First of all, I’m completely new to cryptography and I just have basic knowledge about some encryption algorithms and how they work such as RSA, DES and so on.
I want to use SubtleCrypto in JS to do some stuff including signing, verifying, encrypting, decrypting using RSA.
I’m just unable to produce a key pair for doing all of them; for example, below code works fine for generating a key pair to do signing/verifying:
let keyPair = window.crypto.subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 4096,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-512"
},
true,
['sign', 'verify']
);
keyPair.then((value)=>{
console.log("worked properly.");
})
.catch((error)=>{console.log("Error:", error)})But when I use above code to generate a key pair for encrypting/decrypting I’ll get a DOMException(in browser) or SyntaxError(in snippet):
let keyPair = window.crypto.subtle.generateKey(
{
name: "RSASSA-PKCS1-v1_5",
modulusLength: 4096,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-512"
},
true,
['encrypt', 'decrypt']
);
keyPair.then((value)=>{
console.log("worked properly.");
})
.catch((error)=>{console.log("Error:", error)})Note: I figured out RSA-OAEP behaves completely different, I means it works with encrypting/decrypting but gets stuck for signing/verifying and shows same error.
Question: Can you please provide me a link which explain the differences between these RSA variants and when should I use which one of them? I googled for it but I couldn’t find anything and there is no explanation in MDN
Sorry if my English wasn’t very well.
Advertisement
Answer
To answer the question which is:
Question: Can you please provide me a link which explain the differences between these RSA variants and when should I use which one of them?
you can refer to this Documentation, In bottom of Supported algorithms sections you can find a table which gives you a complete guidances about which algorithm is suitable for which operation.
The same algorithm couldn’t be use for the all of operations because as @Topaco commented below the question, they use different padding variants and so on:
Encryption/decryption and signing/verifying use different padding variants. This is explained in RFC8017. Encryption/decryption apply the older RSAES-PKCS1-v1_5 and the more modern RSAES-OAEP. The corresponding counterparts in the signing/verifying context are RSASSA-PKCS1-v1_5 and RSASSA-PSS. The WebCrypto API does not use RSAES-PKCS1-v1_5 anymore since 2014, see here.