1

I tried to decrypt a string encrypted with a publicKey on the server using Node-RSA in my React Native app with the privateKey using the same Node-RSA lib, it takes about 2-3 secs to decrypt a simple object containing only userId and iat.

const privKey = new NodeRSA(dKey);
let base64 = privKey.decrypt(payload, 'utf8');
return jwt_decode(base64);

the second instruction usual takes too long to execute, what could I be missing out.

Eddie
  • 31
  • 1
  • 5
  • 1
    What's the bit length of the key you are using? Try using a 512 or 1024 bit key for quicker decryption. – Nitish Anand Apr 08 '22 at 07:12
  • @NitishAnand - Probably faster, but for sure insecure (recommended RSA key sizes today >= 2048 bits). – Topaco Apr 08 '22 at 07:58
  • @Topaco - There is always a trade-off, you just have to find that sweet spot. I suggest even trying AES for quicker decryption. – Nitish Anand Apr 08 '22 at 09:57
  • @NitishAnand - Before using a 512 bits key, I would rather try another library. Symmetric and asymmetric encryption cover different topics. Therefore, AES would only be a solution if the OP's requirements allow this (which of course may be, this is not clear from the question). – Topaco Apr 08 '22 at 10:40
  • @Topaco I tried some other libs (react-native-rsa-native) but after spending so much time trying to resolve dependencies to work, I started experiencing run-time errors as for the latter, my superiors recommended asymmetric encryption but with this experience, I wanted to know why, or if its peculiar to just the Node-RSA , – Eddie Apr 08 '22 at 11:02
  • The performance of RSA decreases with the key size. So the larger the key, the worse the performance, see [here](https://stackoverflow.com/a/1569557) (but quite old). On the other hand, you can't choose an arbitrarily small key because the security decreases with the key size. Today, keys >= 2048 bits should be used. – Topaco Apr 08 '22 at 11:55
  • Since you didn't post your key size, it's hard to compare. For a 2048 bits key, decryption with Node-RSA is typically in the low double-digit millisecond range for me, while key generation is in the single-digit second range, s. [here](https://replit.com/@3hK8cL8H24hwiS7/NewFragrantMemwatch). Your high decryption values seem to be more of a problem with your environment. – Topaco Apr 08 '22 at 12:03
  • Thanks alot @Topaco, I went through the link you shared and got more insight into the cause of my challenge. Also my test device is a mobile device and I was able to access node crypto and other necessary dependencies using browserify for it to work. – Eddie Apr 08 '22 at 12:17

0 Answers0