Java 的 RSA/ECB/OAEPWithSHA-256AndMGF1Padding 在 Node.js 中的等价物

Question

The data decryption will run in JAVA using RSA/ECB/OAEPWithSHA-256AndMGF1Padding algorithm. So I have to encrypt the data with public key using the algorithm equivalent to RSA/ECB/OAEPWithSHA-256AndMGF1Padding in node.js .

I tried with crypto.publicEncrypt(key, buffer) which uses crypto.constants.RSA_PKCS1_OAEP_PADDING which is not similar to the above algorithm. So I need algorithm equivalent to "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" or how to achieve the same in node.js

Answer 1

I finally found the answer. Equivalent to "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" can be achieved via node-forge npm module. https://www.npmjs.com/package/node-forge#rsa

    // encrypt data with a public key using RSAES-OAEP/SHA-256/MGF1-SHA-1
// compatible with Java's RSA/ECB/OAEPWithSHA-256AndMGF1Padding
var encrypted = publicKey.encrypt(bytes, 'RSA-OAEP', {
  md: forge.md.sha256.create(),
  mgf1: {
    md: forge.md.sha256.create()
  }
});

Thank you

Answer 2

Firstly, you shouldn't use "ECB" mode cipher, because:

1. ECB is a block cipher mode, RSA isn't an algorithm based on that mode of operation.
2. If you use an algorithm based on that mode of operation (for example AES), you shouldn't use ECB, because it doesn't have IV (Initialization Vector), so it's insecure and a crypto analyzer could break the cipher. You could use CBC, it has IV, or GCM, if you want to share sensitive information to external systems and prevent Oracle Padding. I recommend you visit the following link:

MSC61-J. Do not use insecure or weak cryptographic algorithms

So, in this case, you just need to use OAEP for RSA encryption, because it's a padding scheme and it helpts to prevent Oracle Padding for asymetric algorithms, then change your code for: RSA/None/OAEPWithSHA-256AndMGF1Padding . Maybe, you could get compatibility with Node.js. Also, I recommend you visit the official web site:

JCA Reference Guide

I hope this information helps you.

Good luck.