I am developing a session encryption scheme, but when I try to decrypt the session key using the private key, I receive an OperationError.
// This method generates the keys
static async generateKeysForUser(): Promise<{ publicKey: string, privateKey: string }> {
const keyPair = await window.crypto.subtle.generateKey(
{
name: "RSA-OAEP",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]), // 65537
hash: "SHA-1",
},
true,
["encrypt", "decrypt"]
);
const publicKey = await window.crypto.subtle.exportKey("jwk", keyPair.publicKey);
const privateKey = await window.crypto.subtle.exportKey("jwk", keyPair.privateKey);
const publicKeyStr = JSON.stringify(publicKey);
const privateKeyStr = JSON.stringify(privateKey);
await this.storeKeys(privateKeyStr, publicKeyStr);
return publicKey;
}
// This method encrypts the session on the backend
public static function generateSessionKey($length = 32)
{
return bin2hex(random_bytes($length)); // 32 bytes = 256 bits
}
public static function jsonToPem($publicKeyJson)
{
$jwkObject = new JWK($publicKeyJson);
$rsaKey = RSAKey::createFromJWK($jwkObject);
return $rsaKey->toPEM();
}
public static function encryptSessionKey($sessionKey, $publicKeyJson): string
{
$publicKeyPem = self::jsonToPem($publicKeyJson);
$publicKey = openssl_pkey_get_public($publicKeyPem);
openssl_public_encrypt($sessionKey, $encryptedSessionKey, $publicKey);
return base64_encode($encryptedSessionKey);
}
// This method decrypts the session key on the front end
private static async importKey(jwk: JsonWebKey, keyType: 'private' | 'public'): Promise<CryptoKey> {
console.log(jwk);
let operation = keyType == 'private' ? 'decrypt' : 'encrypt';
console.log(keyType, operation);
let result = await window.crypto.subtle.importKey(
"jwk",
jwk,
{
name: "RSA-OAEP",
hash: "SHA-1"
},
true,
[operation]
);
console.log(result);
return result;
}
static async decryptSessionKey(encryptedSessionKeyBase64: string, jwk: JsonWebKey): Promise<ArrayBuffer | null> {
try {
let privateKey = await this.importKey(jwk, "private");
const encryptedSessionKey = Uint8Array.from(atob(encryptedSessionKeyBase64), c => c.charCodeAt(0));
console.log('Encrypted Session Key (Uint8Array):', encryptedSessionKey);
console.log('Private Key:', privateKey);
const result = await window.crypto.subtle.decrypt(
{
name: "RSA-OAEP"
},
privateKey,
encryptedSessionKey
);
console.log('Decrypted Result (ArrayBuffer):', result);
return result;
} catch (e) {
console.error('Decryption failed:', e);
return null;
}
}
I have already tried checking if the keys match on both the backend and frontend, to ensure that the correct key was being sent, and I also tried changing the key generation cryptography from SHA-256 to SHA-1.
I Found Problem is in PADDING
public static function encryptSessionKey($sessionKey, $publicKeyJson): string
{
$publicKeyPem = self::jsonToPem($publicKeyJson);
$publicKey = openssl_pkey_get_public($publicKeyPem);
openssl_public_encrypt($sessionKey, $encryptedSessionKey, $publicKey,OPENSSL_PKCS1_OAEP_PADDING );
return base64_encode($encryptedSessionKey);
}
I found the issue; I was using the wrong padding for encryption. I switched to OPENSSL_PKCS1_OAEP_PADDING and it worked.