invisal / god_crypto Goto Github PK

View Code? Open in Web Editor NEW

91.0 91.0 15.0 159 KB

Pure Javascript/Typescript Crypto Implementation for Deno. AES, RSA, HMAC, and TOTP

License: MIT License

TypeScript 99.03% Shell 0.97%

crypto deno javascript typescript

god_crypto's Introduction

About me

🏄‍ Currently running Khmer Coders community.
🔭 You can find me in DoTA 2.
🌱 Always learn something new.

Stats

god_crypto's People

Contributors

Stargazers

Watchers

Forkers

wonism lyhourchhen horkimhab shiddenme vicky-gonsalves joe-hx cliera twlite jiawei397 cccdeno jeff-hykin jhheider jojobii-arks manhha3010

god_crypto's Issues

How to get BlockCipher from hex?

Probably a stupid question, but need to ask anyways, the example calls .hex() on the encrypted cipher, which returns a string. Say I store this encrypted text, how would I pass this text to aes.decrypt() again so it can be decrypted? As far as I can understand from the code, decrypt() expects a BlockCiper object, but how do I get one from a hex string?

thanks and sorry again for the question =)...

EDIT: I dug around crypto-js a bit and found how they convert a hex string to bytes:

	// Convert a hex string to a byte array
	function hex2bytes(hex) {
		for (var bytes = [], c = 0; c < hex.length; c += 2)
		bytes.push(parseInt(hex.substr(c, 2), 16));
		return bytes;
	}

but wouldn't it be useful if god_crypto would do that by itself, e.g. some kind of flag or something for decrypt() when the input is a string, e.g. something like .decrypt(<string>, '<hex|base64>')

NotSupportedError: Unrecognized algorithm name

error: Uncaught NotSupportedError: Unrecognized algorithm name
this.wkey = await crypto.subtle.importKey(
^

Same error than: #36

Using the last V of Deno. Error with the Exemple code

Incompatibility with web worker?

I am using another deno library which has god_crypto as a dependency and introducing that library leads to compile error which comes from god_crypto

I created the issue here for that JamesBroadberry/deno-bcrypt#15

But since the error seems to stem from god_crypto I was wondering whether you might have any insight into the issue and better still suggestions on how to fix it.

Thanks

Unable to decrypt ciphertext encrypted with PKCS#1 v1.5 padding

Here is the code that I am using:

import { RSA } from "./src/deps.ts";

const privateKey = new RSA(RSA.parseKey(
  new TextDecoder().decode(await Deno.readFile("./secrets/private")),
));
const encrypted = await Deno.readFile("./encrypted");
const decrypted = await privateKey.decrypt(encrypted, {
  padding: "pkcs1",
});
console.log(new TextDecoder().decode(decrypted));

And I get error: Uncaught (in promise) Decryption error. The ciphertext is encrypted with the public key using PKCS#1 v1.5 padding. To test this out for yourself, here are the public/private keys and the hex encoded cipher text (which is the encrypted string hey!):

Private key

Public key

Hex encoded ciphertext

2a9654a198ce822303c415a2d97cbabf438ce1c10f22ccefbc76bb311f03861dbbe146c990cc3fef6ba08703c71fb6265ea3aa9c9fa8100eb06c7f6c2a8c4781f7b8cb874c30ed908b5c7ed05c4598752a976c99cd482adbe502f4f968bc3e48ba1a9e6f32098cd93bf17929df45297f5c1453be3972ea0edc9f260fe2bb021d

I have written code in Go to decrypt it and it seems to be working. Any ideas on what could be the problem? I'm not too knowledgeable on RSA encryption so there could be something I'm missing 🤷‍♀️

get an error from nessie now

deno 1.26.1

Warning Implicitly using latest version (0.161.0) for https://deno.land/std/hash/mod.ts
error: Module not found "https://deno.land/std/hash/mod.ts".
    at https://deno.land/x/[email protected]/src/eme_oaep.ts:1:28

its been deprecated.

Use promises to reduce errors

In functions such as RSA.parseKey & RSA.importKey, it's likely a smarter idea to implement Promises so developers can catch errors more effectively. Currently, passing an invalid key into one of these functions returns a type error from the following function:

export function rsa_import_key(
  key: string | JSONWebKey,
  format: RSAImportKeyFormat,
): RSAKeyParams {
  const finalFormat = format === "auto" ? detect_format(key) : format;

  if (finalFormat === "jwk") return rsa_import_jwk(key as JSONWebKey);
  if (finalFormat === "pem") return rsa_import_pem(key as string);

  throw new TypeError("Unsupported key format");
}

This is bad practice, especially if the developer is passing on a user-provided public key. A better implementation would be to use a Promise and reject if the key format is invalid, which would then allow the end developer to handle such error and pass it off to the user with .catch().

Release new version to support deno 1.4.x

Please release new version in deno third party modules to support deno 1.4.x

Export key types

Exporting types such as RSAKey would be useful in development, this was functions and objects can accept these values as inputs without the need to recreate the type manually.

error: Uncaught (in promise) Invalid RSA key

I can't seem to parse this key even though it is a valid public X.509 certificate.

Use WebCrypto if available, otherwise fallback to Javascript implement

If WebCrypto is available, we will use wrap around WebCrypto, otherwise we will use our own Javascript implementation. There will be some breaking change because WebCrypto is asynchronous and currently our method is synchronous.

We will change some syntax to make it consistence. We will add Sync suffix for synchronous method

const ciper = await (new RSA(publicKey).encrypt("Hello World"));
const ciper = new RSA(publicKey).encryptSync("Hello World");

RSA.importKey fails for Certificate

When I try to import a certificate,
e..g.
const certificate=-----BEGIN CERTIFICATE----- MIIC6jCCAdKgAwIBAgIGAXaVe94SMA0GCSqGSIb3DQEBCwUAMDYxNDAyBgNVBAMM K1g5ckRRSWdRdmdidkFnNEJvb18wbklUU054MDYxTXNHSGQ4dlV1QkNMUncwHhcN MjAxMjI0MTYwMTMxWhcNMjExMDIwMTYwMTMxWjA2MTQwMgYDVQQDDCtYOXJEUUln UXZnYnZBZzRCb29fMG5JVFNOeDA2MU1zR0hkOHZVdUJDTFJ3MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGleHRGOs1scVRpv6fPcbnO4ymFgTRYtahiR D5CVSAfZBr2CuQXXMpMzAEM58qQJ/TzxsLIFHg/VO54DQlhbCrTPBTEGYb5S5/Jw iDLrWdGNY5Dixx73VfOPMy7R0OKOGE5TsETPaWHXaY8PuCSUGQpWlt/pbU1BJvOZ 5Ls9AVG8r72ZHwnWmQBbgwiaRbinvN9Dt1IuV3wbqk1Xg5hdYaaPBi4JX9IzRPG4 6GrqbX4HlxByLYYO6fMD9jmlyFtfO9119I60bsK+muPWzDk3FeevRpKHrkZx3HZi m/yTkYmgYj4X9ZCQtu0MlBIB/rZGG75RppFQn9pZucF/0IhupQIDAQABMA0GCSqG SIb3DQEBCwUAA4IBAQCO/FPK6OzmreIJ6ilgYeHJGkTTTDkH6tKAfkzY43znlYmv s+RBOkxHHejdSeIAicBD49hLcwwWDJDJdyg/CleRBYX5jS1IPR8jA+qgFrOeWtZk jggxSac8r9sipyxq1sxLBVFYPhRAN5dBE6dp5WMqUnv5QE0bvJ0MzfBUA3DlktSH ZD9BrpdCeytf34m3QWbsgKHUSbKZGeTch/Skyuc+bXspjtf9LQFWsSJ/9nnVfG0M L8f/6e1mTV8Jzbh4lN5tqWTn3VwwBw9IxJL6+LodvAIimX680hwhizOZsI52vWvW ElJu6L9bDNYoFN62AI2v8I4JpH3VtSA8UoudtVku -----END CERTIFICATE-----

const Key = RSA.importKey(certificate)

it fails with

error: Uncaught TypeError: Cannot read property '0' of undefined
var length = get_key_size(parseKey[0][5][1][0][0]);

Is it a mistake on my side or a bug?
I tried with the certificate in your testcase (https://github.com/invisal/god_crypto/blob/master/tests/rsa/rsa.import_key.test.ts) and it works fine.

rsa_import_pem_private_pkcs8 trimming fails

-----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- are 27 + 25 = 52 characters.

But the code truncates 57 characters:

function rsa_import_pem_private_pkcs8(key: string): RSAKeyParams {
  const trimmedKey = key.substr(27, key.length - 57);
}

So I get the error InvalidCharacterError: The string to be decoded is not correctly encoded from atob.

My workaround is to add 5 more - at the end of the file. -----END PRIVATE KEY----------.

Implement full-fledged ASN1 decoder and encoder

When I start this project, I want to quickly get thing done to test some concept, so I quickly write very basic parser. There seem to be more need for more ASN1 decoding and encoding that I think we should invest sometimes to build more solid ASN1 encoding.

Give your library a professional name.

Hello. Great library. Very useful.

Please considering changing the name to something professional that people will trust.

Also, please add support to PKCS7 for signed and encrypted email messages.

Deno 1.16.4: NotSupportedError using AES encryption

Hi, I'm having an issue with the lib, if anyone could help me it would be amazing, I need to update in production but this is breaking a feature of my game. This is the summed up version of my code:

    import { AES }  from "https://deno.land/x/[email protected]/aes.ts"

    public async encryptUserData(userData: string): Promise<string> {
        const aes = new AES('defaultaeskey123', {
            mode: "cbc",
            iv: "tiny land online",
        })
        const encryptedData = await aes.encrypt(userData)   // <---- breaking point
        return encryptedData.hex()
    }

here's the error I'm getting:

This is the log of the Deno cache reload (I'm finding that warning very suspicious, it might be causing the error due to some inconsistence between versions, idk)

Am I being dumb? Or is there something actually wrong? Thanks in advance!

string generated from rsa seems to be invalid

Hi
I was trying to use the rsa n and e provided by some api like this:

const rsaKey = RSA.importKey({
  n: "c6859cbc01aa2a2f26ba09e0c9768c429fa70ff3705cb5344660eb32aa7fb6f88269b76c558c3a214ce27e662db897884a79e9a34c2205a4cab1f2431731adbe5dc3f1dcedb511781b1583f00fb8948fb5683c169d91d5c6aa87f78edb24604d4c02ab348c77c093cd73feb59ab459ceeac6713cf3e1ab2230585fdc3e13632d8a8a21c8abb75701a6ca70b77c858d81dac626bbe795faee09a1f6d70ba3c04be27b8bae4edbb664e636df158bf8020254b94b71cf442d29555a85ad95a187abb0ebce1e86d398af6e29afb34130bffd875178955a51ebbb69ee012509fd0ec6f405f3ea250716983af55d773f4a4ac11deb83c2e6b495cc4f08f092ecfb2afb",
  e: "010001",
  kty: "RSA",
});

then checking the pem, it seems to be valid:

console.log(
  rsaKey.pem(),
);

but when encrypting a string and turning it to base64, output seems to be an invalid string:

console.log(
  (await new RSA(rsaKey).encrypt("test"))
    .base64(),
);
//  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlpZUCFl1/9GPAYIr+uBDkZVDa10yWVhv5k/JBA2HrZO9nEw2Ql6VVNI9ZDx006TmNLKlCMS5PmAsK4jD95b6i5dWKiVPlCZg5oKWAGJwFAdEaZtTU6V8rBO4WAZBbnP2CKchCl03dv5VrvNt+4Ft2LgYRqxZHsZNsZSWiexFhJOMN87cr8cqsZNlfvY+bYPlXWiZxV8LMh1gqQ4VHtb4U0esCpiWdKDB7fznGK4tstF9dCPkgdPCUaLCtqnysfGK7EgBGnG/BBJTPPmNl+eQedwxbtmdgiNJGrHCKywG+WUkf+m7TBSkP0hgkAVIG9zvnprmCJptnja18E7U9RZfqGQkc1QgUgcQUIua04cmi0aOMLPNvGt/nfom+oWN3Gi6pWeNHSh08Vkjfs6tTKnZ2xBadwRqkPEb+K8rCS7lXjr8Nx+yNMwf1T5BSFytnxQYLvPYg0XWy+LaAam/PM9Sik4+CR1KmhnObkNdXRK7YXgFyIeePwC1L6Ou4MDob36M=

as you can see, it seems it got padded with some whitespace which shouldn't be there.

also the api says this string (which would serve as password later) is invalid.

Deno 1.13: Argument of type "jwk" is not assignable to parameter of type "raw"

After upgrading to Deno v1.13.0 released today this library, specifically RSA can no longer be imported due to a typescript error.

in deno interpreter

> deno --version
1.13

> deno
> import { RSA }  from "https://deno.land/x/god_crypto/rsa.ts";
Uncaught TypeError: TS2345 [ERROR]: Argument of type '"jwk"' is not assignable to parameter of type '"raw"'.
    "jwk",
    ~~~~~
    at https://deno.land/x/[email protected]/src/rsa/rsa_wc.ts:55:5
    at async <anonymous>:2:18

this works fine in Deno 1.12.x

Add JWT support

Since we aims to be one stop crypto library for Deno. It would be nice to have JWT built-in support in our library.

TLS alert received: https://deno.land/x/[email protected]/src/utility/asn1.ts

Been getting this error just today, linked to the latest version of god_crypto?

Can't decode ber-wrapped PEM private key

Hello, I am trying to use this library (well, actually /x/djwt) to sign a JWT token for a Google Cloud service account. It seems Google Cloud gives a PEM payload that this library cannot read.

> deno run --allow-read mod.ts 
error: Uncaught (in promise) TypeError: Unsupported key format
  throw new TypeError("Unsupported key format");
        ^
    at rsa_import_pem (import_key.ts:135:9)

The incompatibility seems to stem from the Google header being -----BEGIN PRIVATE KEY----- (no RSA).

The raw bytes of the PEM look like this:

Uint8Array(1219) [
   48, 130,   4, 191,   2,   1,  0,  48,  13,   6,   9,  42, 134,  72, 134,
  247,  13,   1,   1,   1,   5,  0,   4, 130,   4, 169,  48, 130,   4, 165,
    2,   1,   0,   2, 130,   1,  1,   0, 171,  42, 121,  18,  39, 251, 180,
  173,  40, 219,  42,  81,  41, 49, 181,   1,  41, 111, 240,  24,  66, 159,
  124, 230, 138, 215,  74,  60, 62, 183, 185,  66, 147, 203, 226,  13, 116,
  198, 175, 202, 119,  70, 175, 35, 132, 216, 125, 242, 182, 177, 151, 176,
  102,  39,  28, 193, 131, 173, 33, 173, 103,   6,
  ... 1119 more items
]

I noticed that ber_decode shows a similar inner payload:

{
  totalLength: 1219,
  type: 48,
  length: 1215,
  value: [
    { totalLength: 3, type: 2, length: 1, value: 0n },
    { totalLength: 15, type: 48, length: 13, value: [
      { totalLength: 11, type: 6, length: 9, value: "1.2.840.113549.1.1.1" },
      { totalLength: 2, type: 5, length: 0, value: null }
    ] },
    {
      totalLength: 1197,
      type: 4,
      length: 1193,
      value: Uint8Array(1193) [
         48, 130,   4, 165,   2,   1,   0,   2, 130,   1,   1,   0, 171,  42,
        121,  18,  39, 251, 180, 173,  40, 219,  42,  81,  41,  49, 181,   1,
         41, 111, 240,  24,  66, 159, 124, 230, 138, 215,  74,  60,  62, 183,
        185,  66, 147, 203, 226,  13, 116, 198, 175, 202, 119,  70, 175,  35,
        132, 216, 125, 242, 182, 177, 151, 176, 102,  39,  28, 193, 131, 173,
         33, 173, 103,   6, 222, 100, 147, 243, 119, 237,  68,  20, 207, 134,
        118,  18, 210,  67, 165, 251, 219,  88, 227,  46, 241, 127,  18,  69,
        102, 248,
        ... 1093 more items
      ]
    }
  ]
}

1.2.840.113549.1.1.1 seems to mean RSA encryption.

I was able to extract and re-encode the inner PEM, rewrite my Google service account file with that payload, and then sign a JWT. It seems this library needs to be improved to be able to read this key structure in order to be immediately applicable to JWT signing. #11

Here is a similar key I requested and then immediately deactivated so I can attach it safely:

TypeError: crypto.subtle.importKey is not a function

After updating, Deno v1.11.0 I am getting typeError in encryption.

const aes = new AES(this.key, { mode: "cbc", iv: this.salt }); // This works proper
const cipher = await aes.encrypt(str); // Error genrates from here.

Error is:
TypeError: crypto.subtle.importKey is not a function at WebCryptoAES.loadKey (https://deno.land/x/[email protected]/src/aes/aes_wc.ts:24:39) at WebCryptoAES.encrypt (https://deno.land/x/[email protected]/src/aes/aes_wc.ts:37:28) at AES.encrypt (https://deno.land/x/[email protected]/src/aes/mod.ts:40:43)

Encoding Public Key (.pem)

I'm pretty new to all this, so apologies for any silly questions.

So you can parse a key like this:

import { RSA } from "https://deno.land/x/god_crypto/rsa.ts";

// Parsing public/private key
const publicKey = RSA.parseKey(Deno.readTextFileSync("./public.pem"));

Can you go the other way?
I.e. take an RSA object and generate/encode the pem.