Rockstaa8055 Comments - Answer Overflow

Rockstaa8055

•Created by Rockstaa8055 on 4/25/2024 in #questions

RSA_PKCS1_PADDING is no longer supported for private decryption

UPDATE: Found a workaround by using NodeRSA and setting the environment to browser (It will use the node crypto library with the CVE by default)

import NodeRSA from "node-rsa";

const privateKeyString = Buffer.from(
  process.env.PRIVATE_KEY ?? "",
  "base64",
).toString("utf8");

const privateKey = new NodeRSA(privateKeyString);
privateKey.setOptions({ encryptionScheme: "pkcs1", environment: "browser" });

const decryptedRequestData = privateKey
  .decrypt(encryptedBody)
  .toString("utf8");

console.log("decryptedRequestData", decryptedRequestData);

import NodeRSA from "node-rsa";

const privateKeyString = Buffer.from(
  process.env.PRIVATE_KEY ?? "",
  "base64",
).toString("utf8");

const privateKey = new NodeRSA(privateKeyString);
privateKey.setOptions({ encryptionScheme: "pkcs1", environment: "browser" });

const decryptedRequestData = privateKey
  .decrypt(encryptedBody)
  .toString("utf8");

console.log("decryptedRequestData", decryptedRequestData);

4 replies

TTCTheo's Typesafe Cult

•Created by Rockstaa8055 on 4/25/2024 in #questions

RSA_PKCS1_PADDING is no longer supported for private decryption

Steps to Reproduce Create an endpoint on next.js and deploy it to vercel

// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import crypto from "crypto";

type Response = {
  status: number;
  message?: string;
};

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse<Response>,
) {
  const encryptedBody = req.body["encryptedBody"];

  const privateKeyString = Buffer.from(
    process.env.PRIVATE_KEY ?? "",
    "base64",
  ).toString("utf8");

  const privateKey = crypto.createPrivateKey({
    key: privateKeyString,
    format: "pem",
  });

  const decryptedRequestData = crypto
    .privateDecrypt(
      {
        key: privateKey,
        padding: crypto.constants.RSA_PKCS1_PADDING,
      },
      Buffer.from(encryptedBody, "base64"),
    )
    .toString("utf8");

  console.log("decryptedRequestData", decryptedRequestData);

  return res.status(200).json({
    status: 200,
    message: "Success",
  });
}

// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import crypto from "crypto";

type Response = {
  status: number;
  message?: string;
};

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse<Response>,
) {
  const encryptedBody = req.body["encryptedBody"];

  const privateKeyString = Buffer.from(
    process.env.PRIVATE_KEY ?? "",
    "base64",
  ).toString("utf8");

  const privateKey = crypto.createPrivateKey({
    key: privateKeyString,
    format: "pem",
  });

  const decryptedRequestData = crypto
    .privateDecrypt(
      {
        key: privateKey,
        padding: crypto.constants.RSA_PKCS1_PADDING,
      },
      Buffer.from(encryptedBody, "base64"),
    )
    .toString("utf8");

  console.log("decryptedRequestData", decryptedRequestData);

  return res.status(200).json({
    status: 200,
    message: "Success",
  });
}

4 replies

TTCTheo's Typesafe Cult

•Created by arete on 5/12/2023 in #questions

is there a way to change/refresh token when data in db changes such as role?

Yup

6 replies

TTCTheo's Typesafe Cult

•Created by arete on 5/12/2023 in #questions

is there a way to change/refresh token when data in db changes such as role?

Unfortunately that's not possible with JWTs. They are stateless, which means once created there is no way to revoke or modify their content.

6 replies

Gaming

Programming