是否可以在NodeJS中生成密钥对，使用公共密钥在PHP中加密数据以及在NodeJS中解密？

Question

Requirements:

Essentially I have a series of devices (running NodeJS ) that need to maintain their own unique private and public keys. They communicate with a centralized server in PHP by pulling content.

When a new device starts up, I would like it to generate a private and public key and send only the public key to the PHP server to be stored.

When a device runs a GET request on the PHP server, the server should use the public key it was provided to encrypt the data.

When the device receives this response, it should be able to use the private key to decrypt this data.

Currently:

I am currently generating a private and public key pair using keypair . I send the public key to the PHP server to be stored and associated with the unique device.

I encrypt the data on the PHP server using EasyRSA :

$message = "Decrypt me if you can";
$publicKey = new PublicKey($storedPublicKey);
$encrypted = EasyRSA::encrypt($message, $publicKey);
return $encrypted;

With this encrypted string being returned to the NodeJS app, I then try to decrypt it using NodeRSA (where response is the string response from the PHP server):

const key = new NodeRSA(storedPrivateKey)
const result = key.decrypt(response)

However it errors out with:

Error during decryption (probably incorrect key).

I believe I am missing something fundamental here, but am unsure on what that may be. Any thoughts?

Answer 1

EasyRSA and NodeRSA aren't compatible.

EasyRSA is a wrapper for the PHP Secure Communications Library ( phpseclib ). It's not a pure RSA encryption, but a hybrid encryption : RSA is used for asymmetric encryption and defuse/php-encryption for symmetric encryption. EasyRSA is described in more detail here , defuse/php-encryption uses AES-256-CTR in its core and is described here . The message to the recipient contains among other things the secret encrypted with the public RSA key and the plaintext encrypted with the symmetric key, where each component is Base64-encoded and all components are concatenated, separated by a $ . Details can be found in the encrypt -method of the EasyRSA -class. An example is:

EzR2$D6rpL1QleeNLWhqj27VZf/nyyau6i0AIWyGR0G/2Z8tLDp5VbrcIrg9hROG6MMSH1+SLHKyU45+P+V2LAgm7pSnsi3rxVmHnfCXVYIuZDvzpov520tFa5IWHtvFDKCKzckDcJmI3g50RGShDXuYGCPpDy1XpSoP3dGMfkf9Dsj+Y6YLrFwEACoS16azfQ9iiWr7yK2xx66OHAzZqIDyxNRJS3jJUVrcykSkpx4fSgplaKf36yRGoApNXR6/m8CyBpHw3GWe3GMLZi33nmW0DOGTK/eJZJII7Xx7k6nThU1t4thKyvNLIp2JYaUMmYmvwD3R7D3X++twDhTp77hEMfAe0eaVC6P2mAa8I2zIpqlqnqHslXUpqwUxgwaULJSlQiaBex2U1e75onaHu9UDLjV/VK7jgiYgdwq5psHEC4Ig+Xj183mMS8+hWGLHUiLaC+/zcliZaNKYuBihZg9kn7fAwlmgUZT671+bvHONYaDgQg9ULd5QBYlalVIU3BZZPKgvYjk+aLgljv+sExhUmvudWe0FQQGbgLncC8rx7xJzRHMq4qpKgKYtp49b5Gk0OrRYfukQsY9fIc/4m7y67oPBYhJCOSqR0P5YFA9W7wx2C4gpZaYYq0LOAbcNXtfn4QZ8gpxhytQQ0c/Scus0jN8UyOgx8FWF1zlXc7Cu4UAk=$3vUCABOzsE0AWMMPy+EWtmAQheAq5oYVfOF7TapT1LoFn72UHbYNjpD2LgG7w6ZCQjRtLFzFZc17Ntme/LvWK97cV1+mOIpk+j6V6WHZRbwb36iBTGhACZUFTMPiSLPfTXJRu+tQkwi8$2f933da952b7c683

Such a message can't be decrypted directly by NodeRSA because NodeRSA expects a pure RSA message. In principle the decryption is possible, but would have to be done manually on the NodeJS side with probably relatively high effort (the main tasks would essentially include the RSA decryption of the secret, the derivation of the symmetric key from that secret, and finally the AES decryption). Since NodeRSA only covers the RSA part, the remaining parts require additional libraries or custom code on the NodeJS side.

Note that the EasyRSA page, section Important warns of a possibly insufficient security.