function encrypt(data){ var options = { key: pri.key, padding: constants.RSA_PKCS1_PADDING } var source = new Buffer(_base64encode(data)); var encrypted = new Buffer(0); //分段加密 var maxSize = _get_MAX_ENCRYPT_BLOCK(); if(source.length > maxSize){ var count = Math.ceil(source.length * 1.0 / maxSize); for(var i=0; i<count; i++){ var bufferSize = maxSize; if(i+1 >= count){bufferSize = source.length - (i * maxSize)} var buffer = new Buffer(bufferSize); source.copy(buffer, 0, i * maxSize, (i + 1) * maxSize) var bufferEncrypted = crypto.publicEncrypt(options, buffer) encrypted = Buffer.concat([encrypted, bufferEncrypted]) } }else{ encrypted = crypto.publicEncrypt(options, source) } return encrypted.toString('base64'); }
function test_rsa(padding) { const size = (padding === 'RSA_NO_PADDING') ? 1024 / 8 : 32; const input = Buffer.allocUnsafe(size); for (let i = 0; i < input.length; i++) input[i] = (i * 7 + 11) & 0xff; const bufferToEncrypt = Buffer.from(input); padding = constants[padding]; const encryptedBuffer = crypto.publicEncrypt({ key: rsaPubPem, padding: padding }, bufferToEncrypt); let decryptedBuffer = crypto.privateDecrypt({ key: rsaKeyPem, padding: padding }, encryptedBuffer); assert.deepStrictEqual(decryptedBuffer, input); decryptedBuffer = crypto.privateDecrypt({ key: rsaPkcs8KeyPem, padding: padding }, encryptedBuffer); assert.deepStrictEqual(decryptedBuffer, input); }
// publicEncrypt and privateDecrypt only work with // small buffer that depends of the key size. function publicEncrypt_native(buffer, public_key) { assert(buffer instanceof Buffer, "Expecting a buffer"); return crypto.publicEncrypt({ key: public_key, padding: constants.RSA_PKCS1_PADDING }, buffer); }
// Tests that a key pair can be used for encryption / decryption. function testEncryptDecrypt(publicKey, privateKey) { const message = 'Hello Node.js world!'; const plaintext = Buffer.from(message, 'utf8'); const ciphertext = publicEncrypt(publicKey, plaintext); const received = privateDecrypt(privateKey, ciphertext); assert.strictEqual(received.toString('utf8'), message); }
var encryptStringWithRsaPublicKey = function (toEncrypt, relativeOrAbsolutePathToPublicKey) { var absolutePath = path.resolve(relativeOrAbsolutePathToPublicKey) var publicKey = fs.readFileSync(absolutePath, 'utf8') var buffer = new Buffer(toEncrypt) var encrypted = crypto.publicEncrypt(publicKey, buffer) return encrypted.toString('base64') }
exports.generateSessionKey = function() { var sessionKey = crypto.randomBytes(32); var cryptedSessionKey = crypto.publicEncrypt(publicKey, sessionKey); return { plain: sessionKey, encrypted: cryptedSessionKey }; };
t.test('node encrypt, we decrypt', function (t) { t.plan(1); var data = new Buffer('node encrypt, we decrypt'); var encrypted = crypto.publicEncrypt(pemKeys.public, data); rsa.decrypt(jwkKeys.private, encrypted).then(function (decrypt) { t.equals(decrypt.toString(), 'node encrypt, we decrypt'); }).catch(function (e) { t.error(e||'error'); }); });
exports.publicEncrypt = function(public_str, data) { if ('string' === typeof data) { // console.log('原来的数据为:'); // console.log(data); data = Buffer.from(data, 'utf8'); // console.log('现在的数据为:'); // console.log(data); } return crypto.publicEncrypt(public_str, data); };
//xx console.log("xxxxxxxxxxxx exports.RSA_PKCS1_PADDING",exports.RSA_PKCS1_PADDING,ursa.RSA_PKCS1_PADDING,constants.RSA_PKCS1_PADDING); //xx console.log("xxxxxxxxxxxx exports.RSA_PKCS1_OAEP_PADDING",exports.RSA_PKCS1_OAEP_PADDING,ursa.RSA_PKCS1_OAEP_PADDING,constants.RSA_PKCS1_OAEP_PADDING); // publicEncrypt and privateDecrypt only work with // small buffer that depends of the key size. function publicEncrypt_native(buffer, public_key, algorithm) { algorithm = algorithm || crypto_utils.RSA_PKCS1_PADDING; assert(algorithm === crypto_utils.RSA_PKCS1_PADDING || algorithm === crypto_utils.RSA_PKCS1_OAEP_PADDING); assert(buffer instanceof Buffer, "Expecting a buffer"); return crypto.publicEncrypt({ key: public_key, padding: algorithm }, buffer); }
encrypt: function (buffer, usePrivate) { if (usePrivate) { return jsEngine.encrypt(buffer, usePrivate); } var padding = constants.RSA_PKCS1_OAEP_PADDING; if (options.encryptionScheme === 'pkcs1') { padding = constants.RSA_PKCS1_PADDING; } return crypto.publicEncrypt({ key: options.rsaUtils.exportKey('public'), padding: padding }, buffer); },
socket.on('message', function (data) { var incomingMessage = JSON.parse(data.toString('utf8')); switch (incomingMessage.code) { case 100: //获取服务器公钥 RSAPubKey = new Buffer(incomingMessage.RSAPubKey, 'base64').toString('utf8'); //获取客户端ECDH的PublicKey var ECDHClientPublicKey = ecdh.getPublicKey(); //将客户端的ECDHClientPublicKey用RSA公钥加密 socket.send(JSON.stringify({ code: 101, PublicKey: crypto.publicEncrypt(RSAPubKey, ECDHClientPublicKey).toString('base64'), timestamp: new Date().getTime() })); console.log(colors.green("Sended ECDHClientPublicKey: ") + ECDHClientPublicKey.toString('base64')); break; case 101: //解密服务器ECDH的PublicKey var ECDHServerPublicKey = crypto.publicDecrypt(RSAPubKey, new Buffer(incomingMessage.PublicKey, 'base64')).toString("base64"); console.log(colors.green('Recive a ECDHServerPublicKey from server: ') + ECDHServerPublicKey); DESKEY = ecdh.computeSecret(ECDHServerPublicKey, 'base64', 'base64'); //获取DESKEY console.log(colors.green('Generator DESKEY: ') + DESKEY); socket.send(DESCrypto.Cipher({ code: 10, msg: "hello server", DESKEY: DESKEY }, DESKEY)); break; case 102: var MessageDecipher = DESCrypto.Decipher(incomingMessage.data, DESKEY); var hash = MessageDecipher[1].hash; var data = MessageDecipher[0]; if (crypto.createHash('sha512').update(JSON.stringify(data)).digest('base64') == hash) { console.log(colors.green("Verify hash success.")); if (data.DESKEY == DESKEY) { console.log(colors.green("Verify DESKEY success.")); switch (data.code) { case 10: console.log(colors.green("MSG from server: ") + data.msg); // socket.send(MessageCipherfun({ code: 10, msg: "hello server", DESKEY: DESKEY })); break; } } else { console.log(colors.green("Verify DESKEY success.")); } } else { console.log(colors.green("Verify hash success.")); } break; } });
ClientHandshakeHandler.prototype.send_keyExchange = function() { log.info( 'Constructing key exchange' ); var publicKey = Certificate.getPublicKeyPem( this.certificate ); var exchangeKeys = crypto.publicEncrypt({ key: publicKey, padding: constants.RSA_PKCS1_PADDING }, this.newParameters.preMasterKey ); var keyExchange = new DtlsClientKeyExchange_rsa({ exchangeKeys: exchangeKeys }); var keyExchangeHandshake = this.handshakeBuilder.createHandshakes( keyExchange ).getBuffer(); this.newParameters.digestHandshake( keyExchangeHandshake ); this.newParameters.preMasterKey = null; var changeCipherSpec = new DtlsChangeCipherSpec({ value: 1 }); var prf_func = prf( this.version ); var verifyData = prf_func( this.newParameters.masterKey, "client finished", this.newParameters.getHandshakeDigest(), 12 ); var finished = new DtlsFinished({ verifyData: verifyData }); var finishedHandshake = this.handshakeBuilder.createHandshakes( finished ).getBuffer(); this.newParameters.digestHandshake( finishedHandshake ); var keyExchangeFragments = this.handshakeBuilder.fragmentHandshakes( keyExchangeHandshake ); var finishedFragments = this.handshakeBuilder.fragmentHandshakes( finishedHandshake ); var outgoingFragments = keyExchangeFragments; outgoingFragments.push( changeCipherSpec ); outgoingFragments = outgoingFragments.concat( finishedFragments ); this.setResponse( outgoingFragments ); };
module.exports = function(login, password) { var data = Buffer.from(login + '\u0000' + password); var publicKey = Buffer.from(GOOGLE_DEFAULT_PUBLIC_KEY, 'base64'); var hash = crypto.createHash('sha1'); var rsaPem = decompose(publicKey); var sha1 = hash.update(publicKey); var digest = sha1.digest(); var signature = Buffer.concat([ Buffer.from('\x00'), digest.slice(0, 4) ]); var encrypted = crypto.publicEncrypt(rsaPem, data); var res = Buffer.concat([ signature, encrypted ]); return base64EncodeUrlSafe(res); }
encrypt: function (buffer, usePrivate) { if (usePrivate) { return jsEngine.encrypt(buffer, usePrivate); } var padding = constants.RSA_PKCS1_OAEP_PADDING; if (options.encryptionScheme === 'pkcs1') { padding = constants.RSA_PKCS1_PADDING; } if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { padding = options.encryptionSchemeOptions.padding; } var data = buffer; if (padding === constants.RSA_NO_PADDING) { data = pkcs1Scheme.pkcs0pad(buffer); } return crypto.publicEncrypt({ key: options.rsaUtils.exportKey('public'), padding: padding }, data); },
/* * Encrypt the username/password for use in `EncryptedPasswd`. * refs: * - https://github.com/yeriomin/play-store-api/blob/master/src/main/java/com/github/yeriomin/playstoreapi/PasswordEncrypter.java * - https://github.com/subtletech/google_play_store_password_encrypter/blob/master/google_play_store_password_encrypter.rb * * We first convert the public key to RSA PEM format which is used * throughout node's standard library. * * The result is something like the below * ----------------------------------------------------------------------------- * |00|4 bytes of sha1(publicKey)|rsaEncrypt(publicKeyPem, "login\x00password")| * ----------------------------------------------------------------------------- * The result is then base64 URL-safe encoded and can be used as the * `EncryptedPasswd` * @param {String} login - Google username. * @param {String} password - Google password. * @return {String} `EncryptedPasswd` value. */ function encryptLoginSync (login, password) { const data = Buffer.from(login + '\u0000' + password); const publicKey = Buffer.from(GOOGLE_DEFAULT_PUBLIC_KEY, 'base64'); const hash = crypto.createHash('sha1'); const rsaPem = decompose(publicKey); const sha1 = hash.update(publicKey); const digest = sha1.digest(); const signature = Buffer.concat([ Buffer.from('\x00'), digest.slice(0, 4) ]); const encrypted = crypto.publicEncrypt(rsaPem, data); const res = Buffer.concat([ signature, encrypted ]); return base64EncodeUrlSafe(res); }
assert.throws(() => { crypto.publicEncrypt({ key: rsaKeyPemEncrypted, passphrase: 'wrong' }, encryptedBuffer); }, decryptError);
const rsaKeyPemEncrypted = fs.readFileSync( `${fixtDir}/test_rsa_privkey_encrypted.pem`, 'ascii'); const dsaPubPem = fs.readFileSync(`${fixtDir}/test_dsa_pubkey.pem`, 'ascii'); const dsaKeyPem = fs.readFileSync(`${fixtDir}/test_dsa_privkey.pem`, 'ascii'); const dsaKeyPemEncrypted = fs.readFileSync( `${fixtDir}/test_dsa_privkey_encrypted.pem`, 'ascii'); const decryptError = /^Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt$/; // Test RSA encryption/decryption { const input = 'I AM THE WALRUS'; const bufferToEncrypt = Buffer.from(input); let encryptedBuffer = crypto.publicEncrypt(rsaPubPem, bufferToEncrypt); let decryptedBuffer = crypto.privateDecrypt(rsaKeyPem, encryptedBuffer); assert.strictEqual(decryptedBuffer.toString(), input); let decryptedBufferWithPassword = crypto.privateDecrypt({ key: rsaKeyPemEncrypted, passphrase: 'password' }, encryptedBuffer); assert.strictEqual(decryptedBufferWithPassword.toString(), input); encryptedBuffer = crypto.publicEncrypt({ key: rsaKeyPemEncrypted, passphrase: 'password' }, bufferToEncrypt);
iterateObj(customerData, function (value, key) { return isEncrypted(value, key) ? crypto.publicEncrypt(publicKey, new Buffer(value, 'utf-8')).toString('base64') : value; });
const publicDER = publicKey.export({ format: 'der', type: 'pkcs1' }); const privateDER = privateKey.export({ format: 'der', type: 'pkcs1' }); assert(Buffer.isBuffer(publicDER)); assert(Buffer.isBuffer(privateDER)); const plaintext = Buffer.from('Hello world', 'utf8'); const ciphertexts = [ publicEncrypt(publicKey, plaintext), publicEncrypt({ key: publicKey }, plaintext), // Test distinguishing PKCS#1 public and private keys based on the // DER-encoded data only. publicEncrypt({ format: 'der', type: 'pkcs1', key: publicDER }, plaintext), publicEncrypt({ format: 'der', type: 'pkcs1', key: privateDER }, plaintext) ]; const decryptionKeys = [ privateKey, { format: 'pem', key: privatePem }, { format: 'der', type: 'pkcs1', key: privateDER } ]; for (const ciphertext of ciphertexts) { for (const key of decryptionKeys) {
Crypt.prototype.encrypt = function (data, iv, f) { "use strict"; var key, ekey, iv64, cipher, jdata, edata = []; try { if (!f) { f = iv; iv = null; } if (this.key.is_public) { key = crypto.randomBytes(Crypt._AES_128_KEY_SIZE); ekey = crypto.publicEncrypt( { key: this.key.key, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING }, key); if (this.encoding) { ekey = ekey.toString(this.encoding); } } else if (!this.key.is_private) { key = this.key.key || this.key; } else { throw new Error("can't encrypt using private key"); } iv = iv || crypto.randomBytes(Crypt._AES_BLOCK_SIZE); if (typeof iv === 'string') { iv = new Buffer(iv, 'binary'); } iv64 = this.encoding ? iv.toString(this.encoding) : iv; cipher = crypto.createCipheriv('AES-128-CBC', key, iv); cipher.setAutoPadding(this.options.pad); jdata = this.stringify(data); if (this.options.check) { edata.push(cipher.update(crypto.createHash('sha256') .update(jdata, 'binary') .digest(), undefined, this.encoding)); } edata.push(cipher.update(jdata, 'binary', this.encoding)); edata.push(cipher.final(this.encoding)); if (this.encoding) { edata = edata.join(''); } else { edata = Buffer.concat(edata); } } catch (ex) { return f.call(this, Crypt._ensure_error(ex)); } f.call(this, null, { iv: iv64, data: edata, ekey: ekey, version: Crypt.get_version() }); };
var crypto = require('crypto') var fs = require('fs') var alice_private = fs.readFileSync('./keys/pkey.pem') var alice_public = fs.readFileSync('./keys/public.pem') var message = Buffer('This needs to stay secret.') var encrypted_message = crypto.publicEncrypt(alice_public, message) var decrypted_message = crypto.privateDecrypt(alice_private, encrypted_message) console.log(message.toString(), decrypted_message.toString())
var crypto = require('crypto'); var buffer = require('buffer'); var dh = crypto.createDiffieHellman(1024); var publicKey = dh.generateKeys('hex'); var privateKey = dh.getPrivateKey('hex'); // var fs = require('fs'); // var privateKey = fs.readFileSync('./key.pem'); // var publicKey = fs.readFileSync('./cert.pem'); var data = 'Hello World'; var buffer = new Buffer(data, 'utf8'); // 공개키로 암호화 var encrypted = crypto.publicEncrypt(publicKey, buffer); // console.log(encrypted.toString('hex')); // 개인키로 복호화 var decrypted = crypto.privateDecrypt(privateKey, encrypted); console.log('decrypted : ', decrypted.toString());