How to add RSA encryption to my ReactJS application?

Question

We're trying to encrypt some details on the client side ReactJS app using the RSA public key (to send it to the backend securely). However, We're just not able to find a suitable library that directly encrypts the message with the key using RSA.

We have been referring this article, But we're just not able to follow this.

Questions:

Are there any simplified libraries to use RSA in reactJS?
As per the article, we're trying to use EncryptJS. so, it says add the jsencrypt.min.js (minified) file in the static folder. (I hope this is the static folder after creating the build). How will we be able to use this ?
The post says, "Add it as a script using script tag in your react component". What does this mean? Do I have to add it in the index.html as a script? or somewhere in the component?

I don't know about reactJS but are you sure client-side JS encryption is the right answer to what you are trying to achieve ? When using HTTPS, TLS already protects what you're sending to the server. Could you elaborate a bit more on your goal ? — ShellCode, Feb 19 '21 at 15:06
Hey @ShellCode Sure. So we have a passcode on the client side that we want to encrypt. We'll be keeping the passcode on the client side for sometime once the user logs in. so We're planing to keep it in an encrypted form as it's only going to be used by the server (where it can be decrypted). So to hold it safely as long as it's kept on the client side, we wanted to encrypt it. — Raghav Mishra, Feb 19 '21 at 15:26
You want to protect it from what exactly ? If you send this encrypted passcode to the server, an attacker who steals this encrypted passcode could do it as well, even if he has no idea what's inside. In the end, stealing the encrypted-passcode or stealing the passcode itself is identical from an attacker POV. If what matters to you is to hide the value of the passcode, then using a hash (with a salt) would be more appropriate, no need to use RSA for that ! — ShellCode, Feb 19 '21 at 16:17
You're saying the client does not need access to this passcode, only the server. In that case the client should never have the passcode in the first place. Wherever the client gets it from should already encrypt it, and the client could then pass it to the server that could decrypt as necessary. (Also consider related attacks like replay in this case.) Even better if it doesn't go through the client at all if possible, but the question is missing all the relevant details to be answered. — Gabor Lengyel, Feb 19 '21 at 19:55

score 1 · Answer 1 · answered May 23 '23 at 19:58

Probably I am replying late but it may help others regarding encryption in React.

Just follow the steps:

create a JS file(jsencrypt.min.js) in public folder

Copy data from "https://github.com/travist/jsencrypt/blob/master/bin/jsencrypt.min.js" to the js file (jsencrypt.min.js) created in step 1.
add below code in encryption component to load jsencrypt.min.js

useEffect(() => {
const script = document.createElement("script");
script.src = "/asset/js/jsencrypt.min.js";
script.async = true;
document.body.appendChild(script); }, [1]);

In same component add below code to encrypt data

const encrypt = (message, publicKey) => {
const jsEncrypt = new JSEncrypt();
jsEncrypt.setPublicKey(publicKey);
return jsEncrypt.encrypt(message); }

you are done. Just call "encrypt" method created in step 4.

PS: Public key must be a string as mentioned below.

const publicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHJ95yqz7YDX7rdfgGx+fndwisu/6SeGkO0GtgiMCVBM8vGXf4MThAB7EI0FmEcfmg+c6QHIAW1IuAZzMQZg5kDBKw65v1gCM6JzeTaHhrqbY8HrSMhB86H2bNLAjIY2aIDG/6NMJmOMN57D2Ph8GfGOp3uYNdN0kSyMCcRekT4zjB++V5TRZNb4Gjg7EiDaU/cim3Fr/uX1EwO08Hn/EL8+ItjhfOvDi94kS3NOOHkJhvolxocyqCN2JP8H71G5CAlFhgvr/Go2aONyoO9NUKvRf0RDphZG671+tOAOuPT4H0Eoz3VTSJUFZqML/VExDmS4H7Dq9EK7ObZlSiLIpwIDAQAB"

Note: If it says that 'JSEncrypt' is not defined no-undef then restart your react server.

I'm seeing you're calling `jsEncrypt.encrypt` without passing any configurations. Is there a way to encrypt in jsEncrypt by settings the padding as `padding:crypto.constants.RSA_PKCS1_OAEP_PADDING` and OAEP as `oaepHash:'sha256',` with a public key length of 4096? — D. Rattansingh, Jul 03 '23 at 17:29
Hi @D.Rattansingh, JsEncrypt uses **"RSA/ECB/PKCS1Padding"** bydefault. I am not able to find a way to pass customize padding. Please refer: https://aviyel.com/post/444/rsa-encryption-in-react-native-and-decryption-in-node-server And [rsa-encryption-with-oaep-between-java-and-javascript](https://stackoverflow.com/questions/55525628/rsa-encryption-with-oaep-between-java-and-javascript) — Rishabh Kabra, Jul 06 '23 at 11:57
I got it working, I used `crypto.constants.RSA_PKCS1_PADDING`. Do you know if `JSEncrypt` could generate or encrypt with keys that has a passphase? — D. Rattansingh, Jul 06 '23 at 13:39
I'm sorry, haven't done any research on this. I had requirement to just encrypt and decrypt data using RSA. — Rishabh Kabra, Jul 06 '23 at 13:53

score 0 · Answer 2 · edited Oct 07 '21 at 04:44

0

I also faced the same issue. Just importing JSEncrypt from jsencrypt was throwing JSEncrypt is not a constructor error in browser. In the end I followed the same article you're referring to, and now I'm able to encrypt the data.

What we need to do here is just create a new file named jsencrypt.min.js at any location, and copy the contents from git repository.

Now all you need to do is add a script tag in your index.html file and refer to this file in the tag.

<script src="/your_file_location"></script>

Then just restart the application. And it should work.

edited Oct 07 '21 at 04:44

Tuan Dao

2,647
1
10
20

answered Oct 06 '21 at 21:41

Vikas Gupta

1
1

1

I'm also referring to that article but whenever I'm trying to copy the function encryptMessage in my component it shows me that "'JSEncrypt' is not defined", can you help me? – streak Oct 29 '21 at 16:07
Having the same problem, haven't found a solution yet tho... – orc13a Nov 04 '21 at 08:27

How to add RSA encryption to my ReactJS application?

2 Answers2