Trying to symmetrically encrypt a value for storage in the client (httpOnly cookie) and having an issue decrypting

Question

I am trying to encrypt a value on my server with a private key to store it on the client within an httpOnly cookie.

I am having trouble with the encryption/decryption lifecycle

function encrypt(input) {
  const encryptedData = crypto.privateEncrypt(
    privateKey,
    Buffer.from(input)
  )
  return encryptedData.toString('base64')
}

function decrypt(input) {
  const decryptedData = crypto.privateDecrypt(
    { key: privateKey },
    Buffer.from(input, 'base64'),
  )
  return decryptedData.toString()
}

const enc = encrypt('something moderately secret')
const dec = decrypt(enc)

console.log(dec) // 'something moderately secret'

However the crypto.privateDecrypt function is throwing with

Error: error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error

Side question, is it safe to reuse the same private key the server uses to sign JWTs. It's an rsa key generated using ssh-keygen -t rsa -b 4096 -m PEM -f RS256.key

Answer 1

So, you don't use crypto.privateEncrypt() with crypto.privateDecrypt(). That's not how they work. Those functions are for asymmetric encryption, not for symmetric encryption. You use either of these two pairs:

crypto.publicEncrypt() ==> crypto.privateDescrypt()
crypto.privateEncrypt() ==> crypto.publicDecrypt()

So, that's why you're getting the error you're getting. The nodejs doc for crypto.privateDecript() says this:

Decrypts buffer with privateKey. buffer was previously encrypted using the corresponding public key, for example using crypto.publicEncrypt().

If what you really want is symmetric encryption, there are a bunch of options in the crypto module for that. There are some examples shown here: https://www.section.io/engineering-education/data-encryption-and-decryption-in-node-js-using-crypto/ and https://fireship.io/lessons/node-crypto-examples/#symmetric-encryption-in-nodejs.