crypto: privateEncrypt & publicDecrypt Implementation #477
Comments
|
I'm not sure the question, they are in iojs |
bnoordhuis
added
unconfirmed
crypto
|
@calvinmetcalf Those are the opposite of what they are asking. publicEncrypt & privateDecrypt vs (their) privateEncrypt & publicDecrypt, assuming they are wanting the correct things. |
|
Fishrock123, correct. |
|
ah missred, if you turn off padding and use privateDecrypt on plain text you will get ciphertext that can be decrypted with publicEncrypt |
|
@calvinmetcalf Is that process completely symmetric? My initial hunch was that the result from crypto.privateDecrypt() would get bumped to cipher block size even with RSA_NO_PADDING, and a quick test seems to confirm that. |
|
what do you mean by cipher block size in this context modulus size? |
|
@calvinmetcalf This, basically: var options = { key: key, padding: constants.RSA_NO_PADDING };
var encrypted = crypto.privateDecrypt(options, 'plaintext'); // encrypted.length == 128
var decrypted = crypto.publicEncrypt(options, encrypted); // decrypted.length == 128
// decrypted consists of 119 zero bytes followed by the original plaintext |
|
yes it's left padded up to the modulus length, it likely does it when you do as well (can't check at the moment). It's enough functionality to write your own padding/unpadding on top of it |
|
to follow up , @bnoordhuis you are correct that it is not symmetric, var encrypted = crypto.publicEncrypt(options, new Buffer('plaintext'));throws an error unless you left pad it with zeros yourself, privateDecrypt left pads it for you because the output of publicEncrypt will omit a leading zeros (for instance with this key |
|
It can't be symmetric, there is a prefix byte that does a thing. |
|
I'm going to work on it. |
|
See #625 |
|
Shall be fixed in 87e62bd |
node.js is, effectively, another bindings library. However, it's better
written than most and, with these changes, only a couple of tiny fixes
are needed in node.js. Some of these changes are a little depressing
however so we'll need to push node.js to use APIs where possible.
Changes:
∙ Support verify_recover. This is very obscure and the motivation
appears to be nodejs/node#477 – where it's
not clear that anyone understands what it means :(
∙ Add a few, no-op #defines
∙ Add some members to |SSL_CTX| and |SSL| – node.js needs to not
reach into these structs in the future.
∙ Add EC_get_builtin_curves.
∙ Add EVP_[CIPHER|MD]_do_all_sorted – these functions are limited to
decrepit.
Change-Id: I9a3566054260d6c4db9d430beb7c46cc970a9d46
Reviewed-on: https://boringssl-review.googlesource.com/6952
Reviewed-by: Adam Langley <[email protected]>
Without this functionality i can't migrate from ursa module.
The text was updated successfully, but these errors were encountered: