1. I came into contact with jQuery plug-in jCryption, version 3.1.0, when I was doing a secure login experiment. The key pair is stored in the server in pem file format. If the client requests the public key, the read public key file is returned to the client. The client sends the information to the server after encrypting with the public key, but the server has been making decryption errors (the class library used by node.js is node-rsa)
2. After careful examination, it was found that the ciphertext encrypted by the front end was inconsistent with the ciphertext obtained by the back end.
As shown in the figure:
This is the public key printed by the front end.
—–BEGIN PUBLIC KEY—–
Add xcdccjmtbyd7 uhwlqpm8lsc4aka 28y7 pcxws 6t78fxhhbb06 plus N7PlNhdWu8sPj
—–END PUBLIC KEY—–
This is front-end encrypted data.
This is the ciphertext obtained by the front end.
JlKIiz3cW2ethkQauow89QcRnKaac8 8 plus R4 DWDVYYAIQBBQLSZ 0BJV7 WTX69XVU/FZ8 P9YOLG 94LB 56NFQWX 0YX4E7AT plus 6YwHL1HxEAiM plus zqL plus U9 GZGZ04KMH/ZCDFHDTNQIXE2FWTpA6TFDK 5XGUM 7C7 RSNRVTOIIPRP plus 1qI=
The backend reads the public key from the pem file to encrypt the same data, and the obtained ciphertext is:
FZRzdEbMeaJruhJWYT1dxNZ plus ho 7qvxc/xgqqfgwzuqhkqyxpqsg/ddbti 52tztv21ah9 muqbdk7vvpfd/3n2zsccib0s0xgfpkn 8lyoj4lx9jiggyjltk34wxv7azpvsj1r9tcwyyitqqat6pw5 plus O6rpPlVsYQ2yY=
Use the private key as follows:
The ciphertext obtained is also different.
The ciphertext obtained by removing all the line breaks of the private key part in the above figure is still different.
What I want to ask is how does jCryption operate when the plug-in sets the string as a public key, and how can the ciphertext obtained by front-end and back-end encryption be consistent and can be encrypted and decrypted with each other?
Thank you very much.
Although we can’t help you this jCryption, we found a librsa from the internet at that time. the general comment is
Then return to JSEncrypt’s export.
This thing had no problem with PHP, Java and IOs connectors at that time. when it was used, the public key and the string to be encrypted were directly given, and these parameters did not need to be given to the module.