Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use different key to do OAEP and PSS #58

Merged
merged 1 commit into from
Dec 24, 2022
Merged

Use different key to do OAEP and PSS #58

merged 1 commit into from
Dec 24, 2022

Conversation

agix
Copy link
Collaborator

@agix agix commented Nov 24, 2022

I know it was a bad practice to use the same keypair to encrypt/decrypt and sign/verify...

secretin-lib/src/User.js

Lines 158 to 179 in 85873da

exportPrivateData(data) {
const result = {};
return this.cryptoAdapter
.encryptRSAOAEP(data, this.publicKey)
.then((encryptedOptions) => {
result.data = encryptedOptions;
return this.sign(result.data);
})
.then((signature) => {
result.signature = signature;
return result;
});
}
importPrivateData(data, signature) {
return this.verify(data, signature).then((verified) => {
if (verified) {
return this.cryptoAdapter.decryptRSAOAEP(data, this.privateKey);
}
return null;
});
}

I used a "hack": convertOAEPToPSS

And this is something ANSSI reported to me.

This PR solves the problem by generating another keypair dedicated to the signature process.

The privateKeySign is encrypted with a random protectKey which is encrypted with the "normal" publicKey.

@agix agix requested a review from dlajarretie November 24, 2022 02:42
@agix agix self-assigned this Nov 24, 2022
@agix agix changed the base branch from develop to async_await_part_5 November 24, 2022 02:43
@agix agix force-pushed the use_different_key_to_OAEP_and_PSS branch 2 times, most recently from 70aa546 to e4121a8 Compare December 24, 2022 00:43
@agix agix force-pushed the async_await_part_5 branch from 55d3e02 to 831033a Compare December 24, 2022 01:19
@agix agix force-pushed the use_different_key_to_OAEP_and_PSS branch from e4121a8 to 3303040 Compare December 24, 2022 01:22
@agix agix changed the base branch from async_await_part_5 to async_await December 24, 2022 01:23
@agix agix merged commit c4a7b36 into async_await Dec 24, 2022
@agix agix deleted the use_different_key_to_OAEP_and_PSS branch December 24, 2022 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlajarretie dlajarretie Awaiting requested review from dlajarretie

Assignees

@agix agix

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@agix