Comments (7)
As far as I understand (would love to get @zoloft input on this) but you can only decrypt using the private key, and encrypt using either or. Since you are trying to decrypt using the public key, this would not work.
from jsencrypt.
Mathematically it should work in RSA. "Encrypt" with the private key, "decrypt" with the public key.
That way I can validate that the message came from a secure place
" ...
RSA works on a public/private key pair. Non repudiation relies on a sender having a key pair, and the sender and receiver agreeing that the public key is in fact the public key of the sender.
A sender then constructs a document (normally plain text), then creates a cryptographic hash of the document (eg with MD5), then encrypts the hash with the private key.
The receiver decrypts the document hash using the sender's public key, then runs the same hash algorithm to obtain a verification hash. The verification hash and the decrypted hash should match. If they do, then the document originated from the sender (and the sender can't repudiate it).
This relies on the fact that noone else could create an encoded hash that decrypts correctly with the public key. And noone can alter the document without creating a hash mismatch. If both these are true, then the user of the sender's private key is the only person able to create the document [which is hopefully the sender - but it may be compromised by some means].
This rather roundabout method is used because (a) the document is in plain text so doesn't need decrypting for casual reading (b) encrypting the whole document using RSA is a computationally intense process, much cheaper computationally to use MD5, then only use RSA for the hash.
from jsencrypt.
Sorry for the late reply just noticed it. The problem is in Tom Wu's library. I honestly don't do any check in the extension of Tom Wu's RSA key object and from what I could remember of his code he probably doesn't as well. My first thought is that there may be a bug in his BigInteger library (jsbn) but I would need some spare time to check it that, unfortunately, I don't have. There are quite a few things I would like to check on Tom Wu's library honestly and changes that I would like to do on this library as well I just don't have enough time to work on it :(
from jsencrypt.
Is there any progress on this? I traced the current version on github, and found that the problem is not with BigInt lib, but rather with RSA key object itself -- the computation logic assumes a public->private communication, and doesn't account for the private->public case, which resulted in an erroneous referece to a null this.d value.
from jsencrypt.
No solution for this problem?
from jsencrypt.
i'm stuck in this private -> public issue too, it seems no solution, so sad...
from jsencrypt.
Public key is used only for encryption. Private key can decrypt and encrypt both. The idea of RSA is not to be able to decrypt with the public key. The reason is that the public key contains only N and E and the private key have additional D which is a must for decryption.
more info:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
So in conclusion i would say that this effect is by RSA design.
What @fmgdias is describing in his second comment is signing/verification and not encryption/decryption process.
from jsencrypt.
Related Issues (20)
- Decrypted result has wrong encoding HOT 1
- window is not defined in nuxtjs v3 HOT 8
- Suggest to add judgment when string too long
- Front-end performed RSA signature on the HMAC using SHA256, but the length was incorrect, causing the server to fail to verify it. HOT 1
- CVE-2012-5883
- An error occurred when using jsencrypt in a lower version of Chrome
- encryption returning false HOT 3
- Support node.js ? ReferenceError: window is not defined HOT 6
- Problem after upgrade to latest version from 3.2.1 on verify method
- Why is the result of each encryption different from the same content?
- [REQUEST] remove browser dependency ?
- Can the ciphertext length of JSENCRYPT 3.3.2 be controlled
- nest.js jsencrypt does not work with error `window is not defined`
- Content-Security-Policy blocked jsencryt.min.js file version 3.0.0-rc.2
- Need a fix for CVE-2023-46809 HOT 3
- Problem to decrypt in NodeJs with crypto HOT 1
- How should Java verify your generated signature HOT 1
- How to decrypt Blob、ArrayBuffer ?
- yahoo.js文件中的yui代码存在安全漏洞,是否使用最新版本的代码 HOT 4
- @3.3.2 linux public Rollup failed to resolve import HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsencrypt.