
dec = chunks.join("");
dec = Buffer.from(dec, "binary").toString("utf-8");
return dec;
}
function _encrypt(){
//random alpha-numeric string
var itr_str = Buffer.from(randomString(16)).toString('base64') ; // "3V5eo6XrkTtDFMz2QrF3og==";
var cipher = crypto.createCipheriv(algorithm, encryption_key, Buffer.from(itr_str, "base64"));
var chunks = [];
chunks.push(cipher.update( Buffer.from(data), 'utf8', 'base64'));
chunks.push(cipher.final('base64'));
var crypted = chunks.join('');
crypted = crypted.concat(itr_str);
return crypted;
}
function randomString(len, an)
{
an = an&&an.toLowerCase();
var str="", i=0, min=an=="a"?10:0, max=an=="n"?10:62;
for(;i++<len;){
var r = Math.random()*(max-min)+min <<0;
str += String.fromCharCode(r+=r>9?r<36?55:61:48);
}
return str;
}
Node.js v6 introduced some backward-incompatible changes to crypto which are causing this.
I've documented the exact reason in this answer, but because that question is related to hashing I'm reluctant to close your question as a duplicate.
The fix is similar, though (you need to pass binary as encoding for decipher.update(), otherwise it will default to utf-8):
chunks.push( decipher.update( Buffer.from(_encryption_data, "base64"), 'binary') );

ECDSA signatures between Node.js and WebCrypto appear to be incompatible?

I'm using the following example for signing + verifying in Node.js: https://github.com/nodejs/node-v0.x-archive/issues/6904. The verification succeeds in Node.js but fails in WebCrypto. Similarly, a message signed using WebCrypto fails to verify in Node.js.
Here's the code I used to verify a signature produced from the Node.js script using WebCrypto - https://jsfiddle.net/aj49e8sj/. Tested in both Chrome 54.0.2840.27 and Firefox 48.0.2
// From https://github.com/nodejs/node-v0.x-archive/issues/6904
var keys = {
priv: '-----BEGIN EC PRIVATE KEY-----\n' +
'MHcCAQEEIF+jnWY1D5kbVYDNvxxo/Y+ku2uJPDwS0r/VuPZQrjjVoAoGCCqGSM49\n' +
'AwEHoUQDQgAEurOxfSxmqIRYzJVagdZfMMSjRNNhB8i3mXyIMq704m2m52FdfKZ2\n' +
'pQhByd5eyj3lgZ7m7jbchtdgyOF8Io/1ng==\n' +
'-----END EC PRIVATE KEY-----\n',
pub: '-----BEGIN PUBLIC KEY-----\n' +
'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEurOxfSxmqIRYzJVagdZfMMSjRNNh\n' +
'B8i3mXyIMq704m2m52FdfKZ2pQhByd5eyj3lgZ7m7jbchtdgyOF8Io/1ng==\n' +
'-----END PUBLIC KEY-----\n'
};
var message = (new TextEncoder('UTF-8')).encode('hello');
// Algorithm used in Node.js script is ecdsa-with-SHA1, key generated with prime256v1
var algorithm = {
name: 'ECDSA',
namedCurve: 'P-256',
hash: {
name: 'SHA-1'
}
};
// Signature from obtained via above Node.js script
var sig64 = 'MEUCIQDkAtiomagyHFi7dNfxMrzx/U0Gk/ZhmwCqaL3TimvlswIgPgeDqgZNqfR5/FZZASYsczUAhGSXjuycLhWnvk20qKc=';
// Decode base64 string into ArrayBuffer
var b64Decode = (str) => Uint8Array.from(atob(str), x => x.charCodeAt(0));
// Get base64 string from public key
const key64 = keys.pub.split('\n')
.filter(x => x.length > 0 && !x.startsWith('-----'))
.join('');
// Convert to buffers
var sig = b64Decode(sig64);
var keySpki = b64Decode(key64);
// Import and verify
// Want 'Verification result: true' but will get 'false'
var importKey = crypto.subtle.importKey('spki', keySpki, algorithm, true, ['verify'])
.then(key => crypto.subtle.verify(algorithm, key, sig, message))
.then(result => console.log('Verification result: ' + result));
Related question with a similar issue using SHA-256 instead of SHA-1: Generating ECDSA signature with Node.js/crypto
Things I've checked:
I decoded the Node.js keys and verified they have the same OID as keys generated via WebCrypto. This tells me I'm using the correct curves.
SHA-1 is explicitly identified as the hash to use in both locations.
ECDSA is explicitly identified in both Node.js and WebCrypto.
How can I successfully verify the signature received from Node.js and vice versa - verify a signature in Node.js produced from WebCrypto? Or are the implementations of the standard subtly different in such a way that makes them incompatible?
Edit:
WebCrypto signature (64 bytes): uTaUWTfF+AjN3aPj0b5Z2d1HybUEpV/phv/P9RtfKaGXtcYnbgfO43IRg46rznG3/WnWwJ2sV6mPOEnEPR0vWw==
Node.js signature (71 bytes): MEUCIQDkAtiomagyHFi7dNfxMrzx/U0Gk/ZhmwCqaL3TimvlswIgPgeDqgZNqfR5/FZZASYsczUAhGSXjuycLhWnvk20qKc=
Verified Node.js signature is DER encoded and WebCrypto signature is not.
Having not used either of these libraries I can't say for certain, but one possibility is that they don't use the same encoding type for the signature. For DSA/ECDSA there are two main formats, IEEE P1363 (used by Windows) and DER (used by OpenSSL).
The "Windows" format is to have a preset size (determined by Q for DSA and P for ECDSA (Windows doesn't support Char-2, but if it did it'd probably be M for Char-2 ECDSA)). Then both r and s are left-padded with 0 until they meet that length.
In the too small to be legal example of r = 0x305 and s = 0x810522 with sizeof(Q) being 3 bytes:
// r
000305
// s
810522
For the "OpenSSL" format it is encoded under the rules of DER as SEQUENCE(INTEGER(r), INTEGER(s)), which looks like
// SEQUENCE
30
// (length of payload)
0A
// INTEGER(r)
02
// (length of payload)
02
// note the leading 0x00 is omitted
0305
// INTEGER(s)
02
// (length of payload)
04
// Since INTEGER is a signed type, but this represented a positive number,
// a 0x00 has to be inserted to keep the sign bit clear.
00810522
or, compactly:
Windows: 000305810522
OpenSSL: 300A02020305020400810522
The "Windows" format is always even, always the same length. The "OpenSSL" format is usually about 6 bytes bigger, but can gain or lose a byte in the middle; so it's sometimes even, sometimes odd.
Base64-decoding your sig64 value shows that it is using the DER encoding. Generate a couple signatures with WebCrypto; if any don't start with 0x30 then you have the IEEE/DER problem.
After many hours finally find a solution with zero dependences!!
In browser:
// Tip: Copy & Paste in the console for test.
// Text to sign:
var source = 'test';
// Auxs
function length(hex) {
return ('00' + (hex.length / 2).toString(16)).slice(-2).toString();
}
function pubKeyToPEM(key) {
var pem = '-----BEGIN PUBLIC KEY-----\n',
keydata = '',
bytes = new Uint8Array( key );
for (var i = 0; i < bytes.byteLength; i++) {
keydata += String.fromCharCode( bytes[ i ] );
}
keydata = window.btoa(keydata);
while(keydata.length > 0) {
pem += keydata.substring(0, 64) + '\n';
keydata = keydata.substring(64);
}
pem = pem + "-----END PUBLIC KEY-----";
return pem;
}
// Generate new keypair.
window.crypto.subtle.generateKey({ name: "ECDSA", namedCurve: "P-384" }, true, ["sign", "verify"])
.then(function(keypair) {
// Encode as UTF-8
var enc = new TextEncoder('UTF-8'),
digest = enc.encode(source);
// Sign with subtle
window.crypto.subtle.sign({ name: "ECDSA", hash: {name: "SHA-1"} }, keypair.privateKey, digest)
.then(function(signature) {
signature = new Uint8Array(signature);
// Extract r & s and format it in ASN1 format.
var signHex = Array.prototype.map.call(signature, function(x) { return ('00' + x.toString(16)).slice(-2); }).join(''),
r = signHex.substring(0, 96),
s = signHex.substring(96),
rPre = true,
sPre = true;
while(r.indexOf('00') === 0) {
r = r.substring(2);
rPre = false;
}
if (rPre && parseInt(r.substring(0, 2), 16) > 127) {
r = '00' + r;
}
while(s.indexOf('00') === 0) {
s = s.substring(2);
sPre = false;
}
if(sPre && parseInt(s.substring(0, 2), 16) > 127) {
s = '00' + s;
}
var payload = '02' + length(r) + r +
'02' + length(s) + s,
der = '30' + length(payload) + payload;
// Export public key un PEM format (needed by node)
window.crypto.subtle.exportKey('spki', keypair.publicKey)
.then(function(key) {
var pubKey = pubKeyToPEM(key);
console.log('This is pubKey -> ', pubKey);
console.log('This is signature -> ', der);
});
// For test, we verify the signature, nothing, anecdotal.
window.crypto.subtle.verify({ name: "ECDSA", hash: {name: "SHA-1"} }, keypair.publicKey, signature, digest)
.then(console.log);
});
});
In node:
const crypto = require('crypto');
// ----------------------------------------------------------------------------
// Paste from browser!
var puKeyPem = '-----BEGIN PUBLIC KEY-----\n' +
'MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmDubwJuORpMMoMnvv59W8tU8PxPChh75\n' +
'vjlfVB2+tPY5KDy1I0ohz2US+2K1T/ROcDCSRAjyONRzzwVBm9S6bqbk3KuaT2KG\n' +
'ikoe0KLfTeQtdEUyq8J0aEOKRXoCJLZq\n' +
'-----END PUBLIC KEY-----';
var hexSign = '306402305df22aa5f4e7200b7c264c891cd3a8c5b4622c25872020832d5bb3d251773592020249a46a8349754dc58c47c4cbb7c9023053b929a98f5c8cccf2c1a4746d82fc751e044b1f76dffdf9ef73f73bee1499c5e20aadddda41e3373760b8b0f3c1bbb2';
// ----------------------------------------------------------------------------
var verifier = crypto.createVerify('sha1'),
digest = 'test';
verifier.update(digest);
verifier.end();
console.log(verifier.verify(puKeyPem, hexSign, 'hex'));
// ----------------------------------------------------------------------------
Now you can generate compatible (nodejs vs webcrypto) keys and signatures without modifying them. The following example is for RSA, but ECDSA should be very similar - the essence is in the types/formats/encodings.
Generate key pair (nodejs):
const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: {
type: 'spki',
format: 'der'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'der'
}
});
console.log('PRIVATE', Buffer.from(privateKey).toString('base64'));
console.log('PUBLIC', Buffer.from(publicKey).toString('base64'));
Sign message (nodejs):
const signature = crypto.sign(
'sha256',
Buffer.from('The quick brown fox jumps over the lazy dog', 'utf8'),
{
key: crypto.createPrivateKey({
key: Buffer.from('...base64 encoded private key', 'base64'),
format: 'der',
type: 'pkcs8'
}),
padding: crypto.constants.RSA_PKCS1_PADDING,
dsaEncoding: 'ieee-p1363'
}
);
console.log('SIGNATURE', signature.toString('base64'));
Verify message (webcrypto) - You have to alter the Buffer functions in vanilla js:
(async () => console.log(await crypto.subtle.verify(
{ name: 'RSASSA-PKCS1-v1_5' },
await crypto.subtle.importKey(
'spki',
Buffer.from('...base64 encoded public key', 'base64'),
{ name: 'RSASSA-PKCS1-v1_5', hash: {name: 'SHA-256'} },
false,
[ 'verify' ]
),
Buffer.from('...base64 encoded signature', 'base64'),
Buffer.from('The quick brown fox jumps over the lazy dog', 'utf8')
)))();

NodeJS Decrypt des3 Unicode

I have the following snippet of code
var crypto = require("crypto");
var iv = new Buffer('d146ec4ce3f955cb', "hex");
var key = new Buffer('dc5c3319dc25c1f6f11f6a792a6dd28864c9dd48be26c2e4', "hex");
var encrypted = new Buffer('6A57201D19B07ABFAE74B453BA46381C', "hex");
var cipher = crypto.createDecipheriv('des3', key, iv);
var result = cipher.update(encrypted);
result += cipher.final();
console.log("result: " + result);
The result is "password"
This snippet works great for ASCII based words.
However, I have some unicode passwords.
So for instance this is Pi:
UU__3185CDAA15C1CDED
I have tried using this value, plus the removal of the "UU__" but no gain.
I also tried something like this for the encrypted data:
var encrypted = new Buffer('UU__3185CDAA15C1CDED', "utf16le");
and
var result = cipher.update(encrypted, 'ucs2');
but no go..
I get the following error
Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decr ypt
at Error (native)
at Decipheriv.Cipher.final (crypto.js:202:26)
at Object.<anonymous> (/Users/miker/Local Projects/rec10_decryption/server2.js:14:18)
at Module._compile (module.js:460:26)
at Object.Module._extensions..js (module.js:478:10)
at Module.load (module.js:355:32)
at Function.Module._load (module.js:310:12)
at Function.Module.runMain (module.js:501:10)
at startup (node.js:129:16)
at node.js:814:3
Any assistance would be greatly appreciated.
Dropping the UU_ prefix and using this code works for me:
var crypto = require('crypto');
var iv = new Buffer('d146ec4ce3f955cb', 'hex');
var key = new Buffer('dc5c3319dc25c1f6f11f6a792a6dd28864c9dd48be26c2e4', 'hex');
var encrypted = new Buffer('3185CDAA15C1CDED', 'hex');
var cipher = crypto.createDecipheriv('des3', key, iv);
var result = Buffer.concat([
cipher.update(encrypted),
cipher.final()
]).toString('ucs2');
console.log('result: ' + result);
// outputs: result: Π
When you do result += cipher.final(), it's first converting result from a Buffer to a (utf8) string, and then appending cipher.final() converted from a Buffer to a (utf8) string. When you have multi-byte characters, this can cause data corruption if you have a character's bytes span across calls to .update() and .final(). Keeping them as Buffers, concatenating them as binary, and then converting the final concatenated result to a utf16 string will work and is much safer.

Resources