RSA communication between Javascript and Python

Question

I am working on a prototype, so it needs to use RSA between a Chrome Extension and a Python Server.

So far I was planning on using https://sourceforge.net/projects/pidcrypt/ and https://www.dlitz.net/. However, while I can get decrypt and encrypt to work as per the documentation, I cannot get one to decrypt each other's message.

Can someone please, either suggest libraries that interoperate or let me know if I am doing something wrong with this libraries?

From what I worked out, pidder uses RSA PKCS#1 encryption-style padding (type 2). From googling, I sort of worked out that it is the type that PyCrypto calls PKCS1_OAEP. I am not too sure, but I have tried the standard and the other one two.

Help would be really appreciated!

score 3 · Accepted Answer · answered May 30 '13 at 11:48

The Javascript library (pidCrypt) uses PKCS#1 v1.5 for RSA encryption, not OAEP.

That is supported by PyCrypto (see here). This is the example for encryption:

from Crypto.Cipher import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA

message = 'To be encrypted'
h = SHA.new(message)

key = RSA.importKey(open('pubkey.der').read())
cipher = PKCS1_v1_5.new(key)
ciphertext = cipher.encrypt(message+h.digest())

And decryption:

from Crypto.Hash import SHA
from Crypto import Random

key = RSA.importKey(open('privkey.der').read())

dsize = SHA.digest_size
sentinel = Random.new().read(15+dsize)      # Let's assume that average data length is 15

cipher = PKCS1_v1_5.new(key)
message = cipher.decrypt(ciphertext, sentinel)

digest = SHA.new(message[:-dsize]).digest()
if digest==message[-dsize:]:                # Note how we DO NOT look for the sentinel
     print "Encryption was correct."
else:
     print "Encryption was not correct."

Note that PKCS#1 v1.5 encryption scheme is know to be badly broken.

You can use forge for the JS side, it supports OAEP: https://github.com/digitalbazaar/forge#rsa — dlongley, Jul 15 '13 at 04:41
@dlongley Can you please give a reference of implementation? — Tejas Sherdiwala, Feb 10 '17 at 15:32

score -3 · Answer 2 · answered May 29 '13 at 21:22

-3

Would it be possible to use a HTTPS ajax connection instead? That way, you have end to end encryption without needing to worry about it yourself.

answered May 29 '13 at 21:22

Blutack

355
1
3

As I stated in the question, no. I am tunnelling through another server so part of the message needs to be encrypted so the second server can verify it. – unixsnob May 29 '13 at 21:35
You could try these two ports of libsodium/NaCL: https://github.com/tonyg/js-nacl & https://github.com/dstufft/pynacl. They may interoperate although I've never used either. – Blutack May 29 '13 at 21:46

RSA communication between Javascript and Python

2 Answers2

Linked