typescript Windows暗锁:如果我们使用“RSASSA-PKCS 1-v1_5”算法生成公共私钥,我们如何使用加/解密方法?

kuarbcqp  于 2023-01-31  发布在  TypeScript
关注(0)|答案(2)|浏览(481)

我想使用相同的公钥-私钥在代码级别进行加密/解密,并想将加密数据与我的公钥一起发送到后端,我将公钥附加到我的JWT AUTH令牌中。因此,如果可能的话,请帮助我使用该方法进行加密/解密,因为由于可重用性,我无法更改此代码

const keyDetails = await window.crypto.subtle.generateKey(
          {
              name: 'RSASSA-PKCS1-v1_5',
              modulusLength: 2048, 
              publicExponent: new Uint8Array([1, 0, 1]),
              hash: { name: 'SHA-256' }, 
          },
          true, 
          ['verify', 'sign'] 
      );

我试过了,但出错了。
此外,我还希望使用导出的公钥和私钥,我正在使用这种方法
x一个一个一个一个x一个一个二个一个x一个一个三个一个

31moq8wy

31moq8wy1#

RSASSA-PKCS 1-v1_5是在签名/验证期间应用的填充。它不能用于加密/解密。加密/解密的填充是RSAES-PKCS 1-v1_5,但WebCrypto API不支持它。WebCrypto仅支持RSAES-OAEP进行加密/解密。有关详细信息,请参阅RFC8017和WebCrypto API。
此外,导出的JWK密钥必须首先适用于加密/解密。然后,必须先导入密钥,然后才能将其用于加密/解密。
下面的示例说明了这一点:首先生成RSASSA-PKCS 1-v1_5签名/验证的密钥对,两个密钥都导出为JWK,然后调整key_opsalg参数,修改后的密钥重新导入,用于RSAES-OAEP加解密:

(async () => {

// Generate
const keyDetails = await window.crypto.subtle.generateKey(
    {
        name: 'RSASSA-PKCS1-v1_5',
        modulusLength: 2048, 
        publicExponent: new Uint8Array([1, 0, 1]),
        hash: { name: 'SHA-256' }, 
    },
    true, 
    ['verify', 'sign'] 
);
console.log(keyDetails)

// Export
const publicKey = await window.crypto.subtle.exportKey('jwk', keyDetails.publicKey);
const privateKey = await window.crypto.subtle.exportKey('jwk', keyDetails.privateKey);
console.log(publicKey)
console.log(privateKey)

// Adapt parameters and import
publicKey.key_ops = ['encrypt'];
privateKey.key_ops = ['decrypt'];
publicKey.alg = 'RSA-OAEP-256';
privateKey.alg = 'RSA-OAEP-256';
const publicKeyReloaded = await window.crypto.subtle.importKey("jwk", publicKey, {name: "RSA-OAEP", hash: {name: "SHA-256"}}, true, ["encrypt"]);    
const privateKeyReloaded = await window.crypto.subtle.importKey("jwk", privateKey,{name: "RSA-OAEP", hash: {name: "SHA-256"}}, true, ["decrypt"]);    
console.log(publicKeyReloaded)
console.log(privateKeyReloaded)

// Encrypt/Decrypt
const enc = new TextEncoder();
const encodedText = enc.encode("testing 1234");
const encryptedText = await window.crypto.subtle.encrypt({name: "RSA-OAEP"}, publicKeyReloaded, encodedText)
console.log(ab2b64(encryptedText));
const dec = new TextDecoder();
const decryptedText = await window.crypto.subtle.decrypt({name: "RSA-OAEP"}, privateKeyReloaded, encryptedText)
console.log(dec.decode(decryptedText));

// Helper
function ab2b64(arrayBuffer) {
    return window.btoa(String.fromCharCode.apply(null, new Uint8Array(arrayBuffer)));
}

})();

请注意,一般来说,相同的密钥对实际上应该用于签名/验证或加密/解密,而不是同时用于两者,请参见here
WebCrypto API通过将密钥的用途绑定到它来提供一些防止这种滥用的保护(然而,如上所述,这种保护很容易被绕过)。

92vpleto

92vpleto2#

好了,答案已经提供了@topaco.现在我只想在这里添加一个方法.如果有人想加密和解密敏感数据的帮助下[JSON Web加密-密文] JOSE npm lib.与公共/私人密钥,这是生成的签名/验证只!

const jose = require('jose'); // npm i jose
async encryptDecryptLogic(data: string): Promise<any>{

    const keyDetails = await window.crypto.subtle.generateKey(
          {
              name: 'RSASSA-PKCS1-v1_5',
              modulusLength: 2048, 
              publicExponent: new Uint8Array([1, 0, 1]),
              hash: { name: 'SHA-256' }, 
          },
          true, 
          ['verify', 'sign'] 
      );

       // updating operation from sign-varify to encrypt-decrypt.
       // As that private/ public key is generated for sign and verification purposes only but here we extended its purpose. So we need to update a few properties to do encryption/decryption

        publicKey.key_ops = ['encrypt'];
        privateKey.key_ops = ['decrypt'];

        // updating algo from sign-varify[RS256] to encrypt-decrypt[RSA-OAEP]
        // Defines the algorithm used to encrypt the Content Encryption Key (CEK). This MUST be set to “RSA-OAEP”.

        publicKey.alg = 'RSA-OAEP';
        privateKey.alg = 'RSA-OAEP';

 const encodedText =  await this.jose.jwe.encrypt(publicKey, "lets encrypt me!!")
        console.log('encodedText', encodedText);

 const decodedText =  await this.jose.jwe.decrypt(privateKey, encodedText)
        console.log('decodedText', decodedText);
}

相关问题