PKI.js icon indicating copy to clipboard operation
PKI.js copied to clipboard

Published 20 hours ago verified publisher icon PeculiarVentures

Cannot decrypt CMS

Open microshine opened this issue 6 years ago • 7 comments

I've got EnvelopedData with RSA encryption algorithm. I've got an exception on decryption

Exception

Error: Object's schema was not verified against input data for RSAESOAEPParams
      at RSAESOAEPParams.fromSchema (packages/protocol/node_modules/pkijs/src/RSAESOAEPParams.js:169:10)
      at new fromSchema (packages/protocol/node_modules/pkijs/src/RSAESOAEPParams.js:38:9)
      at SubKeyTransRecipientInfo.currentSequence.then (packages/protocol/node_modules/pkijs/src/EnvelopedData.js:1429:27)

CMS ASN.1 structure

image

As you can see parameters for RSA encryption algorithm are null. Should it use the default hash algorithm in this case?

This is correct CMS, I can decrypt it using C# EnvelopedCms

PKIjs source code

https://github.com/PeculiarVentures/PKI.js/blob/master/src/EnvelopedData.js#L1428

microshine avatar Aug 24 '19 18:08 microshine

You can find a similar CMS here

ASN1 structure

image

microshine avatar Aug 24 '19 18:08 microshine

RFC3560

RSAES-OAEP-params  ::=  SEQUENCE  {
     hashFunc    [0] AlgorithmIdentifier DEFAULT sha1Identifier,
     maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1Identifier,
     pSourceFunc [2] AlgorithmIdentifier DEFAULT
                         pSpecifiedEmptyIdentifier  }

https://tools.ietf.org/html/rfc3560#section-3

microshine avatar Aug 24 '19 19:08 microshine

I found a way to do decrypt a message using NodeJs Crypto API rsaEncryption(1.2.840.113549.1.1.1) means RSA_PKCS1_PADDING, not RSA-OAEP

const crypto = require("crypto");

const encRaw = Buffer.from("76e5ea6e1df52471454f790923f60e2baa7adf5017fe0a36c0af3e32f6390d570e1d592375ba6035fdf4ffa70764b797ab54d0ab1efe89cf31d7fc98240a4d08c2476b7eb4c2d92355b8bf60e3897c3fcbfe09f20c7b159d9a9c4a6b2ce5021dd313e492afa762c24930f97f03a429f7b2b1e1d6088651d60e323835807c6fefe7952f74e5da29e8e327ea46e69a0a6684272f022bf18ec602ffcd10a62666b35a51ec7c7d101096f663ddfa0924a86bdbcde0433b4f71dc42bfd9facf329558026f8667f1a71c3365e09843a12339d8aaf31987b0d800e53fd0835e990096cb145e278153faf1188cd5713c6fcd289cb77d80515e1d200139b8ccac4d3bcebc", "hex");
const dec = crypto.privateDecrypt({
  key: SCEP_CLIENT_PRIVATE_KEY_PEM,
  padding: 1, // RSA_PKCS1_PADDING
}, encRaw);

microshine avatar Aug 24 '19 20:08 microshine

So, in fact what you have is an very-very old encryption scheme using RSAES-PKCS1-v1_5 encryption algorithm (it is not connected with RSA-OAEP and OAEP parameters at all). And I should say the RSAES-PKCS1-v1_5 is not supported in WebCrypto (and thus in PKI.js). But thanks, I will append an additional check for this case in order to provide a correct alert.

YuryStrozhevsky avatar Aug 26 '19 06:08 YuryStrozhevsky

I'm going to add RSAES-PKCS1-v1_5 algorithm to PeculiarVentures WebCrypto libraries. Looks like this mechanism is still used

microshine avatar Aug 26 '19 06:08 microshine

Hi, has this support been added? The apple mail client and Thunderbird sends S/MIME messages with PKCS1_PADDING and I need support for that algorithm.

taylorcenters avatar Oct 09 '20 16:10 taylorcenters

@taylorcenters peculiar/webcrypto supports this algorithm; try setEngine

rmhrisk avatar Oct 09 '20 19:10 rmhrisk