I have been exploring various JavaScript libraries for RSA encryption and decryption and have came across one, JSEncrypt at https://cdnjs.cloudflare.com/ajax/libs/jsencrypt/2.3.1/jsencrypt.min.js.
However, I face great difficulty in trying to understand the logic and operations that were used by this library for RSA encryption and decryption. Mainly,
- What are the algorithms used by the encryption algorithm?
- What padding schemes is used?
- Is there any salt? If so, how is the salt generated?
- Any other information that should be noted.
I was not able to find any decent documentation of this library and I was not able to understand the slightest bit of the source code. Any help is greatly appreciated.
Instead of trying to read minified code, see the homepage linked from npm (and also found as one of my top google hits) which both link to the code in github which is nicely formatted and commented as it should. The current code actually supports RSA signature as well as encryption, plus key generation and the reading and writing of OpenSSL-compatible PEM files, although based on the comments I think signature might not be in your version 2.3.1, which doesn't seem to be in this repository or at least not tagged. The RSA core at https://github.com/travist/jsencrypt/blob/master/lib/jsbn/rsa.ts clearly shows it uses 'pkcs1' 'type 1' padding for signature and 'type 2' for encryption; these are the schemes from PKCS1 v1.5, now retronymed RSASSA-PKCS1-v1_5 (RSASSA = RSA Signature Scheme with Appendix) and RSAES-PKCS1-v1_5 (RSAES = RSA Encryption Scheme) in current PKCS1 v2. Old-PKCS1 type 1 is deterministic; type 2 is randomized using https://github.com/travist/jsencrypt/blob/master/lib/jsbn/rng.ts which you can judge for yourself.