1

I am stuck into a task where I want to Encrypt the user password with RSA public key into Angular 7 and same decrypt with private key into C# Please help me into this task Many many thanks in advance.

VIVEK
  • 257
  • 1
  • 5
  • 18
  • 2
    Never encrypt a password, you should hash it. – PSK Feb 06 '19 at 09:15
  • How can I do that do you have some reference – VIVEK Feb 06 '19 at 09:17
  • Go through this question https://stackoverflow.com/questions/4181198/how-to-hash-a-password/10402129#10402129 – IMParasharG Feb 06 '19 at 09:17
  • Also, consider using SSL certificates – Samvel Petrosov Feb 06 '19 at 09:18
  • You should never store a password in plain text, therefore you should not be encrypting/decrypting a password to be able to do that comparison. As @PSK says, you hash a password and compare that hash against the hash you stored originally. – Neil Feb 06 '19 at 09:18
  • But I want to do this between two platforms Angular and .Net How can I do that in Angular – VIVEK Feb 06 '19 at 09:20
  • Hash the password and send it to .NET. Never encrypt a password. You hash it so you can't know what it is, when the user logs in, you has the password they give and see if it matches the one you have stored. – Prodigle Feb 06 '19 at 09:21
  • Do you have some angular reference where we can hash the password – VIVEK Feb 06 '19 at 09:26
  • @VIVEK https://auth0.com/blog/hashing-passwords-one-way-road-to-security/ – Chris Pickford Feb 06 '19 at 09:58
  • have a read of this, quite interesting and may help in the road to hashing the password https://security.stackexchange.com/questions/110948/password-hashing-on-frontend-or-backend – David Feb 06 '19 at 10:14
  • Why? I'm not sure what you want to achieve. If you want to make sure that no one who sees the http traffic is able to see the password, encryption doesn't help you at all. Because if I see the http traffic, I can just take the encrypted password and send it to your C# server (without knowing the password!). Your C# will decrypt, see the password is right and grant me access! The same is true for hashing, I can just send the hashed password and it will match. You can only prevent this by using HTTPS / SSL to encrypt all of the traffic in order to keep me from reading the http traffic. – dannybucks Feb 08 '19 at 10:00
  • "Never encrypt a password, you should hash it." In 99% of the cases: I agree. If you need to store a password for sending e-mails in the name of a customer when the customer is offline, that could be an exception. You need the password to authenticate and there is no user to type it in for you. – Arjan May 21 '21 at 20:44

2 Answers2

2

Here are some Link which are help full in this task:

Below libs are helpful in generating RSA Asymmetric Encryption:(Angular)

node-rsa: https://www.npmjs.com/package/node-rsa
quick-encrypt: https://www.npmjs.com/package/quick-encrypt
asymmetric-crypto: https://www.npmjs.com/package/asymmetric-crypto
VIVEK
  • 257
  • 1
  • 5
  • 18
0

node-forge can be used at angular

 import * as Forge from 'node-forge';

 encryptWithPublicKey(valueToEncrypt: string): string {
  
    const rsa = Forge.pki.publicKeyFromPem(this.publicKey);
    const encryptedBytes = rsa.encrypt(valueToEncrypt.toString(),'RSAES-PKCS1-V1_5');
    return window.btoa(encryptedBytes)
  }
}
Thân LƯƠNG Đình
  • 3,082
  • 2
  • 11
  • 21
Aneeq Rehman
  • 11
  • 2