Rsa Communication Between Javascript And Python

I am working on a prototype, so it needs to use RSA between a Chrome Extension and a Python Server. So far I was planning on using https://sourceforge.net/projects/pidcrypt/ and h

Solution 1:

The Javascript library (pidCrypt) uses PKCS#1 v1.5 for RSA encryption, not OAEP.

That is supported by PyCrypto (see here). This is the example for encryption:

from Crypto.Cipher import PKCS1_v1_5
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA

message = 'To be encrypted'
h = SHA.new(message)

key = RSA.importKey(open('pubkey.der').read())
cipher = PKCS1_v1_5.new(key)
ciphertext = cipher.encrypt(message+h.digest())

And decryption:

from Crypto.Hash import SHA
from Crypto import Random

key = RSA.importKey(open('privkey.der').read())

dsize = SHA.digest_size
sentinel = Random.new().read(15+dsize)      # Let's assume that average data length is 15

cipher = PKCS1_v1_5.new(key)
message = cipher.decrypt(ciphertext, sentinel)

digest = SHA.new(message[:-dsize]).digest()
if digest==message[-dsize:]:                # Note how we DO NOT look for the sentinelprint"Encryption was correct."else:
     print"Encryption was not correct."

Note that PKCS#1 v1.5 encryption scheme is know to be badly broken.

Solution 2:

Would it be possible to use a HTTPS ajax connection instead? That way, you have end to end encryption without needing to worry about it yourself.