Rsa Encryption In Javascript With Existing Der / Pem Keys
Solution 1:
There seems to be a slight mismatch in your understanding what a public key consists of and the JavaScript libs that you're using.
An X5.09 certificate is a DER structure that contains a public key. It also contains a lot of other data of the holder, issuer, key and of course the signature of the issuer.
A public key is usually also encoded as (PKCS#1) DER encoded data, but it only consists of the modulus and the public exponent (for RSA).
PEM is just an ASCII armor with DER inside.
Now your Android software seems to use the certificate for encryption. That's fine, the underlying Cipher implementation just retrieves the public key and encrypts with it. Your JavaScript code however just takes the public key, not a certificate. So you'll need some kind of library to retrieve the public key from the certificate.
The big issue is of course how to make sure that JavaScript can trust the public key. This can be solved on iOS and Android by including a trusted (higher level CA) certificate in the application and verify the certificate or public key with that. That's usually not possible for JavaScript where the code gets distributed using the same untrusted channel as the public key. So technically solving this issue may not bring you real security.
Post a Comment for "Rsa Encryption In Javascript With Existing Der / Pem Keys"