It doesn't work in IE 9 and older browsers because atob() is only supported from IE 10.

To make it working in old versions of Internet Explorer I replaced atob() in jsencrypt.js with another base64 function.

To fix it, I used base64.js by Chris Veness from http://www.movable-type.co.uk/scripts/base64.js which I loaded it in the header of HTML page as:

Then, in jsencrypt.js I replaced following string:
str = atob(str);
with the following string:
str = Base64.decode(str);

I have a pubic key such as
4KXgatY/EqROEtvVcDt5qTcM8i2hP8JvpH6KN7HoZjHVJtfXaXW8c/sfJGZWrqdbogwFXVR/HxTscXWE1SeHay2QsGhkpEDV7YF7R9vyDIvWOd/2AXwcszjxB9swLQEjcSP7lLqQ226MhDah8rsSPljJ9FYNfGW6K2PxP+mqDf0=
but can not sign any string with this key ,the key is generated with a rsa key util,thanks.

Currently the library only supports keys of 1024 bit length. It would be great if it could also support 2048 and 4096 key lengths

Hello Travis,
I am using your code in the browser, and so far he did very well, congratulations.
But I'm struggling to encrypt a message with the private certificate, then decrypt the message using ONLY the public certificate.
Am I doing something wrong?
Thanks for support !
Fabrício Dias
[email protected]

//Private Cert
    var privKey = "";
    privKey += "-----BEGIN RSA PRIVATE KEY-----\n";
    privKey += "MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ\n";
    privKey += "WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR\n";
    privKey += "aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB\n";
    privKey += "AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv\n";
    privKey += "xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH\n";
    privKey += "m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd\n";
    privKey += "8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF\n";
    privKey += "z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5\n";
    privKey += "rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM\n";
    privKey += "V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe\n";
    privKey += "aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil\n";
    privKey += "psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz\n";
    privKey += "uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876\n";
    privKey += "-----END RSA PRIVATE KEY-----\n";

//Public Cert
    var pubKey = "";
    pubKey += "-----BEGIN PUBLIC KEY-----\n";
    pubKey += "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtN\n";
    pubKey += "FOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76\n";
    pubKey += "xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4\n";
    pubKey += "gwQco1KRMDSmXSMkDwIDAQAB\n";
    pubKey += "-----END PUBLIC KEY-----\n";

//Test - Public -> Private - ITS OK
    var txtPayload = 'This is a test! #1';
    var txtEncrypt = null;
    var txtDecrypt = null;
    var jsEncrypt = new JSEncrypt();
        jsEncrypt.setPublicKey(pubKey);
        txtEncrypt = jsEncrypt.encrypt(txtPayload);
    var jsDecrypt = new JSEncrypt();
        jsDecrypt.setPrivateKey(privKey);
        txtDecrypt = jsDecrypt.decrypt(txtEncrypt);
//Debug
    if ( txtPayload == txtDecrypt ) {
        alert('Public -> Private: It works!!!');
    } else {
        alert('Public -> Private: Something went wrong....');
    }
    console.log("Public -> Private");
    console.log("txtPayload: ", txtPayload);
    console.log("txtEncrypt: ", txtEncrypt);
    console.log("txtDecrypt: ", txtDecrypt);    
/**/

//Test - Private -> Public - ITS NOK
    var txtPayload = 'This is a test #2';
    var txtEncrypt = null;
    var txtDecrypt = null;
    var jsEncrypt = new JSEncrypt();
        jsEncrypt.setPrivateKey(privKey);
        txtEncrypt = jsEncrypt.encrypt(txtPayload);
    var jsDecrypt = new JSEncrypt();
        jsDecrypt.setPublicKey(pubKey);
        txtDecrypt = jsDecrypt.decrypt(txtEncrypt);
//Debug
    if ( txtPayload == txtDecrypt ) {
        alert('Private -> Public: It works!!!');
    } else {
        alert('Private -> Public: Something went wrong....');
    }
    console.log("Private -> Public");
    console.log("txtPayload: ", txtPayload);
    console.log("txtEncrypt: ", txtEncrypt);
    console.log("txtDecrypt: ", txtDecrypt);    
/**/

This file is missing on your server:
http://travistidwell.com/bin/jsencrypt.js

I am having a scenario where i want to secure the JSON data which i am sending and storing at the client side, and i also want that, that data should be protected, The way to protect this data i suppose is encryption of the data but because the decryption logic and key is also at the client side (to decrypt the encrypted JSON data).

So to protect it i was wondering if we can set something like expiration time of key,

The way i was thinking this is to work that if someone is encrypting the data with the key then encrypted data must have some intelligence that after a period of time this data cannot be decrypted with the key with which it was encrypted(or may be cannot be decrypted at all).

is it possible? i suppose yes , and i don't it is there in the library now.

so i am asking to all members to please provide this facility in this library, or if it is not possible(which i suppose is not) or is not gonna solve a problem please justify.

Thanks.

Which protocol this library use?

Hello, i try to do this:

client side
var crypt = new JSEncrypt();
crypt.setKey('-----BEGIN PUBLIC KEY-----YOUR PUBLIC KEY-----END PUBLIC KEY-----'); //You can use also setPrivateKey and setPublicKey, they are
both alias to setKey

//Eventhough the methods are called setPublicKey and setPrivateKey, remember
//that they are only alias to setKey, so you can pass them both a private or
//a public openssl key, just remember that setting a public key allows you to only encrypt.

var text = 'test';
// Encrypt the data with the public key.
var enc = crypt.encrypt(text);
alert(enc);

And the server side:

'use strict';

var fs = require('fs')
, ursa = require('ursa')
, crt
, key
, msg
;

key = ursa.createPrivateKey(fs.readFileSync('./rsapriv.pem'));

msg = 'oDdwc6sYZz1FxpFr/ZumS2rrgkUN38raevlj4iNLDZg6JcQkxB9ARXnhd+Jljx37xgoVcQ+rmDQZQLMVjsFOoSBGjuR+uDnY3V8u+8OQpcODMgNU1nFaqrgt34s904Djf6a9kxqO33CZWg2rCjM+XzA2SlfcH66CiBMhW0
CeB+pPxLN0Hx+pmSzla7+J1B3DG8/Nan9LltzZ8/RdHwks2icWylCbUvRadQamQDUKjhKfPSH4ITLAw9QjJy+qT+GyXvv9JDRBI2WocIcADDRqkJScpw20pJKEz6WC8cs8stSpNrSOebDIj3tnquo0yqa4Ok8AXzakk4lndtBZqPI
JBA==';

console.log('Decrypt with Private');
msg = key.decrypt(msg, 'base64', 'utf8');
console.log(msg);

Error:
return encodeBuffer(rsa.privateDecrypt(buf, padding), outEncoding);
^
Error: error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error
at Object.decrypt (/home/mari/node/jsencrypt/node_modules/ursa/lib/ursa.js:291:33)
at Object. (/home/mari/node/jsencrypt/server2.js:23:11)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:906:3

thank you

I seem to have problems using PHP to get it to work with this library.
I intend to do this:

1st - Generate a session wide Public-Private key pair. The public key is always available on the website and the private key will be kept in a session variable or server text file link to the session.
2nd - When a user gives out the password, jsencrypt will crypt the password with the public key and the server side will decrypt it.

Below is a test script i've made ( from http://php.net/manual/en/function.openssl-pkey-new.php )

header("Content-type: text/plain");
$sslconfig = array(
        "private_key_bits" => 1024,
        "private_key_type" => OPENSSL_KEYTYPE_RSA);

$res = openssl_pkey_new($sslconfig);
// Extract the private key from $res to $privKey
openssl_pkey_export($res,$_SESSION["ffar_kagi"]);

// Extract the public key from $res to $pubKey
$pubKey = openssl_pkey_get_details($res);
$_SESSION["ffar_kagip"] = $pubKey["key"];

echo $_SESSION["ffar_kagi"];
echo "\n\n------\n\n";
echo $_SESSION["ffar_kagip"];

Copying and pasting the code to this lib's demo, and then try to encrypt with it, gives me false, so I presume that I have something wrong with the php script above.
I'm not sure if I should use sha512 as the digest alg, so I went with MD digest which is the default for openssl_pkey_new().

Anyone has already tried this lib with PHP?
Thank you :)

Hi
thanks for your great wrapper! I found one use case that gives me a headache and can be reproduced like this:

var crypt = new JSEncrypt({default_key_size: 2048});
crypt.getPrivateKey()

I then paste the return value into a file and parse that file with gives me the following output (note the key size):

#~ openssl rsa -in pkey.key -text -noout
Private-Key: (2047 bit)
modulus:
[SNIP]

So openssl (and every other user of the key) finds this is a 2047 bit key. My workaround is using a default_key_size of 2049, I feel that we should look into this.

The same happens with a 1024 bit key (output is 1023 bit). Any ideas? Is this maybe expected?

Edit: I found out that if I try multiple times I get an 2048 bit key eventually

cheers,
i discovered that apple do some stuff what i can't realize.
what i've found out that iPhone 4 and iPod Touch 5 needs about 3m or hours to generate a keypair.
iPad Air needs 1m 30s

• now the good ones -
  MotoG Android 4.4.4. needs 21s
  Google Chrome on Windows Desktop needs 25s
  Samsung S2 needs 48s

now the question what does apple different as android/desktop???

here a js profile screenshot of a generation on iPhone 4 (generation needs 8m):

can someone help me please?

On line 123 of jsencrypt.js, the variable 'DV' appears to be a typo. Every other usage of DV treats it as a property ("this.DV" on lines 317, 344, etc).

Hey, maintainer(s) of travist/jsencrypt!

We at VersionEye are working hard to keep up the quality of the bower's registry.

We just finished our initial analysis of the quality of the Bower.io registry:

7530 - registered packages, 224 of them doesnt exists anymore;

We analysed 7306 existing packages and 1070 of them don't have bower.json on the master branch ( that's where a Bower client pulls a data ).

Sadly, your library travist/jsencrypt is one of them.

Can you spare 15 minutes to help us to make Bower better?

Just add a new file bower.json and change attributes.

{
  "name": "travist/jsencrypt",
  "version": "1.0.0",
  "main": "path/to/main.css",
  "description": "please add it",
  "license": "Eclipse",
  "ignore": [
    ".jshintrc",
    "**/*.txt"
  ],
  "dependencies": {
    "<dependency_name>": "<semantic_version>",
    "<dependency_name>": "<Local_folder>",
    "<dependency_name>": "<package>"
  },
  "devDependencies": {
    "<test-framework-name>": "<version>"
  }
}

Read more about bower.json on the official spefication and nodejs semver library has great examples of proper versioning.

NB! Please validate your bower.json with jsonlint before commiting your updates.

Thank you!

Timo,
twitter: @versioneye
email: [email protected]
VersionEye - no more legacy software!

Internet Explorer 7 and 8 doesn't support addEventListener and removeEventListener used in nrg.js at lines 24 and 32.

Hello! This is an awesome utility and I appreciate the work you've done to convert the work of Tom Wu. I am looking to do some decrypting with an application that uses the rhino javascript engine, however, when I try to load this jsencrypt.js file, I get a few errors related to window and navigator:

[user@host ~]$ which rhino
/usr/bin/rhino
[user@host ~]$ rhino
Rhino 1.7 release 0.7.r2.2.9.amzn1 2012 03 08
js> load( 'https://raw.github.com/travist/jsencrypt/5ce6c71731b1622983bfddcc499cdd80702ca88c/bin/jsencrypt.js' );
js: "https://raw.github.com/travist/jsencrypt/5ce6c71731b1622983bfddcc499cdd80702ca88c/bin/jsencrypt.js", line 72: uncaught JavaScript runtime exception: ReferenceError: "navigator" is not defined.
        at https://raw.github.com/travist/jsencrypt/5ce6c71731b1622983bfddcc499cdd80702ca88c/bin/jsencrypt.js:72
        at https://raw.github.com/travist/jsencrypt/5ce6c71731b1622983bfddcc499cdd80702ca88c/bin/jsencrypt.js:2
        at <stdin>:2

js>

I poked through and tried setting navigator = {} on line 73 and got an error about window, so I did the same for window = {} on 1276, but ran into another error about ASN1. Suggestions or ideas?

Thanks again!

I think this library is what I need, but I was wondering if it also supports ECC?

Hello, is there any way to decrypt text using public key instead a private key? I would like to encrypt message on server using server's private key and I would like to decrypt it in browser using public key.

I am trying to encrypt data with a public key from someone else received out of my database but all I get is "false". I checked if the public key I got from the database was the same as the one generated by the different browser and they match.
Code:

var crypt = new JSEncrypt();
crypt.setPublicKey($("#rkey").val());
var password = crypt.encrypt(pass);

(rkey is the recipients public key key gained from the database and pass is a password generated in the browser)

Is there a version that works with node.js?

Probably having the same issue as #39 but my message error is more like ""Error during decryption (probably incorrect key).""

It works well on local.

Hello,
Is there a maximum string size for the encrypt function? If I try to encrypt long texts using this I get false.

Example text:
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

Key Size: 2048bit

Firefox 4 (an old release I agree) gives an error when loading the jsencrypt.js file. The error is in https://github.com/travist/jsencrypt/blob/master/jsbn/rng.js#L35 :

window.addEventListener("mousemove", onMouseMoveListener);

Firefox4 complains about a missing parameter. When adding "false" as a third parameter, the error is not raised up:

window.addEventListener("mousemove", onMouseMoveListener, false);

This issue is also reported in CreateJS/PreloadJS#4

@travist thanks for jsencrypt. It works as a breeze and is well documented.

Hello,Why the encrypted string is always not the same even I didn't change the public key.
plz help me.

Hi, When we encrypt plain message we are getting cipher text (encrypted message) in Base64 format,If i want to get in Hexadecimal string format how could i do?

For some reason, the @echo -e option is not recognized on my system (linux mint 15, bash 4.2.5, make 3.81.8), which results in the invalid expression "-e" being added to the generated files. This raises an error on IE8 (and probably others).
A possible solution would be to remove this option from the makefile.

Below, the relevant output from the makefile

JSEncrypt.prototype.getPublicKeyB64 = function() {
    // Return the private representation of this key.
    return this.getKey().getPublicBaseKeyB64();
};-e 
exports.JSEncrypt = JSEncrypt;
})(JSEncryptExports);

It will give this more reach.

I see, you had publish done the library to npm.
But, the latest version still have not the main attribute, so, it is not available when I require it in my application.
however I can use require('jsencrypt/src/jsencrypt.js'), but..... you know, I am very lazy!

so, would you please republish a new version to fix it?
Thank you!

Hello, how can I set the modulus?

Hello,

I have found a bug in jsbn rsa.js which might lead to a security vulnerability
in jsencrypt (http://www-cs-students.stanford.edu/~tjw/jsbn/rsa.js).

I have a patch to submit.

Is there a specific procedure to report it ?

I already mailed the author of the original jsbn library, but my mail get rejected by the server. Maybe someone knows another contact ?

After I cloned to my machine, I found that the links in index.html of home, demo and test are broken.

The tag base href="/jsencrypt/" should be fixed to

base href="../" for index.html in demo and test directory,
base href="./" for index.html in home directory.

Thank you!

Currently it's only possible to encrypt using the Public key and decrypt using the private key. It's not possible to encrypt using the private key and decrypt using the public key for signature verification.

This feature is absolutely a MUST for me, and I really want to stick with this library instead of using one of the other "heavy" libraries out there.

I need to implement deterministic RSA encryption on serverside(Ruby) and then decrypt this data on frontend. My ruby code:

require 'openssl'
require 'base64'

KEY_SIZE=2048

message = 'Test message'

if message.length < KEY_SIZE
  message = message + (' ' * (KEY_SIZE / 8 - message.length))
end

key_file = File.read('public.pem')
public_key = OpenSSL::PKey::RSA.new key_file
result = Base64.encode64(public_key.public_encrypt(message, OpenSSL::PKey::RSA::NO_PADDING))
puts result

But, jsencrypt can't decrypt it=( Is there any workarounds?

Any chance you can create a node.js version of this as well?

regards

Encryption works fine, and I can decrypt again in PHP using the private key. However, using a PHP5.5 private key, I'm unable to decrypt with JSEncrypt. PHP 5.4 generated private keys on my mac is able to decrypt with JSEncrypt however.

I do notice that the key no longer included RSA on the failing private keys (http://php.net/manual/en/function.openssl-pkey-export.php#101839)

Example Public Key:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtCllajSev6wdWy29Ow2l
28S0jZnVmnOsAzAa3bIWfeH54PbBcP0+799jR4Y8mHXcdyx229AKVpNr8nb30iwH
4w2PcG6EC1ozCw3J0Wc+jtIJkl97rFF3t2Zg34Jl2hrfdb29fb36WS5bMwII/ONN
XP1o7RBda/MOt4kl9dJE5CTQUW/x5Db44a1EFD3P8sKFWPlwCqs7KEGNmvPSvteO
UdCLNRyd8W1ORngrZ3agoDp8B0mwIzZnzVlS08Z7j66rLTrIitVDHc0o40jKm58i
GPBsrV9PXxz9DrNSkruIXmrziZuwdBX3ucTZXgu+anNdzCRcMET2tOgpO8mUtpwL
NYsDpyGZ89eta0nsxAQe9jcn2PEDl32HujaMyU8yVth/JhLXOW5pODi+KPfwCL2g
S6ZE1LPUkcsmuhozLT5ePVswRNYOO8DcFc63k4oV0ZuRiXpTzGBquzU6MeLoCkJm
wWAdtVD81H6fPeMvA7pWmFauTn847M8FjWOa2/50PFXjjs+qnq5N58/hRWTZpGXu
ZIw8uIQXqjViVjDagtcFJEQ9QQJw0CE0TNqd9TZs3y9yr3vDvshMjDtacGLXMRFb
DszWWCp9pUpBDrDf/vIbXUpkufdtuVdJTIrQDDZ2Su/sG/dRu0R7MbtDiDTucuch
6TxLNI1mQkwQmZ0XL/Az9vMCAwEAAQ==
-----END PUBLIC KEY-----

Example Private Key:

-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC0KWVqNJ6/rB1b
Lb07DaXbxLSNmdWac6wDMBrdshZ94fng9sFw/T7v32NHhjyYddx3LHbb0ApWk2vy
dvfSLAfjDY9wboQLWjMLDcnRZz6O0gmSX3usUXe3ZmDfgmXaGt91vb19vfpZLlsz
Agj8401c/WjtEF1r8w63iSX10kTkJNBRb/HkNvjhrUQUPc/ywoVY+XAKqzsoQY2a
89K+145R0Is1HJ3xbU5GeCtndqCgOnwHSbAjNmfNWVLTxnuPrqstOsiK1UMdzSjj
SMqbnyIY8GytX09fHP0Os1KSu4heavOJm7B0Ffe5xNleC75qc13MJFwwRPa06Ck7
yZS2nAs1iwOnIZnz161rSezEBB72NyfY8QOXfYe6NozJTzJW2H8mEtc5bmk4OL4o
9/AIvaBLpkTUs9SRyya6GjMtPl49WzBE1g47wNwVzreTihXRm5GJelPMYGq7NTox
4ugKQmbBYB21UPzUfp894y8DulaYVq5OfzjszwWNY5rb/nQ8VeOOz6qerk3nz+FF
ZNmkZe5kjDy4hBeqNWJWMNqC1wUkRD1BAnDQITRM2p31NmzfL3Kve8O+yEyMO1pw
YtcxEVsOzNZYKn2lSkEOsN/+8htdSmS59225V0lMitAMNnZK7+wb91G7RHsxu0OI
NO5y5yHpPEs0jWZCTBCZnRcv8DP28wIDAQABAoICAEB5qB+wITf7Qq5E2jnuEnNq
HCuo6DbUOrURXCwG9eGrI6AM7wGewA1cZs1MDxeI5pOHyCm2dFyzeahWRy5iL5hk
W/citgLSDv5fuuBEELFQHbjSjxIGPc/Wxch3hDff8iTS+KOtf5C29FB24/yM5Dzp
O8nLV4Owgo3QeVNWIu1690qNw4Wm3r71IS4VSPxZ/RrwedZ3nT4055aSt9MwlXBW
L9ucGDI0qhSyIOZwH9/3zjdVecHAULm+w9Oibsnm+r+/D9IPrGtX5tAgVtIGy08d
i+cn+uHRIAdIyb5VeuI/aFTQ8P86dWN4PUpY7ZZvHxxVzuA/bgMkKs2IwL3xbljr
Otmx363o1oNrzBrisixNU8ypwPxzoMCBKzZLLwxgcD8KNJgUZ1YdmHXn15G8wpA9
b5SVuKVmWXn+O8QvACJblZfMc3S7eWjPNwycCm6e7I4ySHbvpwMATofZN3ksALVe
tuxc1+ELIB0OAysxJj7hp1aCHWyIzeBTEI+L1L7BDCqkpp5PHUOVRK6P9B5FpgfE
cdKw1qOWhoQ89uLbdVjQQhPx7IbmzJ577r9suqnPkAaZqGnU2oirSror3tOEoCdp
jNs7hAAW8co//VVjvV27DbHfd2yyHdLssuTvVm6Uh/szpEoT+uW5xUUAw3nrOwnf
2tXHnWkuo7QV2zG1LddxAoIBAQDhDKinfmT7Pvca4oweIF/fsJ/5YvkNbT4rFRc+
w44/O/IPZZLiIrC5uiZxllKZq6lOYcuqY+agsWa+l9Oq5EaTbPVpHsmvp1zHF/if
AQL7UPMqRiqXLVhrYFP8C2je1t3C9sL2UH+3P00DCjRBdIGK6L4xnk0psgKNcMit
HvSNoNOzrDhUCMPc5NhTgEcGMjj1fzDlD2nlwOrguRRQotYw4BeQ3eSB20JASQ+K
4mdv/xYrcYJl/gHKKL7JzZx7R+QLF8OjVzCIVu7Cb/c1XPsB3ELwhkRt5mMjiqlF
9t524rYWVMBZKD4AOH34ILCXss6fzZ7C+BGnNHNInLzMkipvAoIBAQDM8F6WH1Cv
BUCeNAmAQVqvkgIMSEro5bhXC8YqTvXWAi1qdqsZemRAnoy0hsuCJgvY+CqedbiO
/1/kMxXffCHVA6ZfsVOPgzhhBMn4x3TTFNl5b4asCChFEIFpN0k5MQBIbUVl3oqU
JiewcWB2nnWgXxH6pp99kcoAkgBSRMVDXyKTD/v6ZcTDw9Kiuq4lusH4Y+fGZiMi
Le4q4FvKg1pC1Zh4iFLoSXZv1kpVcUq7ZJmURFBdzkuCHnIQ6q0FGwwWxOyWAMKS
LHmLuiC+Ie8w8O7cXX1SOuLTrj1jrfdSnB69NuXqdkay9IZcwfEKYBg+cHgkB4lt
B/RdsswzjQ29AoIBAQCFVgeyvQs9ZK/pKOKVkt7a3H3btw0SLHBR/Dv6fsiPpIel
Iawl+SG12JmgYMztqSw1eXG+sVPaT2EteSz6qic6f6rjLk+Wl9U7THOMWYAXwH1h
xZLEYSRq8fawdV4b8TgQpD0czNLukj2hmHEfetSppX3SThUvp/0lKfZrw9Rm+SuU
32u8Njk9bgTRbEYoYKcopMQmYrx+WI+Qt3dW0zOOX6b2uNEDMxIMnnzr73oTfBH5
iVYV8anDyeJIFF8rF4wAGoNaCnWBwefSIZ5Y6o75KjQq55Ixfver/iKOhlaGH4p8
rpgL+vDJFq9jzJJ0Pod3XM88eteStlu7YMnndo5XAoIBAB4RGd9ugrjazWsoeUhe
zj457qD8rjjTEyN6L72fTgPy19Tpyhp30WOFn2EQ8aSLjmtrpV0QKl6Yauog8JGU
NaZ53ZvmeTrx5oCdYkBkiug5A9sEGL7+h2HylPnpyY1heggmN+tFJhGsM2B4kc11
XA6GRC4A6h9TF07UHMX1HvfOalUnIDHRYnfSMAH933TbnH+jsKpz662lDW8u8WiZ
stFhYvg0D+3ScVThHJDCiVNK5BlTmHLaxEs3ykZfF7lLCZABnjA3tlQZwE9WpF0g
v2XvwyuDb9JznzmtM4Z/TGzLSNs7xamLZr30kA3lykZaaNQoTggDLw9W/mwMwlbB
2AUCggEAbp/jkUPNGbesvdriyqeMiY3lY9Yw2potQdxj5AhjGBMfSIkUEyit0PAv
rbRvWv1LbUIGXQPLKaN65fDJRduZ20Yro1itvVgDfGTC8eLUW9j3+LoCsz6yMO+7
8En4F9K4K4YPfy/yd9GTMeeNfrjeA29fpqq0Afyt3arKk9lVlHPxdR1TrzNTAN3j
78J7JuEZxsq7lEI/72q7n+hzRA6KNFIaGmTNe+DoDjegaPh3Coj82rMRkuqEoYp6
KT0ixMYL8l60lIplD1zqekbtfEjhmRAMaRzP9fdQPqOZxS9lhrlYwyb0WRxb/a6s
Yqa08FSwsgK2GOEUJU4tx/m28a1lXA==
-----END PRIVATE KEY-----

Example of 'testing' encrypted:

UZ7xDUgPk06BIT1M3PFGlTN8h2iOJvwJl0MO8NkklkhfK6zsxgz25FQLRa37FcyPSSz3w/+HbUm1YQy0Kdg3DQsPYr8aNtTIZ5FyQlqoUZwViSEdAqrgtUFdcxWSTf6yaQsRjSsSGUz4UHh/rFt1shrUN9MJ1O+e0Gml9ySLhwffUz6vvReE0avbZXT/GbkwitxvcWTL3xTKM19U6mvTB/+vHse3HyrbNKxDqVzn7a10N+ZcxmQpVjf4uC8U5dQtkkCBVcexdY0vVqps62Ilw8cNLGD0MLejs0ypMgB9lMklInIYigvP45sgnEgs4tsKXio72kW/2LVN6c0EUtAhkrFIk9LY1cUVov/swEJ658GxKS088LWW+xLZz49rOdM6BPFrcdw2CCLxbbrCTF+wxm5tTKFKVW+Z3xSBX9tBTkj1ZiO9rIGLLUEX6QGFSy/BIEPOaxnKRExr92CD2Dg9mRgGJbGntYiaz07Pa89ciURkCEQssyZFqnCaLt2k9+0dXKWNr8N4dQr3v+GBPNZbKW7EGXNX1tRiLThiS+BHSBkcdgZD+RLtWEVg/mWogh9Ukg9Qz5/JZyRQt4r+4uFHCFcteiauS1qHWZxuLPRTHXeCRnpmRiY2bPeIscwMk8a2h5yrYeIgMrchzFKqRXsybjpyLFiSUiydLVR+t4bMzUY=

I've attempted multiple key lengths etc but that makes no difference.

SSL VERSIONS:

WORKS WITH: OpenSSL 0.9.8za 5 Jun 2014
FAILS WITH: OpenSSL 1.0.1f 6 Jan 2014

I just read TIFU by using Math.random() (discussion on HN at https://news.ycombinator.com/item?id=10598065). TL;DR this is what Math.random yields on Firefox

and this is what it yields on V8

The author suggests using crypto.getRandomValues in the browser. That populates a typed array with random values. Example:

> var random_int32 = new Uint32Array(5);
> crypto.getRandomValues(random_int32)
[3893288831, 502897280, 4154045839, 415033321, 3522955257]

https://developer.mozilla.org/en-US/docs/Web/API/RandomSource/getRandomValues

I am using ursa on a Node server which supports encrypting with private key, so I'd like to try to decrypt it on the client side with public key.

Would that be possible without rewriting the base?

Hi,
I made the library work for standard plain English data. But my real use case is RSA decrypting a binary data chunk and it does not seem to produce expected result. I have validated that both OpenSSL and C# RSA provider produce identical bytes. But JSEncryptor behaves strange. It produce strange set of characters which sometimes match the expected results and sometimes do not. Please review details below.
Private Key and Encypted text below. I am banging my head against the wall on this one so I really appreciate any pointers...

Expected result:
$ base64 -D test.enc | openssl rsautl -decrypt -inkey test.priv -hexdump
0000 - 57 27 19 73 ba 3c f4 48-04 1c 8e 5f f8 1c e0 d1 W'.s.<.H..._....
0010 - d7 97 7e 73 cc 53 77 d1-88 3f 0d 79 42 13 65 87 ..~s.Sw..?.yB.e.

My results. See how small numbers match but large numbers cannot be mapped to the expected bytes. It feels like it is UTF-8 but not quite. And there are strange misses and unexpected character at the end:
C# (Bytes) JS (characters)
087 0x57 87
039 0x27 39
025 0x19 25
115 0x73 115
186 0xBA 44852
060 0x3C
244 0xF4
072 0x48 72
004 0x04 4
028 0x1C 28
142 0x8E 59384
095 0x5F
248 0xF8
028 0x1C 28
224 0xE0 ????? <--- this byte is unclear
209 0xD1 1111
215 0xD7
151 0x97 32691
126 0x7E
115 0x73
204 0xCC 787
083 0x53
119 0x77 119
209 0xD1 1096
136 0x88
063 0x3F 63
013 0x0D 13
121 0x79 121
066 0x42 66
019 0x13 19
101 0x65 101
135 0x87 28672 <-- This one is unexpected....

$ cat test.priv
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7js4RCPP81/hVlmwlgz2BHvJwL4OqsB5f55Zbnewvxxxd/Wm
BE2tM9M4qmnV3Ub/B4YAdmG8CcJofyNApQvKLYatRJnnedyD/FYFj2e9O3iqs6UM
6MbS39Ce5rTuQEc5DXVUbsJKgR0J6PhtlF6QoU3GsluystuTX8NW2HTrodJa+2dO
4LLUTtE3nYahjFddqpxlbM0X5wp123Soviw5xotIrQFsMjn2xY5sY+d80qS9dwM5
OhmDWI+g2MB/ki1muBoaedxnj8Y3kehP1YWFOElBv5W/6E3jHqUKLk9E/M6udmKd
u5ASVwkVNAvBPW4xGt7I0CF0IXo7L6xpNQaNdwIDAQABAoIBACTyYkOPGk0wbY4q
0swyrmT7ncqar0OkHjPApzYOsgaxrpdgLaM1OMt00rD7QQPUYvETwzaY6cTJtdMh
8ICoV27AGFcvV0r6/C1CWhJnkF2M1UyPKHVhgIrdnAdDwD+PzDVeIP4ce9mSW1sa
TERadivOGCbJOemrTCvp66oeV/z8ii1Jww90CzIYO3M4Lag4QtSdI3SiCwTs0b1O
gZzk+RvoHIpTvYl+XbaLkzr64q9/ee26UArQ4BEfEjEKFbs+Pe0z/JNy33ROViH7
NohqbXaXtbFAPTikh1M8m1x/XsK2u+Bi8XeQYwUzENQs1vRv3iOoBVACGck1Aaw0
Zir4wyECgYEA+OWwIRinsREK95q+ce4gg0EMhXakLk/g9wvWorIENbMWEqwvrGfc
FFWNLuDZzSD5pYFyf4TngojeAdiPgrCaVjAaO7N/UK6CjZH8yw/Rzucsb6PFnp3a
yBs8JdlMD9MDpWS6tffhKtmHjAsjBr6Sxi/V8PEmKHvTETiUM+PjJiUCgYEA9Qec
xi6glKEgR5Ssjx3qAa6TMqF+dL/EeqB2DdH1sT08x+zdPONayATG3NSbGBwA5Q0i
XLBv4/J5ODw65F2yRFReU6gNbPBunzYwasnowke2p8U42G2RB0XN4GAGptret3xG
1qzETGZIDvjPdnVqnbT6ttM1e4UKh4eDv0GmbGsCgYEAnOYl5mclZsBomneI8Eb9
ZeA+pW+JxcwC85kZ34u6jaNsGa9DijoaiRL5IgEKK35LAWMdq3c7fZUL5jv/E5KC
aCyAjPv1GQY5NEdABT3es8AUyfeCXyABR72rZ+yYPy11EfDypj0xSxK/mK94kArY
eWi0Q+Owezq7bhKtkhxpF6UCgYBiMxfQkTVH+78tENeLT+jNncJeYzyD26sJni9R
4Jh/3NP0J+iOk2t5h/iO3iH+KpLtOTNRRGDDURTlxbWweiCMo+ddzZb71uvuoNAM
rDi9S/JXEIJ0soySBpa42qMv0b26eXMGbB0LpV4xqeOzTOFarQJhrQndI/eRU20o
hE4HWwKBgQCX5TEkoeBnO2DDNj5vPN0LCOzcG4c4QqpkhfmAEpRNBBNiEKwuWsHq
S1LLlsR1Z/ycs21KOeaG5mXS4WWZjVQILUtOsgAg48ulkPfzUQU0c3w8oON4acP/
0gn/pSDyeUb+I9I2+ht8ekbhD9tXBEJGsY31tALqDmS7VqKt9Folvg==
-----END RSA PRIVATE KEY-----

$ cat test.enc
T+KOs8MMBNDmEiwiSqBIJWMucotbAGFhW1/kBZoRBT9uM3yOQs10xuqCm2Jo
EG5YU70lLTEQmuLgHJkW4P6fkX2E/63aFlSpy8A4Nli1ou1VKI2BLmGYH6N9
S/DrP7qySg/o9cH4wiBAbIuNoQmpTxeOyC9/r3+XbFO24+guNK+S3ytxB8rT
ADtLDK6PhL/BzagWfxydt6kQAIHGiCnVnunmYUwLataqDNdyZI0vBebiwaZ9
oW206JEk/S2WznKw6BReeTqB5CNwDxWdrMLSx/j5yk7W4faM8DdPwXbfT1RI
jKdrOlwFyWUbmlLGbZgJjVT9RoUzlMCezaWupJVHmQ==

I met a problem when I use the public key to decrypt the encrypted data by private key. However, there will be an exception when I use jsencrypt's decryption method directry, like following:
var decrypt = new JSEncrypt();
decrypt.setPublicKey(publicKey);
var decoded = decrypt.decrypt(encoded);

Furthermore, how to split the encrypted data into parts in decryption with private key while the data is too long?
Thank you for anyone can help me!

I use "RSACryptoServiceProvider" on C#. I export the public key to javascript with this code: http://stackoverflow.com/a/25591659

But the encryption with the Data from Javascript does not work on DotNet! Any Ideas?

When I use the key mention in the below then output on the encrypt function is false.
Is there anything wrong with the public key?

var encryptor = new JSEncrypt()
encryptor.setPublicKey( key )
encryptor.encrypt('Hello World!')  // -> returns false

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAsfvDzLf4oH9q3lPsIoahV7VO0hj2J7nEbB0OcRoxA0UpsMpBjIit
tskK4jIgZ/gVdf2zCOTiw9BWuOPr+CymCTl7785JSVmXi+FVLrN3nXYbo7sqkusb
DmrvRMTenx8M/f7zMiAS9iUF+jkFNg5MDkw4xiXFzgS7SYBVyRKIkVLte3JRjCPJ
vAgj3ddvet3FTylX09xrXemXEKXixLyrZrKMhrn/IQ/C0cbC6afrWI0XeBMTvxxp
ce88hxFM9d2LjCLa1MGs2eIDGVa+lOTZlu4OP8lZ7YCIYo2amNQg4511Lqqhgsqg
dYuvCnw9O41KyX7v2lzxVyLFDquhAuVG5zngWArvYCqnRNJMUZl/MYLYGo1ioh1L
lslfYZBxV5k4D8lfsK92GSzY4zQ/LfPRdRHQ3rVJ9YTp0q4mzgIe0OShCK71FcN2
8o/rrp4Pg2DcqTLDUeCDAfJchMJzbJ3ZbjB6zt0lYXqIt/iDMHbHlKKtKqoed1El
gG3Jz969vw1RDKFJJg2DKHlZobLxLbFmS/iQ686l+iTC0D/RraKrp2v4H3YRpap/
uYnfkpIqONDC1ULxCzFot2iHsDUFhL2wDaCgBYME1tzr8Klk4aQs+zFiILUduzJO
SB1tgxprKg8fwO5zv3tRJs8QDf74Z1QkgTVCG5P60YHsj5DCPEWsyO8CAwEAAQ==
-----END RSA PUBLIC KEY-----

JS Console

encryptor: l
   default_key_size: 1024
   default_public_exponent: "010001"
   key: H
     coeff: null
     d: null
     dmp1: null
     dmq1: null
     e: 0    <------------- This seems to be culprit
     n: null
     p: null
     q: null

Is there planned support for password protected private keys? Does anyone have a quick hack for this?

Cheers

When I refresh the page a couple of times suddenly the shown test fails:

Error: global leaks detected: count, v
    at Runner.checkGlobals (http://travistidwell.com/jsencrypt/test/mocha.js:4308:21)
    at Runner.<anonymous> (http://travistidwell.com/jsencrypt/test/mocha.js:4186:44)
    at Runner.EventEmitter.emit (http://travistidwell.com/jsencrypt/test/mocha.js:521:20)
    at http://travistidwell.com/jsencrypt/test/mocha.js:4545:14
    at Test.Runnable.run (http://travistidwell.com/jsencrypt/test/mocha.js:4121:5)
    at Runner.runTest (http://travistidwell.com/jsencrypt/test/mocha.js:4488:10)
    at http://travistidwell.com/jsencrypt/test/mocha.js:4534:12
    at next (http://travistidwell.com/jsencrypt/test/mocha.js:4414:14)
    at http://travistidwell.com/jsencrypt/test/mocha.js:4423:7
    at next (http://travistidwell.com/jsencrypt/test/mocha.js:4367:23)

I'm using google chrome Version 36.0.1985.84 beta-m on Win7 x64

Hello, first of all great library!

The issue I have is that specific messages cannot be decrypted after encryption. Here is an example:
"дф явеявасяв ф фаф яв ас асдгхй яв цжбзь я хйклт лсорив ала ас зь асдяв асявасдфе явер явсд асфяв"

This is cyrillic alphabet. I tested this isolated here http://travistidwell.com/jsencrypt/demo/ so that I am sure that I am not doing something wrong.

The following example does not work.... I am generating my keys in Java as per this example http://www.txedo.me/blog/java-generate-rsa-keys-write-pem-file/ or even with my own implementation in Java.

I am working on a project that will depend on the exchange of public keys from client to server and my back end is written in java. It seems like there may be a bug in this js library. If the bug is in the js library I would point it to the shared library you are using as the same example will not work for these guys either https://kjur.github.io/jsrsasign/

Seems like a deeper problem needs to be identified. When I debugged it in chrome I noticed an issue parsing the private key, as this condition is not met by the private key: "if (asn1.sub.length === 9) {"

Please see the RSAKey.prototype.parseKey method.

-----BEGIN RSA PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJLORhDfV6VwpZCF
0ZgCKc7cP3Sy5EFkkHY1LKDNqhYmU+ey7GzNjJbm/JIZQwtufcpP8K14kEq2rHo/
F2hN5DQ0hRpSAXljxuz0Y0l5DeELQYrYjcjFMOU5071ebBNuCxm7x3hqSXt/LlmW
GBo73rf3cksI5sxlKEvr69fl4vUJAgMBAAECgYBViTxHzmn56hV9jIrff7suXSPX
8feOpnKJfVgAZXSJrVFL+fNJPcaBkhptYayvt3QxcbxwxoOEFMWQALy5uFCSuWk8
WOiUVlVoCZUjW1fn6z3N0WiuW0yJH315yYjHunFI9THaToIT8XXANZPMS6Jw84Qy
EmNKF6DgirYKvmEyAQJBAORadaff+2yh9r8r25SIIujQpogYMB+JbyAtfSwHMPIC
ZWC137ah1hYj82KutL0yQ9r/6iM+/lY9a5W6SvpWpkECQQCklFfjFxlQ13VrkrGp
h8duqbWm0BdX32lqaTNPscDaz60GWw7LPNhb0LY2mlTP1iSgWdt3VCWKvowHA1Qh
92zJAkANxEJZl5BB0VXd2pgHUVnBbWrMw6CLFi8D4posQFa8EFbqSKyvBvywIwS2
S1AMI+6hUlJcQ5zzuAo3YZ7JjtXBAkARrd3DBzgw9vQmGhv7mhpSSOi6gp//UICC
bcqVRQLyflyX0jBEpMSZGFJ6ixmROe+1SfHJX8Cops9j8XeYLnwBAkEAqxZUZ4NB
kfTwjtxIsZhwaBHKPduFPg+kSKCvTwqpn87D2E0jk/dL4oFk3/otj4L1j1aelFb8
hmciN50QAVL2Bg==
-----END RSA PRIVATE KEY-----

-----BEGIN RSA PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSzkYQ31elcKWQhdGYAinO3D90
suRBZJB2NSygzaoWJlPnsuxszYyW5vySGUMLbn3KT/CteJBKtqx6PxdoTeQ0NIUa
UgF5Y8bs9GNJeQ3hC0GK2I3IxTDlOdO9XmwTbgsZu8d4akl7fy5ZlhgaO96393JL
CObMZShL6+vX5eL1CQIDAQAB
-----END RSA PUBLIC KEY-----

Is there some kind of bizzare bug where this does not operate properly in a function?

I ran a lot of tests to play with saving the vars to use later, and everything works unless i stick it inside a very simple function.

when its wrapped in a function, the only encryption that works is when you initialize and simply setup the keys and use those, not if you changed the assigned key.

(i am a skilled PHP developer and a novice JS developer please forgive me if I've just done something stupid)

Hello,
It would be great to have the possibility to import the library inside a web worker.
I know you have already discussed about it, two years ago (#31, #23 and #2). I write you just to know if there is any update on it.
thank you.

As per Bower specs, minified files should not be used in the main property.

"main": "bin/jsencrypt.js"

is what should be used instead.

I have an issue when using ajax with the jsencrypt. It encode but I gets random whitespace. Then when I insert it into my database it adds + in the whitespace. The end result when I try to decode I get null error because it can't decode it correctly. I've tried to trim and replace whitespace to fix the issue but with no luck. If you could help me resolve this issue that would be great. Thanks

I'm loading the library into my application through webpack which means it gets bundled up with multiple other libraries I'm using. Anyways when I go to my console and lookup JSEncrypt nothing shows up. If anyone has done something similiar or if I'm missing something please let me know.