Feature Request: RSA Encryption

[Olf42bur]

Hello Postman!

I need to encrypt an object with RSA 2048 method thanks to my public key to perform my complete test procedure with postman.

In the CryptoJS library it seems that there is only symmetric methods proposed.

What do you think about adding this really popular encryption method ?

Because right now, I'm a little bit stuck :/

Thank you in advance,
Florian

[a85]

Looking into this. Added this as a feature request.

[vivaladan]

This would be a really useful feature for me.

[Olf42bur]

Still no plan to add an RSA library ? :(

I will need to make a separate node.js just to do this encryption, postman will be dependent to an other app :(

[glennkidd]

+1 also, would love support for this

[abrahambosch]

+1 for asymmetric cryptography

[ihommani]

This is indeed needed. Google for instance uses SHA256withRSA to sign JWT.
So to mimic all the authentication flow through Postman this is mandatory.

[selfboot]

+1 for asymmetric cryptography

[kurtulussahin]

+1

[Shifty-kek]

+1

[devwlw]

+1

[turkoz]

+1

[loveiset]

+1, really need this

[kingwrcy]

+1,please support RSA encrypt/decrypt/sign/verify。

[iuriiismirnov]

One for me, please

[rikimod]

+1, really needed

[runev]

+1

[nguyenthinam]

+1

[loveiset]

I figure out a temporary solution, may this be helpful for you.
project RSAForPostman

[nguyenthinam]

I found another solution here while waiting postman support.

1. Load Crypto Library for RS256

• Create a GET request with URL: http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js
• In the Tests tab, paste this one:

pm.globals.set("jsrsasign-js", responseBody);

2. Use SHA256withRSA to sign JWT in your Authentication request. Paste the following script in Pre-request Script (Don't forget to update payload by your info):

var navigator = {}; //fake a navigator object for the lib
var window = {}; //fake a window object for the lib
eval(pm.globals.get("jsrsasign-js")); //import javascript jsrsasign

var currentTime = +new Date(); // the current time in milliseconds
var issuedAtTimeSeconds = currentTime/1000;
var expirationTimeSeconds = currentTime/1000 + 3600;

var header = {"alg" : "RS256","typ" : "JWT"};
var payload = {
    "iss" : pm.environment.get("ServiceAccount"),    
    "scope" : pm.environment.get("Scope"),
    "aud" :  pm.environment.get("TokenUrl"),
    "exp" : Math.ceil(expirationTimeSeconds),
    "iat" : Math.ceil(issuedAtTimeSeconds)
};

var privateKey = pm.environment.get("PrivateKey");
var sHeader = JSON.stringify(header);
var sPayload = JSON.stringify(payload);

var sJWT = KJUR.jws.JWS.sign(header.alg, sHeader, sPayload, privateKey);

console.log(sHeader);
console.log(sPayload);
console.log(sJWT);

pm.environment.set("jwt_token", sJWT);

I'm using this solution to access Google APIs by service account. Completely success!

[ylaguna]

+1

[gebonadio]

+1

[AdamHeidfeld]

+1

[tanmoy-git]

Any ETA on when it will be integrated? Its a needed feature.

[irishelp]

+1
Waiting for official

[maxcoffer]

+1

[morrisond91]

I have a similar solution to nguyenthinam, except my only is only for RSA signature creation.

solution can be found here: https://github.com/morrisond91/PostmanRsaSupport/blob/master/README.md

[aantono]

Any update on this? It's been open for 5 years, would be nice to get this much needed feature supported!
It is very vital to have, given the high emergence of HTTP Signature auth methods. I see that Postman supports AWS Signature as a pre-defined authentication method, which internally uses the RSA component to sign the requests, so the code must already be there, just needs to be exposed to the pre-script environment to be able to get called from there!!!

[klnlakshmi]

Any update on this request? If it comes out of the box from postman itself instead of depending on some external library, it will be good

[WarGreyGon]

Still no update on this? 😥

Is there any blocker or something preventing this feature to be implemented?

This feature will be REALLY REALLY usefull