使用 RSA 在 JS 中加密消息并在 Python 中解密

Using RSA to encrypt a message in JS and decrypt in Python

我想使用 RSA 和 Javascript 中提供的 PEM public 密钥加密消息,使用 SubtleCrypto window.crypto.subtle,然后使用 Python (PyCryptodome) 对其进行解码在后端。但是,我得到了 ValueError: Incorrect decryption.。我不确定数据是否得到了正确处理。这是我的代码:

JavaScript:

var publicKey;
var pemPublicKey = `public.pem key with stripped header and footer and newlines (just the base64 data)`;

function base64ToArrayBuffer(b64) {
    var byteString = window.atob(b64);
    var byteArray = new Uint8Array(byteString.length);
    for (var i = 0; i < byteString.length; i++) { byteArray[i] = byteString.charCodeAt(i); }
    return byteArray;
}

function arrayBufferToBase64(buffer) {
    var binary = '';
    var bytes = new Uint8Array(buffer);
    var len = bytes.byteLength;
    for (var i = 0; i < len; i++) { binary += String.fromCharCode(bytes[i]); }
    return window.btoa(binary);
}

window.crypto.subtle.importKey(
    "spki",
    base64ToArrayBuffer(pemPublicKey),
    { name: "RSA-OAEP", hash: { name: "SHA-256" } },
    false,
    ["encrypt"])
    .then(function (key) {
        publicKey = key
    })

console.log(publicKey)

var enc = new TextEncoder()
var encmessage = enc.encode("test14")

var encryptedData;
window.crypto.subtle.encrypt({
    name: "RSA-OAEP"
}, publicKey, encmessage).then(function (encrypted) { encryptedData = encrypted })

var encodedData = arrayBufferToBase64(encryptedData);
console.log(encodedData)

上面的代码所做的是转换 public PEM 密钥,从中生成一个 CryptoKey 对象(使用 crypto.subtle.importKey),然后加密一个简单的消息“test14”。

Python 后端:

import base64
from Cryptodome.PublicKey import RSA
from Cryptodome.Cipher import AES, PKCS1_OAEP

with open('private.pem', 'r') as f: keypair = RSA.import_key(f.read())
decryptor = PKCS1_OAEP.new(keypair)
decrypted = decryptor.decrypt(base64.b64decode(encrypted))  # encrypted is the data that is returned by JavaScript code
print(decrypted)

直接来自 Crypto.Cipher.PKCS1_OAEP.new(key, hashAlgo=None, mgfunc=None, label='', randfunc=None) 的文档:

...

  • hashAlgo (hash object) - The hash function to use. This can be a module under Crypto.Hash or an existing hash object created from any of such modules. If not specified, Crypto.Hash.SHA1 is used.

...