Generating an RSA keypair in JavaScript

Question

I recently found this RSA JavaScript library: http://www.ohdave.com/rsa/. However, it requires that the key be pre-generated. Here are my questions/issues:

1. I'd like to generate an RSA keypair in the JavaScript (so that I don't have to change the code every time I want a new keypair.)

2. While I understand how this can be used to send secure data, if I'm not mistaken this library cannot be used for the client to receive secure data from the server (because the public and private exponents, and the modulus, are transmitted plain-text from the server). Am I mistaken?

I'd love some discussion about this. I'm no security expert, but I have a pretty firm grasp on asymmetric encryption.

Answer 1

The question has been asked almost 10 years ago and since then lot of things has improved. Currently, most of the modern browsers feature Web Crypto API that provides the capability to generate strong random numbers and therefore allows a script to generate cryptographic keys, sign data, verify signatures, encrypt and decrypt data and other cryptographic operations.

Here is a sample code from the MDN mentioned above:

let keyPair = window.crypto.subtle.generateKey(
  {
    name: "RSA-OAEP",
    modulusLength: 4096,
    publicExponent: new Uint8Array([1, 0, 1]),
    hash: "SHA-256"
  },
  true,
  ["encrypt", "decrypt"]
);

Answer 2

Generating the keypair requires a strong random number generator (I don't think you have one in JavaScript), and quite a bit of computation (for primality testing). Then once you have your pair, when you transmit your public key up to the other side, there's an opportunity for man-in-the-middle attack since there is no integrity check on the public key transmission.

You will get secure transmission to whoever has the private key. It's not clear from your question whether that is the client or the server. You can initialize a shared secret by having whoever has only the public key generate a shared secret, encrypt it and send it to whoever has the public key.

You can get a similar feature set (dependence on random number generator, vulnerability to MITM, ability to create shared secret for use as session key) but with much less computation by performing a Diffie-Hellman key exchange instead.

You are probably better off figuring out how to configure SSL on your server.