0

I am attempting to implement simple public key cryptography with this library's RSA functions, but decryption seems to be broken.

I have two "users", Alice and Bob. Both Alice and Bob (code in separate files) create a new empty key via const key = new nodeRSA(). Then, they both generate a 2048 bit public and private key pair via the function key.generateKeyPair(2048). They both then give each other their public keys by exporting them from the key with key.exportKey('pkcs8-public-pem') and storing them into separate files and reading them in with fs. Alice then attempts to write a message to bob by passing both the string message and bob's public key into the function below

module.exports.writeMessage = (message, key) => {
    const k = new rsa(key, 'pkcs8-public-pem')
    const cipherText = k.encrypt(message, 'hex');
    console.log('Saving "${cipherText}" to ctext.txt');
    fs.writeFileSync('ctext.txt', cipherText);
};

Then, when bob goes to read the message, he passes in his full key and decodes the message from ctext.txt as shown in the function below

module.exports.readMessage = key => {
    const encryptedMessage = fs.readFileSync('ctext.txt');
    const message = key.decrypt(encryptedMessage, 'utf8');
    return message;
};

Encryption works just fine, and Alice is able to send the ciphertext to ctext. The problem comes when bob calls the readMessage function and attempts to decipher the text. Both the Alice and Bob programs were activated and their keys remained unchanged throughout this process. The below error occurs on deciphering:

Error: Error during decryption (probably incorrect key). Original error: Error: Incorrect data or key
    at NodeRSA.module.exports.NodeRSA.$$decryptKey (/Users/jisacf1/College/SeniorYear/Spring2019/CompSec/HW3/node_modules/node-rsa/src/NodeRSA.js:301:19)
    at NodeRSA.module.exports.NodeRSA.decrypt (/Users/jisacf1/College/SeniorYear/Spring2019/CompSec/HW3/node_modules/node-rsa/src/NodeRSA.js:249:21)
    at Object.module.exports.readMessage.key [as readMessage] (/Users/jisacf1/College/SeniorYear/Spring2019/CompSec/HW3/Part2/rsaReadWrite.js:7:25)
    at inquirer.prompt.then (/Users/jisacf1/College/SeniorYear/Spring2019/CompSec/HW3/Part2/bob.js:42:43)
    at processTicksAndRejections (internal/process/next_tick.js:81:5)

I really cannot see how the system thinks it is the incorrect key, since Alice encrypted the message using Bob's public key, and Bob is decoding the message using is private key. I've tried changing padding schemes to no avail as well. Any help would be appreciated greatly. For reference, the library's github is here: https://github.com/rzcoder/node-rsa

an0n1234
  • 13
  • 3
  • After removing the file writing capability and performing the process above inline, I am able to decode. So how could writing and reading the cipher text to/from a file change things? – an0n1234 Feb 20 '19 at 06:13
  • You might be interested in reading [this](https://stackoverflow.com/q/43487543/589259). It seems like `writeFileSync` defaults to UTF-8. To be honest, the API designer that forgot to include any reference to writing text instead of binary in the function name should be getting a pretty good beating with a clue-stick (in my opinion, we'd run out of clue-sticks when it comes to JS, but again, that's just my opinion). – Maarten Bodewes Feb 20 '19 at 12:05
  • Note that RSA encryption is only useful for small messages. You may want to take a look at implementing a *hybrid cryptosystem* which e.g. encrypts the message using AES-GCM and a random key, and then uses RSA-OAEP. – Maarten Bodewes Feb 20 '19 at 12:09

1 Answers1

0

As mentioned by Maarten, the issue was that writeFileSync was encoding my cipher text in utf8 rather than the format the cipher text was in. This resulted in reading back incorrect cipher text, causing the key or data mismatch exception. Changing the default encoding for the function to hex solved the issue.

an0n1234
  • 13
  • 3