Encrypts `buffer` with `public_key`. Only RSA is currently supported.
+`public_key` can be an object or a string. If `public_key` is a string, it is
+treated as the key with no passphrase and will use `RSA_PKCS1_OAEP_PADDING`.
+
+`public_key`:
+
+* `key` : A string holding the PEM encoded private key
+* `padding` : An optional padding value, one of the following:
+ * `constants.RSA_NO_PADDING`
+ * `constants.RSA_PKCS1_PADDING`
+ * `constants.RSA_PKCS1_OAEP_PADDING`
+
+NOTE: All paddings are defined in `constants` module.
+
## crypto.privateDecrypt(private_key, buffer)
Decrypts `buffer` with `private_key`.
`private_key` can be an object or a string. If `private_key` is a string, it is
-treated as the key with no passphrase.
+treated as the key with no passphrase and will use `RSA_PKCS1_OAEP_PADDING`.
`private_key`:
* `key` : A string holding the PEM encoded private key
-* `passphrase` : A string of passphrase for the private key
+* `passphrase` : An optional string of passphrase for the private key
+* `padding` : An optional padding value, one of the following:
+ * `constants.RSA_NO_PADDING`
+ * `constants.RSA_PKCS1_PADDING`
+ * `constants.RSA_PKCS1_OAEP_PADDING`
+
+NOTE: All paddings are defined in `constants` module.
## crypto.DEFAULT_ENCODING
return this._handle.verify(toBuf(object), toBuf(signature, sigEncoding));
};
-exports.publicEncrypt = function(object, buffer) {
- return binding.publicEncrypt(toBuf(object), buffer);
+exports.publicEncrypt = function(options, buffer) {
+ var key = options.key || options;
+ var padding = options.padding || constants.RSA_PKCS1_OAEP_PADDING;
+ return binding.publicEncrypt(toBuf(key), buffer, padding);
};
exports.privateDecrypt = function(options, buffer) {
var key = options.key || options;
var passphrase = options.passphrase || null;
- return binding.privateDecrypt(toBuf(key), buffer, passphrase);
+ var padding = options.padding || constants.RSA_PKCS1_OAEP_PADDING;
+ return binding.privateDecrypt(toBuf(key), buffer, padding, passphrase);
};
#define NPN_ENABLED 1
NODE_DEFINE_CONSTANT(target, NPN_ENABLED);
#endif
+
+#ifdef RSA_PKCS1_PADDING
+ NODE_DEFINE_CONSTANT(target, RSA_PKCS1_PADDING);
+#endif
+
+#ifdef RSA_SSLV23_PADDING
+ NODE_DEFINE_CONSTANT(target, RSA_SSLV23_PADDING);
+#endif
+
+#ifdef RSA_NO_PADDING
+ NODE_DEFINE_CONSTANT(target, RSA_NO_PADDING);
+#endif
+
+#ifdef RSA_PKCS1_OAEP_PADDING
+ NODE_DEFINE_CONSTANT(target, RSA_PKCS1_OAEP_PADDING);
+#endif
+
+#ifdef RSA_X931_PADDING
+ NODE_DEFINE_CONSTANT(target, RSA_X931_PADDING);
+#endif
+
+#ifdef RSA_PKCS1_PSS_PADDING
+ NODE_DEFINE_CONSTANT(target, RSA_PKCS1_PSS_PADDING);
+#endif
}
void DefineSystemConstants(Handle<Object> target) {
bool PublicKeyCipher::Cipher(const char* key_pem,
int key_pem_len,
const char* passphrase,
+ int padding,
const unsigned char* data,
int len,
unsigned char** out,
goto exit;
if (EVP_PKEY_cipher_init(ctx) <= 0)
goto exit;
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+ if (EVP_PKEY_CTX_set_rsa_padding(ctx, padding) <= 0)
goto exit;
+
if (EVP_PKEY_cipher(ctx, NULL, out_len, data, len) <= 0)
goto exit;
char* buf = Buffer::Data(args[1]);
ssize_t len = Buffer::Length(args[1]);
- String::Utf8Value passphrase(args[2]);
+ int padding = args[2]->Uint32Value();
+
+ String::Utf8Value passphrase(args[3]);
unsigned char* out_value = NULL;
size_t out_len = -1;
kbuf,
klen,
args.Length() >= 3 && !args[2]->IsNull() ? *passphrase : NULL,
+ padding,
reinterpret_cast<const unsigned char*>(buf),
len,
&out_value,
static bool Cipher(const char* key_pem,
int key_pem_len,
const char* passphrase,
+ int padding,
const unsigned char* data,
int len,
unsigned char** out,
});
})();
+function test_rsa(padding) {
+ var input = new Buffer(padding === 'RSA_NO_PADDING' ? 1024 / 8 : 32);
+ for (var i = 0; i < input.length; i++)
+ input[i] = (i * 7 + 11) & 0xff;
+ var bufferToEncrypt = new Buffer(input);
+
+ padding = constants[padding];
+
+ var encryptedBuffer = crypto.publicEncrypt({
+ key: rsaPubPem,
+ padding: padding
+ }, bufferToEncrypt);
+
+ var decryptedBuffer = crypto.privateDecrypt({
+ key: rsaKeyPem,
+ padding: padding
+ }, encryptedBuffer);
+ assert.equal(input, decryptedBuffer.toString());
+}
+
+test_rsa('RSA_NO_PADDING');
+test_rsa('RSA_PKCS1_PADDING');
+test_rsa('RSA_PKCS1_OAEP_PADDING');
+
// Test RSA key signing/verification
var rsaSign = crypto.createSign('RSA-SHA1');
var rsaVerify = crypto.createVerify('RSA-SHA1');