7

The data decryption will run in JAVA using RSA/ECB/OAEPWithSHA-256AndMGF1Padding algorithm. So I have to encrypt the data with public key using the algorithm equivalent to RSA/ECB/OAEPWithSHA-256AndMGF1Padding in node.js.

I tried with crypto.publicEncrypt(key, buffer) which uses crypto.constants.RSA_PKCS1_OAEP_PADDING which is not similar to the above algorithm. So I need algorithm equivalent to "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" or how to achieve the same in node.js

Improve this question
4
  • And what is your question? Commented Dec 18, 2018 at 14:22
  • I didn't find any documentation on what hash functions node uses for OAEP. This means it 1) likely uses SHA1 for both the MGF1 hash and the constant hash, and 2) there is no way to change it. You'll have to modify your Java to use SHA1. Commented Dec 18, 2018 at 15:36
  • @JamesKPolk+ according to stackoverflow.com/questions/35544547/… and stackoverflow.com/questions/33532091/… node-forge (instead of node-crypto) can select OAEP hashes. OP: what provider are you using in Java, or are you using OAEPParameterSpec? IIRC the Suncle/Open provider and the BouncyCastle provider default 'MGF1with$hash' differently. Commented Dec 18, 2018 at 21:46
  • @dave_thompson_085: Thanks, that is good information. In this answer my conclusion was the Bouncycastle uses the hash alg specified in the transformation string for both hashes while Suncle uses the specified hash for the constant and always use SHA1 for the MGF1 hash. Commented Dec 19, 2018 at 0:01

2 Answers 2

Reset to default
9

I finally found the answer. Equivalent to "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" can be achieved via node-forge npm module. https://www.npmjs.com/package/node-forge#rsa

    // encrypt data with a public key using RSAES-OAEP/SHA-256/MGF1-SHA-1
// compatible with Java's RSA/ECB/OAEPWithSHA-256AndMGF1Padding
var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP', {
  md: forge.md.sha256.create(),
  mgf1: {
    md: forge.md.sha256.create()
  }
});

Thank you

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks!!. For RSA/ECB/OAEPWithSHA-1AndMGF1Padding i tried it without the md and mgf1 and it works!.
Isn't there a typo here? Shouldn't the md of mgf1 be forge.md.sha1.create() to fit the comment above?
-3

Firstly, you shouldn't use "ECB" mode cipher, because:

  1. ECB is a block cipher mode, RSA isn't an algorithm based on that mode of operation.
  2. If you use an algorithm based on that mode of operation (for example AES), you shouldn't use ECB, because it doesn't have IV (Initialization Vector), so it's insecure and a crypto analyzer could break the cipher. You could use CBC, it has IV, or GCM, if you want to share sensitive information to external systems and prevent Oracle Padding. I recommend you visit the following link:

MSC61-J. Do not use insecure or weak cryptographic algorithms

So, in this case, you just need to use OAEP for RSA encryption, because it's a padding scheme and it helpts to prevent Oracle Padding for asymetric algorithms, then change your code for: RSA/None/OAEPWithSHA-256AndMGF1Padding. Maybe, you could get compatibility with Node.js. Also, I recommend you visit the official web site:

JCA Reference Guide

I hope this information helps you.

Good luck.

Improve this answer

1 Comment

As the JCA page you link (and also its non-obsolete versions) says, Java/JCA uses the syntax algorithm/mode/padding for Cipher even when the algorithm does not use modes, like RSA (as you correctly say), so the Suncle provider (SunJCE) requires 'ECB' as a placeholder which really means 'no mode'. BouncyCastle allows either 'ECB' or 'NONE' (case-insensitive, like most names in JCA).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.