RSA/ECB/PKCS1Padding (Asymmetric)Encryption and Decryption in JavaScript
In this article, we will discuss RSA/ECB/PKCS1Padding cryptography encryption and decryption in javascript. We will be generating keys pairs( public and private keys) using OpenSSL and use these keys for asymmetric encryption and decryption
Even you have another option to generate keys online.
Data encryption/decryption is one of the main security method commonly used in payment gateways
It gets encrypted by using the payment gateway’s public key and can only be decrypted by the payment gateway’s private key.
Create a Self-Signed TLS Certificate?
Self-signed TLS certificates are suitable for personal use or for applications that are used internally within an organization.
- Go to the
rootuser and change to the directory in which you want to create the certificate and key pair. That location will vary depending on your needs. Here we’ll use/root/Desktop/certificates
sudo - s
cd Desktop
mkdir certificates
cd certificates2. Create the certificate command:
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key- You will be prompted to add identifying information about your website or organization to the certificate. Since a self-signed certificate won’t be used publicly, this information isn’t necessary. If this certificate will be passed on to a certificate authority for signing, the information needs to be as accurate as possible.
- The following is a breakdown of the OpenSSL options used in this command.
-newkey rsa:4096: RSA key size, whereRSA 2048is the default. This depends on your needs.-x509: Represents a self-signed certificate.-sha256: Secure Hash Algorithm → 265-bit SHA.-days: Determines the length of time in days that the certificate is being issued for. For a self-signed certificate, this value can be increased as necessary, Ex.-days 365→one year-nodes: Create a certificate that does not require a passphrase. If this option is excluded, you will be required to enter the passphrase in the console each time the application using it is restarted.
Here is a screenshot of the output:
- You can restrict the key’s permissions so that only
rootcan access it:
chmod 400 /root/Desktop/certificates/MyKey.keyNow see on Desktop, A folder created named certificates which contains two files MyCertificate.crt and MyKey.key. Anyway, these are the key pairs 🙂.
Okay, cool..!! 👍. Now we have to use the above keys pairs for encryption and decryption.
Note : Please Store your certificate and key to external storage for backup.
RSA/ECB/PKCS1Padding Encryption and Decryption
- Open a terminal and install the following modules.
npm install crypto fs
In the above code, message → a JSON object which contains your request parameters, ex. message = {“amount” : “5.00”, “date”: new Date()}
So now you have a public key(MyCertificate.crt)🔒 for encryption and private key (MyKey.key) 🔐 for decryption.
Note : The public key can be provided by payment gateway. Also You may asked to share certificate file (not the .key file) with them which you have been generated. Then they might be sent you the encrypted message and you have to decrypt the encrypted message by using your .key file(private key)
The public key may have in multiple format like .pem, .cer or .crt etc.
# Encryption Process
1. Convert message in string format than in the stream of binary data
2. Now encrypt the binary data in RSA/ECB/PKCS1Padding format
3. So you have the encrypted message 🔐 .
# Decryption Process
1. Convert encrypted message in string format than in the stream of binary data
2. Now decrypt the binary data in RSA/ECB/PKCS1Padding format
3. So you have the decrypted message. 👏
I think no more explanation is required in the above code🙂.
Hey, I hope this article helped you a lot. Enjoy 🙂.
Please let me know in the comments if you have any queries.
For more post like this follow https://medium.com/rtkal
Thank You.
