Encrypt in nodeJS and Decrypt in Javascript

Question

I am encrypting text in node JS by using node-RSA and passing it to client(javascript), in which JSEncrypt library is using,but all the time the decrypted message is coming null. Public key and private Key is developing on nodeJS server, encrypting with Public key and decrypting on javascript side with Private Key .

This is not happening right!!!!

Can anyone tell which library i should use in javascript to decrypt the message coming from nodejs(using Node-RSA).OR any other IDEA!!

We are already using HTTPS but our use case is such that we have a broker between it.. and its not trusted broker, and we are forced to use it.. so we would like to use encryption decryption.. Although we have trusted people in our client side, so we are decrypting at client side.

Why do not you just use HTTPS? Your solution implies security risks: How are you going to send/store the private key in the browser? Are you going to use plain HTTP ? — pedrofb, Mar 21 '17 at 13:19
We are already using HTTPS but our use case is such that we have a broker between it.. and its not trusted broker, and we are forced to use it.. so we would like to use encryption decryption.. Although we have trusted people in our client side, so we are decrypting at client side. — striker0794, Mar 21 '17 at 13:23
This is an important clarification. But if the broker is not trusted, you can not send the private key to client because broker could sniff the network. is that so? — pedrofb, Mar 21 '17 at 13:32
We have generated public and private key once and we are using the same for some couple of months — striker0794, Mar 21 '17 at 13:44
I do not mean that. Is the broker acting as a proxy between client and server and is monitoring the HTTPS traffic (providing its SSL certificate)? If your broker can do this, then sending a private key from server to client is not secure at all, because broker can get it. If your broker can not do this, then you do not need to add encryption because https protects the content. If your broker is not a proxy, then you may want to explain in more detail why https is not enough if you want a precise answer — pedrofb, Mar 21 '17 at 13:53
@pedrofb The problem is our server provide data to broker. Clients can talk with our server via broker only. So when client request for data from our broker, broker request the same data from our server and provides it back to the client that has requested that same data. So broker can see the data. So we have private key with the client and public key with our server. We encrypted the data with public key, now the broker is forwarding that encrypted data but on client side we have the private key which fails to decrypt the data. — Kaushal Kumar Singh, Mar 21 '17 at 16:47
I see your point. 1) to solve the decryption issue we need to see the code and the errors and probably the key format 2) if you are not sure if your library is suitable, you can check forge,jsrasign or the built-in WebCryptographyApi 3) i suggest to use the asymmetric encryption to exchange an AES symmetric key. — pedrofb, Mar 21 '17 at 17:59
As pedrofb said, go with [forge](https://github.com/digitalbazaar/forge). It provides the same API for JS and node. This question is really off-topic by the way. — Artjom B., Mar 21 '17 at 18:52
You need to look into what version of PKCS #1 that the two algorithms are using. PKCS #1 V1.5 is different than PKCS #1 V2. I had discussions with a person [here](http://stackoverflow.com/questions/37175792/rsa-in-javascript-no-longer-supports-ascii-byte-arrays/37178566#37178566) about JavaScript RSA. Read the comments below the answer. There are not many choices out there. Consider a library such as [this](http://www.ohdave.com/rsa/). — TheGreatContini, Mar 21 '17 at 20:50
Looking more into this, jsencrypt is not going to interoperate with anything because of the [UTF-8 shenanigans](https://github.com/travist/jsencrypt/blob/master/lib/jsbn/rsa.js#L40) that they have put in the code. If you really wanted to use it, then you could base64 encode the content that you need encrypted before sending it into JSEncrypt, but if these guys implemented the software properly, you would not need to. It's a shame that people don't follow standards. — TheGreatContini, Mar 21 '17 at 21:09

score 1 · Answer 1 · answered May 31 '17 at 09:45

1

I used CryptoBrowserify to encrypt at javascript (client side)

import CryptoBrowserify from 'crypto-browserify';
 public encryptStringWithRsaPublicKey(data: string, publicKey: string): string {
       var encrypted = CryptoBrowserify.publicEncrypt( publicKey,new Buffer(data));
       return encrypted.toString('Base64');
   }

And crypto to dedcrypt at Nodejs

decrypt = function(privateKey, data) {
      var crypto = require('crypto');
        var buffer = new Buffer(data, 'base64');
        var decrypted = crypto.privateDecrypt(privateKey, buffer);
        return decrypted.toString('utf8')

  };

answered May 31 '17 at 09:45

Nguyen Huynh

523
4
6

I'm trying to achieve similar thing, but not working.I'm encrypting Pswd on client end, then the decrypt on NodeJS not working. **Javascript:** var user_pswd = CryptoJS.AES.encrypt('encryptMe', 'my secret'); **NodeJS** var crypto = require('crypto'); console.log("post req.body: ", req.body.un); // this shows encrypted message var decipher = crypto.createDecipher('aes', 'my secret'); var dec = decipher.update(req.body.un, 'hex', 'utf8'); dec += decipher.final('utf8'); console.log('Decrypted Username: ', dec); No output appears and programs just jams. – Nah Sep 20 '17 at 04:19
1

You are using AES not RsA. For AES, I think CryptoJS should work at client and server side. These sample code just work RSA – Nguyen Huynh Sep 23 '17 at 10:35
Yes you are right. I already have sorted out in same way (because I had no other option). Your answer is correct. – Nah Sep 24 '17 at 11:43

score -1 · Answer 2 · answered Mar 21 '17 at 12:50

-1

Nodejs has its builtin cryto library,it is optimized and tested, recommend to use that: https://nodejs.org/api/crypto.html

answered Mar 21 '17 at 12:50

Xin

33,823
14
84
85

The issue is that OP wants to interop with plain JavaScript which doesn't have the crypto module. I also doubt that the crypto module provides all the functionality that OP needs such as key generation. – Artjom B. Mar 21 '17 at 18:50

Encrypt in nodeJS and Decrypt in Javascript

2 Answers2