I receive the error “Ciphertext length must be equal to key size.” when trying to send an encoded message from javascript to python. I have encoded the bytesarray to base64 in javascript and decoded the base64 back to a bytes array in Python. Yet, the issue seems to persist.
Key Generation (Python):
JavaScript
x
9
1
RSA_SECRET_KEY = rsa.generate_private_key(2
public_exponent=65537,3
key_size=40964
)5
RSA_PUBLIC_KEY = RSA_SECRET_KEY.public_key().public_bytes(6
encoding=serialization.Encoding.PEM,7
format=serialization.PublicFormat.SubjectPublicKeyInfo8
)9
Import Key (Javascript):
JavaScript
1
24
24
1
async function importRsaKey(pem) {2
// fetch the part of the PEM string between header and footer3
const pemHeader = "-----BEGIN PUBLIC KEY-----";4
const pemFooter = "-----END PUBLIC KEY-----";5
const pemContents = pem.substring(pemHeader.length, pem.length - pemFooter.length - 1);6
// base64 decode the string to get the binary data7
const binaryDerString = window.atob(pemContents);8
// // convert from a binary string to an ArrayBuffer9
const binaryDer = str2ab(binaryDerString);10
11
var key = await crypto.subtle.importKey(12
"spki",13
binaryDer,14
{15
name: "RSA-OAEP",16
hash: "SHA-256"17
},18
true,19
["encrypt"]20
);21
22
return key;23
}24
Encrypt Data (Javascript):
JavaScript
1
8
1
async function encrypt(key, msg) {2
return await crypto.subtle.encrypt(3
{name:"RSA-OAEP"},4
key,5
str2ab(msg)6
)7
}8
Transmit Data (Javascript):
JavaScript
1
15
15
1
const handleSubmit = (e) => {2
e.preventDefault();3
const rsa_key_promise = importRsaKey(public_key);4
rsa_key_promise5
.then((rsa_key) =>6
{7
encrypt(rsa_key, "test")8
.then((data) =>9
{10
axiosInstance11
.post(`auth/token/`, {12
hash: window.btoa(data),13
})14
more code15
Receive and decode data (Python):
JavaScript
1
16
16
1
def post(self, request, *args, **kwargs):2
response = Response(status.HTTP_400_BAD_REQUEST)3
try:4
enc = base64.b64decode(request.data['hash'])5
dec = settings. 6
RSA_SECRET_KEY.decrypt(enc,7
padding.OAEP(8
mgf=padding.MGF1(algorithm=hashes.SHA256()),9
algorithm=hashes.SHA256(),10
label=None11
)12
)13
except Exception as e:14
print(e)15
return response16
Advertisement
Answer
encrypt() returns the ciphertext as an ArrayBuffer. However, btoa() requires a binary string. Therefore the ArrayBuffer must be converted to a binary string first (see ab2b64() below). With this fix a valid ciphertext is produced:
JavaScript
1
63
63
1
(async () => {2
3
var pem = `-----BEGIN PUBLIC KEY-----4
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu0O0WXzs0bPuSx0n/b5B5
zyqaFBgBC3U/9nfChj5idf6ae0NY9iDG749N/O5XB7dduAGq/UHemdvJTsztPWOd6
y0NjVkluX0g6Mm+rB6rRAqihwq3xdl44OKvVWKmWM2iYhL6DahAdjMgvN4HSGU7c7
HM0ZijDD89dQ2lfC7jEOloxzvja7P8ZCWM1A14VT48Z/F4uSyRkdV1SEY1ifhmSe8
3dzxpR53RIblZcZsGV2Tic6pM9LDVaNiCMBLggbEy7ezvhut0wDyIM92McjNja999
8C/bhUzR4zaGPEWq1ZgiLiGM/iposa3O9JbOJ8g6yFKPArxVZfGDPcVYZhJEtNN810
QJzx1ZQdG22Nvybg8EHoESDh6Dd8SJ8yVySSnRn3N8QFANI5EblpcxlaCmb0rlpo11
pmmNsx2Whz4oB9kMnWzQcOhmCeK9cbZOL9/cfPljY3Nyr18U5aGIygaTBVMJ3uTE12
cbfGroEOLdDcv7zJuf1d4UsMOF0iioSAFvRxW57NHF8tlQaqKqPERAdg3c3Z0A0e13
eFtxL3fKj7/PLC6/3C4ziNu0HLK0j5Ucyheczyl5bLDgUztRLSRuOjoNC1G0zYcK14
DrnYNbJhuICYyyXL27ZMlIIS1j784jU3TRqP0+TtCr0vYOCiXC0lQA/I6J7QF9sB15
itD59zlSvyMCl96prOAH5y8CAwEAAQ==16
-----END PUBLIC KEY-----`;17
18
var key = await importRsaKey(pem);19
var ciphertext = await encrypt(key, 'The quick brown fox jumps over the lazy dog');20
var base64String = ab2b64(ciphertext); // Fix: Convert ArrayBuffer to a binary string and Base64 decode!21
document.getElementById("ciphertext").innerHTML = base64String; // e.g. ciphertext: IH+AikadAv7hdWJgKaLYTIgmN+Pvq4c5BU+VQi6irxCSI/IA30Tp6QK/rdNZYQDlNNJIk0XvK1AgbHPW3tBOygZjFGWVdVzDbYIhhva0o1FtHZluCIhxpJLEpAFKq+sMuBTtKeCqL8S4cS6B0GaDQzBjTh2D6k+p/fjVSx00bq4aqRUsgdYoa1uT3ook66qQfcyunImx++JrkjTSw7LB5XHjcGKXH3/92ZcxWyqBr5hIRje5Bdz6xPjpuGMlaPuOseVdyHEDcrAMl874NK16tz6ThkGw6rpwZxyEDdd13QOimVrFVpfpNleZVgunj+R+SFzDZYlHSAKwpte/RNvBe/V+cxuxaV7BqCM7xeU8hDzkPxE+IQS4Yimxxzy6b3y7KtyJN8nwjTECf7T76oigNYijNSYyKKWo0sf8/sfYET8HOElEzEH+m7Yblg784++308pRodz/8I4FolrDhORyJRiD46IDkDv47XsYtOBGgJzUlcjytNnlAvHGYDMXhVEVpMOIpuxXeNYyLvFgWaYcN8FEGgtUicXdbCinQvf2Fy6qF97IjWv2zaC/WbzbfnQl6ksiKKww1d8CawBoSzh7OibpujkK1QcyokbjPSOUJoE2IZvd1bGclrh3ypZRbqWNiRl4frCvcYRzfCO8pGkd0wUjdDI1g4kKvzgGt3lshT0=22
23
async function importRsaKey(pem) {24
const pemHeader = "-----BEGIN PUBLIC KEY-----";25
const pemFooter = "-----END PUBLIC KEY-----";26
const pemContents = pem.substring(pemHeader.length, pem.length - pemFooter.length - 1);27
const binaryDerString = window.atob(pemContents);28
const binaryDer = str2ab(binaryDerString);29
var key = await crypto.subtle.importKey(30
"spki",31
binaryDer,32
{33
name: "RSA-OAEP",34
hash: "SHA-256"35
},36
true,37
["encrypt"]38
);39
return key;40
}41
42
async function encrypt(key, msg) {43
return await crypto.subtle.encrypt(44
{name:"RSA-OAEP"},45
key,46
str2ab(msg)47
);48
}49
50
function str2ab(str) {51
const buf = new ArrayBuffer(str.length);52
const bufView = new Uint8Array(buf);53
for (let i = 0, strLen = str.length; i < strLen; i++) {54
bufView[i] = str.charCodeAt(i);55
}56
return buf;57
}58
59
function ab2b64(arrayBuffer) {60
return window.btoa(String.fromCharCode.apply(null, new Uint8Array(arrayBuffer)));61
}62
63
})();JavaScript
1
1
1
<p style="font-family:'Courier New', monospace;" id="ciphertext"></p>Test:
The resulting ciphertext can be decrypted with Python:
JavaScript
1
72
72
1
from cryptography.hazmat.primitives import serialization2
from cryptography.hazmat.primitives import hashes3
from cryptography.hazmat.primitives.asymmetric import padding4
import base645
6
pkcs8Pem = '''-----BEGIN PRIVATE KEY-----7
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7Q7RZfOzRs+5L8
HSf9vkHPKpoUGAELdT/2d8KGPmJ1/pp7Q1j2IMbvj0387lcHt124Aar9Qd6Z28lO9
zO09Y53LQ2NWSW5fSDoyb6sHqtECqKHCrfF2Xjg4q9VYqZYzaJiEvoNqEB2MyC8310
gdIZTtwczRmKMMPz11DaV8LuMQ6WjHO+Nrs/xkJYzUDXhVPjxn8Xi5LJGR1XVIRj11
WJ+GZJ7d3PGlHndEhuVlxmwZXZOJzqkz0sNVo2IIwEuCBsTLt7O+G63TAPIgz3Yx12
yM2Nr33wL9uFTNHjNoY8RarVmCIuIYz+Kmixrc70ls4nyDrIUo8CvFVl8YM9xVhm13
EkS003xAnPHVlB0bbY2/JuDwQegRIOHoN3xInzJXJJKdGfc3xAUA0jkRuWlzGVoK14
ZvSuWmimaY2zHZaHPigH2QydbNBw6GYJ4r1xtk4v39x8+WNjc3KvXxTloYjKBpMF15
Uwne5MRxt8augQ4t0Ny/vMm5/V3hSww4XSKKhIAW9HFbns0cXy2VBqoqo8REB2Dd16
zdnQDR54W3Evd8qPv88sLr/cLjOI27QcsrSPlRzKF5zPKXlssOBTO1EtJG46Og0L17
UbTNhwoOudg1smG4gJjLJcvbtkyUghLWPvziNTdNGo/T5O0KvS9g4KJcLSVAD8jo18
ntAX2wGK0Pn3OVK/IwKX3qms4AfnLwIDAQABAoICAAHxDEQnQu9TrcNSnJEJcXY719
61gM/anIP+8Gw9oPeIbfqmtfweLfaSCfvD/EmttmH88iGUtB7RRsTnSGNGmACGlM20
nBGPdlj/jzbpqHzOXRdpdy/lDM1c4blYssAWFgwXaAlsTkGBxESq6K5rJqoDgs2721
pKmlosp674gsA8XjdVLDRwnwWFWrcRGpoyP46mtAqh2s4Us7eu3mXu8GwrSqg2kq22
esjq/XKU8XjyKznCGh8CKQf0Bflz1bbgg4foGQ9BqtfsQoufBWOoswGGIvd2m9gr23
Ltv9dWmlLZQfZsuLJcOTrnoOJ4K8Ghq4G5AXB+D+1iPBnyMM837m9mkshFDZpn6i24
dYmIKaE2DgNJSto10ZTo5kmve2rM7TaytvrTQqZbPXkP7pZO6O/bELtwvaZp0Op+25
vhaUZWG5+C8gIZANv/1OAecMaDdVDbfIN+DK3ocinA6nYUE3yOBzgZkk8D4Z9A6Z26
SuvBw8Pr5QNpUXiaD/OHzY++OvB2mv4mgEC67rtd8MyB63fpY+jYyE9v5D7CChgY27
oLyEpdT+Uhtjfl5jLHj6xoF0Od2mc3PgL8yzTDpzfyGkjjkJknYJ76lxK+kSWvqi28
v+34hCFjcQexZmd8wObTXz95/c+2W65eGAooeQn3SP8dmtuu1J/+T1mW6eMSuPf429
ckhb859P3S7APkq+Gr2lAoIBAQDOO458+lYP68d9Ho4ZouxkDUyZy1LDqiwvJ16/30
X9gdDLBLgqSFvg6QyT7Gwj2rzjHTwwlKRzB/JvQH4M26omUEMTIcGQWHYr9XSwkj31
Jh49MCpomOokDl/61n+UTy2et7nFzn5AEHm+vmjEUdDzEf8b3rzIL49kmzPX1Hu132
U9tMLzfTj4uW3nY3Ahn3goKBCM+mNktXRJqhw+1MkgW3eyffa2ums0CRb3nUnsdY33
3rOAYZER2ukpbBI2vA4gKp1cgYBFehQhUBSup7HlRiwgQ3FSE4A3kFey1at2FpcZ34
/epu5PafeaFYmgjCYE5IlL+/EKSPnkf8Q+Q+KrQk/oekUAZtAoIBAQDodFmqAaor35
oRXgVeEOipE/fMssQGUOk2xZ8Yn9WwzPKGyhN498qooE2/RTHjngxmrrF/awGTq836
BiCyNPjVA0PW8TIUJxBX9155P+HxPpZZacpO3bYnWw4p24wizGJ1pgkAp7v1EWma37
VlwewKcYx/ymMfyCCwUXbw6g4z1Gi2ni5VRzuawZ9nrbbM9wvSgkWKtC80EJ+ZDY38
Tsr+5z4NqRAUZr61/HUiiBSu3UvH9089FcgelkELNYph/iaCmJnunIcFlEy5h/mA39
yIwvuGagP+yk8yYXhALQ+S/zD3b+2dzvLRDtV7b93rtgfk3B/ZAD0Dzwc03zCLpP40
dwWpE1JLK9KLAoIBAQCdnUjF3XD+0/zvc/W4RBsUUFG1zH3himIgW59+9VouwW7P41
FvZ0PI/XOebfcr49WuYb6JhmC0hWNUgV6UpyFADOFmcssDbYhLCln3RJR62ep/wR42
WqS/j7js9RgmGelMvy+crLcycSUKkW1ydPEThDKLc0ymVirqAe+6SOuO5prYe9HX43
v4I4eKayXcnIrxbcVQaWCjLEbGsdrKbkeUkjNF2B1BA/JAn53M+onvzNv85CFM8R44
bVP7U1wMNuc40DjZ5SNKdgWCfDiCTymXh2zb749g4gSA8rEDvWdAZf1vYO7Vd+nA45
ce3M0FRXcdECiaSN+sM5/AcaFi0PEgYBrAGwo3R1AoIBAQCerbX7cFF6oOavEdCk46
vYBzJzwGBBs3/PjM2S4KDdpLm1u0HZpMTpoSwRcimhKGVsvrmZsjEMXgTgqJu9FU47
j3sCwfkeeqAUfF84Q5x3svKtLKMWfRB4AxdDCYS6yGw5xVKF6PpMS0ucOHF/6KDo48
MLRNuveUyfL60SvaNeTBQC/S3BtvOAK8Yl3xZXChk+5QCVs3Q5hVN9BhaD/4C2B349
sL2yP4TV8/T90ojT6WpuoWqs1y6ZepYCEdVaGUSuh38kvCMLcvWA/Mob2Eqh1K3x50
nFFtNDH/gXTus/vAXwEq7Qt9FXVlnyfiWuXr86wezXk+sSq4NO20BnQwBJ6PkQnv51
GIYLAoIBABtXxV8hE9Jrk5K2jfPkGCbjs5rvVeUcTN5wMay4dHNblrTb9EIRiYPg52
716yinJo71tvQRjvxBBkFjXYZ07ygebW5UmQdmvi4BkR+2gKn42sC5O6jvOQVNZY53
ArLCgjK9QRQ/Sd5XT9yhR4/E5e3xF9Tn6/vEbaY24SgXDPe7gw6VOS+80eEVswx854
O7pEGfJSCySIPgFmn/2gTeQtkkNj5WSfl3dXYQJ+QQ8p5Eo+2O39hPXo7ATST5Aq55
NI+6emgx79Ka/kfqRK0JjIb6cJLvSdsmM4APn4sZrVvRy9rSrZ+9drbNpnLua77856
eWkk35z7vGmQT6CyzIhDJycFAIFkv6M=57
-----END PRIVATE KEY-----'''58
59
private_key = serialization.load_pem_private_key(60
pkcs8Pem.encode('utf-8'),61
password=None62
)63
64
ciphertextFromJS = "IH+AikadAv7hdWJgKaLYTIgmN+Pvq4c5BU+VQi6irxCSI/IA30Tp6QK/rdNZYQDlNNJIk0XvK1AgbHPW3tBOygZjFGWVdVzDbYIhhva0o1FtHZluCIhxpJLEpAFKq+sMuBTtKeCqL8S4cS6B0GaDQzBjTh2D6k+p/fjVSx00bq4aqRUsgdYoa1uT3ook66qQfcyunImx++JrkjTSw7LB5XHjcGKXH3/92ZcxWyqBr5hIRje5Bdz6xPjpuGMlaPuOseVdyHEDcrAMl874NK16tz6ThkGw6rpwZxyEDdd13QOimVrFVpfpNleZVgunj+R+SFzDZYlHSAKwpte/RNvBe/V+cxuxaV7BqCM7xeU8hDzkPxE+IQS4Yimxxzy6b3y7KtyJN8nwjTECf7T76oigNYijNSYyKKWo0sf8/sfYET8HOElEzEH+m7Yblg784++308pRodz/8I4FolrDhORyJRiD46IDkDv47XsYtOBGgJzUlcjytNnlAvHGYDMXhVEVpMOIpuxXeNYyLvFgWaYcN8FEGgtUicXdbCinQvf2Fy6qF97IjWv2zaC/WbzbfnQl6ksiKKww1d8CawBoSzh7OibpujkK1QcyokbjPSOUJoE2IZvd1bGclrh3ypZRbqWNiRl4frCvcYRzfCO8pGkd0wUjdDI1g4kKvzgGt3lshT0="65
decrypted = private_key.decrypt(66
base64.b64decode(ciphertextFromJS),67
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),68
algorithm=hashes.SHA256(),69
label=None))70
71
print(decrypted.decode('utf-8')) # The quick brown fox jumps over the lazy dog72
A note about the encoding of the plaintext: Keep in mind that str2ab(msg) in encrypt() requires a string for msg where charCodeAt() returns a value less than 256, i.e. a single byte, for each character.
For the plaintext in the above example, this is satisfied. For arbitrary plaintexts, however, this is usually not true (e.g. € (U+20AC) equals 2 bytes). Therefore, to support arbitrary plaintexts, UTF-8 encoding should be used, e.g. new TextEncoder().encode(msg) instead of str2ab(msg).
For str2ab(binaryDerString) in importRsaKey() this is not critical, since binaryDerString is a binary string where each character corresponds to a single byte.