Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSEncrypt#encrypt creates sporadically invalid ciphertexts #158

Open
user163 opened this issue Jul 16, 2019 · 5 comments
Open

JSEncrypt#encrypt creates sporadically invalid ciphertexts #158

user163 opened this issue Jul 16, 2019 · 5 comments

Comments

@user163
Copy link

user163 commented Jul 16, 2019

  • Version
    jsencrypt 2.3.1 and 3.0.0-rc.1

  • Issue:
    JSEncrypt#encrypt sometimes generates a ciphertext with a length that is smaller than the modulus, i.e. the ciphertext is not padded with leading 0x00 values to the length of the modulus.
    According to RFC 8017, Section-7.2.2, Step 1, a ciphertext with a smaller length than the modulus is invalid.
    JSEncrypt#decrypt seems to take this into account, because it decrypts also too short ciphertexts
    correctly.
    Problems arise when the decryption is performed in other languages, e.g. Python. Here
    the decryption is aborted with an error message Ciphertext with incorrect length, see this SO-issue jsencryptjs-encrypt-but-python-cannot-decrypt.

  • How should it be?
    Creation of a ciphertext according to RFC 8017, i.e. a ciphertext with a smaller length than the
    modulus is padded with 0x00 values to the length of the modulus.

  • How can the issue be reproduced?
    Run the code below. In the example code, a key with a modulus of 128 bytes is used. The code generates ciphertexts in a loop, aborts as soon as a too short ciphertext is generated and displays it:

<script type="text/javascript" src="jsencrypt-master/bin/jsencrypt.min.js"></script>
<script>

var pubkeypkcs8 = '-----BEGIN PUBLIC KEY----- \
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClFImg7N+5ziGtjrMDwN7froot \
gwrLUmbE9YFBtecnjchCRjAn1wqq69XiWynEv0q3/U91N5g0nJxeMuolSM8cwdQb \
T3KZFwQF6vreSzDNhfEYOsFVZknILLPiJpUYm5w3Gi34UeM60iHGH9EUnmQeVwKS \
G0WF2nK2SCU6EyfoJwIDAQAB \
-----END PUBLIC KEY-----';

var plain = "The quick brown fox jumps over the lazy dog";

var cipher = new JSEncrypt();
cipher.setPublicKey(pubkeypkcs8);

for (var j = 0; j < 10000; j++){
	var ciphertextHex = base64toHEX(cipher.encrypt(plain));
	var length = ciphertextHex.length / 2;
	if (length != 128){
		console.log('#' + j + ': - Length: ' + length + ' Byte\n' + ciphertextHex + '\n');
		break;
	}
}
console.log('Done\n');

// https://stackoverflow.com/a/39460727/9014097
function base64toHEX(base64) {
	var raw = atob(base64);
	var HEX = '';
	for ( i = 0; i < raw.length; i++ ) {
		var _hex = raw.charCodeAt(i).toString(16);
		HEX += (_hex.length==2?_hex:'0'+_hex);
	}
	return HEX.toUpperCase();
}

</script>
@LateAutumnWindow
Copy link

Hello!
The version i use 3.0.0-rc.1
This problem also appeared.
How did you solve it

@user163
Copy link
Author

user163 commented Mar 17, 2020
edited

As workaround the too short ciphertext can be padded manually to the length of the modulus with 0x00-values. Of course, it would be better if the bug would be fixed. Here the bug seems to be the problem as well.

@Denis-Evseev
Copy link

@user163 does it work for you?

@user163
Copy link
Author

user163 commented Mar 20, 2020

Yes, the fix works, even in your case. I have tested it successfully with your code using several examples. I just posted a comment and an update on SO.

@zhaoyifan1996
Copy link

3.3.2 not work too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Denis-Evseev @zhaoyifan1996 @LateAutumnWindow @user163