I want to encrypt text with RSA using Public.pem and private.pem
I generated these files with openssl
openssl genrsa -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem
I need to encrypt the text in javascript (I use this Library) only for encryption.
This text in base64 is sent to the server in C#, I use RSACryptoServiceProvider, but I only saw that is possible load public key with:
RSAParameters RSAParams = RSA.ExportParameters(false);
RSAParams.Modulus = privateKey;
RSA.ImportParameters(RSAParams);
But I need use my own private.pem file to decrypt my text and use it after.
How can I make this?
Related
I'm trying to create a Postman pre-request script that will hash the request. I am able to use a bash script to do this using this command
SIG=$(echo -n ${CONTENT} | openssl dgst -sha1 -hmac ${PRIVATE_KEY} -binary | openssl enc -base64)
So far I have been unable to replicate this using CryptoJs to do the same, does anyone know how this can be done?
This is what I have tried
CryptoJS.HmacSHA1(CONTENT, pm.environment.get(PRIVATE_KEY)).toString(CryptoJS.enc.Base64)
I use the following set of openssl commands to generate client certificate
# create key
openssl genrsa -out client.key -aes256 -passout pass:password 2048
# create client certificate request
openssl req -new -key client.key -out client.csr -subj '/C=UA/O=MyCompany/CN=MyName/emailAddress=test#example.com' -passin pass:password
# Sign client certificate request with intermediate CA private key
openssl x509 -req -in client.csr -CA interm_cert.pem -CAkey interm_key.pem -CAcreateserial -CAserial intermediateCA.srl -extensions usr_cert -extfile openssl.conf -out client.crt -days 3650 -sha256 -passin pass:password
# generate client pfx
openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt -certfile interm_cert.pem
# convert to pem
openssl pkcs12 -in client.pfx -out client.pem -nodes
Now, I need to replicate that using jsrsasign library. Yes, I can easily create key pair using KUTIL.generateKeypair and certificate signing request, but this is as mach as I could figure out so far, using the library reference
Any help is greatly appreciated
i try import my pem key to Google KMS(with hsm support). I have google guide how it create with openssl:
Wrap the key
Generate a temporary random AES key that is 32 bytes long.
openssl rand -out temp_aes_key.bin 32
Wrap the temporary AES key with the wrapping public key using CKM_RSA_PKCS_OAEP.
openssl rsautl -encrypt
-pubin -inkey wrap_pub_key.pub
-in temp_aes_key.bin
-out temp_aes_key_wrapped.bin
-oaep
Wrap the target key with the temporary AES key using CKM_AES_KEY_WRAP_PAD.
openssl enc -id-aes256-wrap-pad -K $( hexdump -v -e '/1
"%02x"' < "temp_aes_key.bin" ) -iv A65959A6 -in my_key.pem
-out target_key_wrapped.bin
Note the use of -iv A65959A6 sets A65959A6 as the Alternate Initial Value as required by the RFC 5649 specification.
I have wrap_pub_key.pub and my_key.pem, where wrap_pub_key.pub:
-----BEGIN PUBLIC KEY-----
...........key...........
-----END PUBLIC KEY-----
How to programm this steps in nodeJs with cryto lib(without openssl)?
I think you are following this guide I'm not familiar with NodeJs, however I found the next documentation that It could be helpful,
I found the github repo list of each language supported for the Cloud Platform services/APIs!
I think that you can start with this available examples
If you need more details you can use these references:
Google KMS Node.js io Samples
KMS Node.js Client Library
Finally I understand that when you import this kind of key you need to choose a key wrapping algorithms
I hope you find this information helpful
I'm trying to encrypt a long UTF-8 encoded string using the aes-256-ecb cipher via node.js's built in crypto library. Bellow are my encryption code written tested in node.js (v0.10.24) and corresponding output and decryption command for OpenSSL (OpenSSL 1.0.1 14 Mar 2012) command line.
Encryption using node.js
var crypto = require('crypto');
var cipher = crypto.createCipher('aes-256-ecb','password');
var plaintext = [
'this is a very long long long long long long',
'long long long long long long long long long',
'long long long long long long string!!!!!!!!'
].join('')
console.log(cipher.update(plaintext,'utf8', 'base64') + cipher.final('base64'))
Output
XBnU6WZ9wr2GdA1YWZVhsG+mHQ0xlXXc8rAFEud6I/PqfFZL6Pdit7Sm8v+ViKNZmhgTzi7zfg8GHKFntkCDuj6F54TDaWKAdJRftLP9I+22jiKRvYtpD4SDV2oIy93MM5IMbSoBRvXayNF8H9FQnhACM5MHhHX1pLiR4yCg/l6iHH2BDLrwCSifGcGCaQYx
Decrypting using OpenSSL
echo -n 'XBnU6WZ9wr2GdA1YWZVhsG+mHQ0xlXXc8rAFEud6I/PqfFZL6Pdit7Sm8v+ViKNZmhgTzi7zfg8GHKFntkCDuj6F54TDaWKAdJRftLP9I+22jiKRvYtpD4SDV2oIy93MM5IMbSoBRvXayNF8H9FQnhACM5MHhHX1pLiR4yCg/l6iHH2BDLrwCSifGcGCaQYx' | openssl enc -d -aes-256-ecb -nosalt -a -pass pass:password
Output
bad decrypt
3074361544:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
Which one is wrong; my encryption or decryption? And how can I make them compatible with one another?
In the openssl command you should use -A option to base64 process the data on one line.
openssl enc -d -aes-256-ecb -nosalt -a -A -pass pass:password
I have an encrypted message created with this openssl command:
openssl enc -aes-256-cbc -salt -in plaintext.txt -out cipher.enc
I've tried CryptoJS and this aes library to decrypt it following the examples. All I get out is gibberish. My quess is that the decryption fails because I don't know how to tell the javascript decryption that the cipher is salted or because it's in "cbc-mode". CryptoJS looks more flexible so it might very well work. But what kind of parameters should I feed it?
Note: this is running in a browser, not in node.js
I put "Message" in a file using:
echo -n "Message" > plaintext.txt
Then I used your example, and password as my password
openssl enc -aes-256-cbc -salt -in plaintextut cipher.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
Then I needed the Base64 version of cipher.enc
cat cipher.enc | base64
U2FsdGVkX1/oA4O+uXXBXAjAenRJwpUV4UqQp4aYCpk=
Lastly, this is the CryptoJS that worked for me:
var dec = CryptoJS.AES.decrypt("U2FsdGVkX1/oA4O+uXXBXAjAenRJwpUV4UqQp4aYCpk=", "password");
var plaintext = CryptoJS.enc.Latin1.stringify(dec);