'Why I can't use RSASSA-PKCS1-v1_5 to encrypt/decrypt?

First of all, I'm completely new to cryptography and I just have basic knowledge about some encryption algorithms and how they work such as RSA, DES and so on.

I want to use SubtleCrypto in JS to do some stuff including signing, verifying, encrypting, decrypting using RSA.

I'm just unable to produce a key pair for doing all of them; for example, below code works fine for generating a key pair to do signing/verifying:

let keyPair = window.crypto.subtle.generateKey(
    {
        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 4096,
        publicExponent: new Uint8Array([1, 0, 1]),
        hash: "SHA-512"
    },
    true,
    ['sign', 'verify']
  );
  
  keyPair.then((value)=>{
    console.log("worked properly.");
  })
  .catch((error)=>{console.log("Error:", error)})

But when I use above code to generate a key pair for encrypting/decrypting I'll get a DOMException(in browser) or SyntaxError(in snippet):

let keyPair = window.crypto.subtle.generateKey(
    {
        name: "RSASSA-PKCS1-v1_5",
        modulusLength: 4096,
        publicExponent: new Uint8Array([1, 0, 1]),
        hash: "SHA-512"
    },
    true,
    ['encrypt', 'decrypt']
  );
  
  keyPair.then((value)=>{
    console.log("worked properly.");
  })
  .catch((error)=>{console.log("Error:", error)})

Note: I figured out RSA-OAEP behaves completely different, I means it works with encrypting/decrypting but gets stuck for signing/verifying and shows same error.

Question: Can you please provide me a link which explain the differences between these RSA variants and when should I use which one of them? I googled for it but I couldn't find anything and there is no explanation in MDN

Sorry if my English wasn't very well.

javascriptcryptographyrsacryptoapi


Solution 1:[1]

It seems using those algorithms are kind of insecure for decryption nowadays.

But if you are still looking for a way to encrypt/decrypt using RSASSA-PKCS1-v1_5, then take a look to https://www.npmjs.com/package/jsencrypt

Update: It has not been proved is insecure to use RSASSA-PKCS1-v1_5, but still is not recommendable.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?