javascriptcryptographyrsacryptoapi

Why I can't use RSASSA-PKCS1-v1_5 to encrypt/decrypt?


First of all, I'm completely new to cryptography and I just have basic knowledge about some encryption algorithms and how they work such as RSA, DES and so on.

I want to use SubtleCrypto in JS to do some stuff including signing, verifying, encrypting, decrypting using RSA.

I'm just unable to produce a key pair for doing all of them; for example, below code works fine for generating a key pair to do signing/verifying:

let keyPair = window.crypto.subtle.generateKey(
    {
        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 4096,
        publicExponent: new Uint8Array([1, 0, 1]),
        hash: "SHA-512"
    },
    true,
    ['sign', 'verify']
  );
  
  keyPair.then((value)=>{
    console.log("worked properly.");
  })
  .catch((error)=>{console.log("Error:", error)})

But when I use above code to generate a key pair for encrypting/decrypting I'll get a DOMException(in browser) or SyntaxError(in snippet):

let keyPair = window.crypto.subtle.generateKey(
    {
        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 4096,
        publicExponent: new Uint8Array([1, 0, 1]),
        hash: "SHA-512"
    },
    true,
    ['encrypt', 'decrypt']
  );
  
  keyPair.then((value)=>{
    console.log("worked properly.");
  })
  .catch((error)=>{console.log("Error:", error)})

Note: I figured out RSA-OAEP behaves completely different, I means it works with encrypting/decrypting but gets stuck for signing/verifying and shows same error.

Question: Can you please provide me a link which explain the differences between these RSA variants and when should I use which one of them? I googled for it but I couldn't find anything and there is no explanation in MDN

Sorry if my English wasn't very well.


Solution

  • To answer the question which is:

    Question: Can you please provide me a link which explain the differences between these RSA variants and when should I use which one of them?

    you can refer to this Documentation, In bottom of Supported algorithms sections you can find a table which gives you a complete guidances about which algorithm is suitable for which operation.

    The same algorithm couldn't be use for the all of operations because as @Topaco commented below the question, they use different padding variants and so on:

    Encryption/decryption and signing/verifying use different padding variants. This is explained in RFC8017. Encryption/decryption apply the older RSAES-PKCS1-v1_5 and the more modern RSAES-OAEP. The corresponding counterparts in the signing/verifying context are RSASSA-PKCS1-v1_5 and RSASSA-PSS. The WebCrypto API does not use RSAES-PKCS1-v1_5 anymore since 2014, see here.