Vercel
RSA_PKCS1_PADDING is no longer supported for private decryption #6630
-
SummaryUPDATE: related issue in node nodejs/node#52365 I am using the native Node crypto module to decrypt data using the TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809
at Object.privateDecrypt (node:internal/crypto/cipher:79:12)
at handler (/var/task/.next/server/pages/api/admin/captureUpi.js:99:80)
at Object.apiResolver (/var/task/node_modules/next/dist/server/api-utils/node.js:363:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async NextNodeServer.runApi (/var/task/node_modules/next/dist/server/next-server.js:487:9)
at async Object.fn (/var/task/node_modules/next/dist/server/next-server.js:749:37)
at async Router.execute (/var/task/node_modules/next/dist/server/router.js:253:36)
at async NextNodeServer.run (/var/task/node_modules/next/dist/server/base-server.js:384:29)
at async NextNodeServer.handleRequest (/var/task/node_modules/next/dist/server/base-server.js:322:20)
at async Server.<anonymous> (/var/task/___next_launcher.cjs:26:5) {
code: 'ERR_INVALID_ARG_VALUE'
}
Node.js process exited with exit status: 1. The logs above can help with debugging the issue.
Unknown application error occurredExampleNo response Steps to ReproduceCreate this endpoint on next.js and deploy it to vercel // Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import crypto from "crypto";
type Response = {
status: number;
message?: string;
};
export default async function handler(
req: NextApiRequest,
res: NextApiResponse<Response>,
) {
const encryptedBody = req.body["encryptedBody"];
const privateKeyString = Buffer.from(
process.env.PRIVATE_KEY ?? "",
"base64",
).toString("utf8");
const privateKey = crypto.createPrivateKey({
key: privateKeyString,
format: "pem",
});
const decryptedRequestData = crypto
.privateDecrypt(
{
key: privateKey,
padding: crypto.constants.RSA_PKCS1_PADDING,
},
Buffer.from(encryptedBody, "base64"),
)
.toString("utf8");
console.log("decryptedRequestData", decryptedRequestData);
return res.status(200).json({
status: 200,
message: "Success",
});
} |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
i have the same error too first I use a 20.10.0 version it can do an rsa encryption normaly but when i change to 22.0.0 it cant be use i really confuse about it TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809 some one pls help us |
Beta Was this translation helpful? Give feedback.
-
|
Sorry, forgot to post this update, but found a workaround by using NodeRSA and setting the environment to browser (It will use the node crypto library with the CVE by default) import NodeRSA from "node-rsa";
const privateKeyString = Buffer.from(
process.env.PRIVATE_KEY ?? "",
"base64",
).toString("utf8");
const privateKey = new NodeRSA(privateKeyString);
privateKey.setOptions({ encryptionScheme: "pkcs1", environment: "browser" });
const decryptedRequestData = privateKey
.decrypt(encryptedBody)
.toString("utf8");
console.log("decryptedRequestData", decryptedRequestData); |
Beta Was this translation helpful? Give feedback.
-
|
I have to try it thank you sir now I have been change to pkcs1_oaep but i will try pkcs1 again really thank sir |
Beta Was this translation helpful? Give feedback.
Sorry, forgot to post this update, but found a workaround by using NodeRSA and setting the environment to browser (It will use the node crypto library with the CVE by default)