node:crypto is underused

First things first, we need to generate a key pair.

tsx
import { promisify } from "node:util";
import { generateKeyPair } from "node:crypto";
 
const { privateKey, publicKey } = await promisify(generateKeyPair)("rsa", {
  modulusLength: 2048,
});

tsx
import { promisify } from "node:util";
import { generateKeyPair } from "node:crypto";
 
const { privateKey, publicKey } = await promisify(generateKeyPair)("rsa", {
  modulusLength: 2048,
});

Easy, right? We’ve got ourselves an RSA public and private key.

Rivest–Shamir–Adleman public-key cryptosystem was discovered in the late 70s, just like hip-hop. You need to now pause reading this, play the “Rapper’s Delight” by The Sugarhill Gang, while reading about RSA Security’s relationship with NSA.

Now back to JavaScript.

Let’s write and encode a short message, so we have something to work with.

tsx
const originalString = "my important message";
const originalUint8Array = new Uint8Array(
  originalString.split("").map((ch) => ch.charCodeAt(0)),
);

tsx
const originalString = "my important message";
const originalUint8Array = new Uint8Array(
  originalString.split("").map((ch) => ch.charCodeAt(0)),
);

Now anybody can encrypt it with our public key, but only we can decrypt it.

tsx
import { publicEncrypt, privateDecrypt } from "node:crypto";
 
const encryptedBuffer = publicEncrypt(publicKey, originalUint8Array);
const decryptedBuffer = privateDecrypt(privateKey, encryptedBuffer);
const decryptedString = decryptedBuffer.toString();

tsx
import { publicEncrypt, privateDecrypt } from "node:crypto";
 
const encryptedBuffer = publicEncrypt(publicKey, originalUint8Array);
const decryptedBuffer = privateDecrypt(privateKey, encryptedBuffer);
const decryptedString = decryptedBuffer.toString();

The functions for signing and verifying have a bit of a peculiar API, where we can pass null or undefined as the first argument if we already have our key in a KeyObject instead of a raw string. I’m pretty used to JSON.stringify(object, null, 2), so I think I actually prefer it over repeating the algorithm name.

tsx
import { sign, verify } from "node:crypto";
 
const signature = sign(null, originalUint8Array, privateKey);
const verified = verify(null, originalUint8Array, publicKey, signature);

tsx
import { sign, verify } from "node:crypto";
 
const signature = sign(null, originalUint8Array, privateKey);
const verified = verify(null, originalUint8Array, publicKey, signature);

tsx
const signingKeys = await promisify(generateKeyPair)("ed25519");

tsx
const signingKeys = await promisify(generateKeyPair)("ed25519");

Both RSA and Ed25519 can be used to sign and verify messages, but Ed25519 is just a digital signature scheme, so you can’t use it for encryption.

If you change rsa to ed25519 in the sandbox, one of the tests will fail with a friendly message:

Error: error:03000096:digital envelope routines::operation not supported for
this keytype

Error: error:03000096:digital envelope routines::operation not supported for
this keytype

A bit annoying that it doesn’t tell us about it on the type level, but without redesigning the API with types in mind, the type error would also be a bit nasty.

I remember thinking “Why shouldn’t I just use RSA for everything and limit the number of keys flying around?” sometime in the past. Apart from the performance, and some possible security reasons, there’s apparently some legislation stating that digital signatures are legally binding. I probably wouldn’t interpret hashing a message and then raising the hash to the power of a number that’s kept in secret as a signature, but I am not a lawyer, and I am unfortunately doomed to focus on the implementation.

Further Reading

• Introduction to Cryptography and RSA (Spring 2011, MIT OCW)
• Chosen-ciphertext attack
• Web Cryptography API Spec
• How the NSA (may have) put a backdoor in RSA’s cryptography