jsencrypt icon indicating copy to clipboard operation
jsencrypt copied to clipboard
verified publisher icon travist

Need a fix for CVE-2023-46809

Open cjbathras opened this issue 1 year ago • 3 comments

When upgrading to Node 20, I can no longer use jsencrypt because it uses PKCS1 padding. Node is preventing using PKCS1 padding because of CVE-2023-46809. It would be great if the padding method was changed or if there was an option to use a different padding scheme. If there's a way to get around this that I haven't uncovered, I'd love to hear about it.

cjbathras avatar Feb 20 '24 12:02 cjbathras

use OAEP padding?

tomato42 avatar Feb 21 '24 01:02 tomato42

How do I use OAEP padding with jsencrypt? I haven't found anything about that. If you can point me to an example that would be great!

cjbathras avatar Feb 21 '24 15:02 cjbathras

https://github.com/travist/jsencrypt/issues/84

fengmk2 avatar May 16 '24 07:05 fengmk2