Web Crypto API：如何使用导入的RSA公钥加密数据并在Ruby中解密数据

如何解决Web Crypto API：如何使用导入的RSA公钥加密数据并在Ruby中解密数据

我需要在浏览器端加密数据，并使用RSA在Rails应用程序中对其进行解密。

当前，我在JS端使用JSEncrypt库，但我想用内置的Web Crypto API替换它。

我需要使用现有的RSA公共密钥进行加密，该公共密钥是由ruby OpenSSL标准库生成的，用于向后兼容已加密和保存的库。

我设法将RSA pubkey作为JWK或SPKI导入到JS并加密数据，但是Ruby方面未能对其解密。

JWK导入和加密：

  let pubKey = await crypto.subtle.importKey(
    "jwk",{
      kid: "1",kty: "RSA",use: "enc",key_ops: ["encrypt"],alg: "RSA-OAEP-256",e: pubKeyE,n: pubKeyN
    },{
      name: "RSA-OAEP",modulusLength: 2048,publicExponent: new Uint8Array([1,1]),hash: { name: "SHA-256" }
    },false,["encrypt"]
  );
  console.log("pubKey imported");

  let encryptedBuf = await crypto.subtle.encrypt(
    {
      name: "RSA-OAEP"
    },pubKey,stringToArrayBuffer(content)
  );
  let encrypted = arrayBufferToString(encryptedBuf);

SPKI导入和加密：

  let pubKey = await crypto.subtle.importKey(
    "spki",stringToArrayBuffer(atob(pubKeyBase64)),stringToArrayBuffer(content)
  );
  let encrypted = arrayBufferToString(encryptedBuf);

Ruby公钥生成和解密：

rsa = OpenSSL::PKey::RSA.new(pem_private_key)
js_encrypted = Base64.decode64(js_encrypted_base64)
js_decrypted = rsa.private_decrypt(js_encrypted,OpenSSL::PKey::RSA::NO_PADDING)

在此处查看完整的可复制示例：

https://repl.it/@senid231/Web-Crypto-API-encrypt-with-imported-rsa-pubkey-as-JWK#script.js

https://repl.it/@senid231/Web-Crypto-API-encrypt-with-imported-rsa-pubkey-as-SPKI#script.js

https://repl.it/@senid231/Ruby-RSA-decrypt-data-encrypted-by-JS#main.rb

解决方法

let pubKey = await crypto.subtle.importKey(
    "spki",stringToArrayBuffer(atob(pubKeyBase64)),{
      name: "RSA-OAEP",modulusLength: 2048,publicExponent: new Uint8Array([1,1]),hash: { name: "SHA-256" }
    },false,["encrypt"]
  );
  console.log("pubKey imported");

  let encryptedBuf = await crypto.subtle.encrypt(
    {
      name: "RSA-OAEP"
    },pubKey,stringToArrayBuffer(content)
  );
  let encrypted = arrayBufferToString(encryptedBuf);

$ gem install openssl-oaep

require "openssl"
require "openssl/oaep"
require "base64"

rsa = OpenSSL::PKey::RSA.new(pem_private_key)
js_encrypted = Base64.decode64(js_encrypted_base64)
js_decrypted = rsa.private_decrypt_oaep(js_encrypted,'',OpenSSL::Digest::SHA256)

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。