I am using express js. Encryption and decryption completely works in node version 14 BUT in node version 20 it says RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809
I don't want to use security-revert=CVE-2023-46809
Besides I have to use RSA PKCS1 PADDING algorithm with PKCS1 padding algorithm
Thanks in advance
const crypto = require('crypto');
encrypt(data) {
const signerObject = crypto.publicEncrypt(
{ key: this.pubKey, padding: crypto.constants.RSA_PKCS1_PADDING },
Buffer.from(JSON.stringify(data))
);
return signerObject.toString('base64');
}
decrypt(data) {
const decrypted = crypto
.privateDecrypt({ key: this.privKey, padding: crypto.constants.RSA_PKCS1_PADDING }, Buffer.from(data, 'base64'))
.toString();
return JSON.parse(decrypted);
}
Please propose solution for node version 20
Your encryption method doesn't need to change. Change decrypt to:
import NodeRSA from "node-rsa"
export function decryptWithPrivateKey(encryptedData){
const keyRSA=new NodeRSA(
process.env.NEXT_PUBLIC_SERVER_PRIVATE_KEY.replace(/\\n/g, '\n'), "private", {encryptionScheme:"pkcs1"}
)
keyRSA.setOptions({environment:"browser"})//By default it will use the node crypto library with the CVE
return keyRSA.decrypt(encryptedData)
}
// USE AS: const decryptedkey=decryptWithPrivateKey(encryptedData).toString('utf-8')
I used next.js code here but it should be easy to convert it to node.js
UPDATE
Node.js equivalent:
const NodeRSA=require('node-rsa');
decryptWithPrivateKey(encryptedData){
const keyRSA=new NodeRSA(
<your-private-key-here>, "private", {encryptionScheme:"pkcs1"}
)
keyRSA.setOptions({environment:"browser"})//By default it will use the node crypto library with the CVE
return keyRSA.decrypt(encryptedData)
}
// USE AS: const decryptedkey=decryptWithPrivateKey(encryptedData).toString('utf-8')
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With