rzcoder
rzcoder
Is this PR will be merged any time soon?
@alantoledo007 hi! Can you provide minimal snippet with bug?
I mean the working piece of the code with the bug My test works fine ```js const NodeRSA = require("../src/NodeRSA") const key = new NodeRSA("-----BEGIN RSA PRIVATE KEY-----\n" + "MIIBPQIBAAJBAPjFVq2K1qm59eS70nhpnh+Yx4/jaoulc2nzWw0AG6wwr29igI7q\n"...
I can't run & debug this. Can you provide snippet without dependencies?
For me it just works fine. As I said, probably node bug, or may be your system. Try to install different node version or test it on other system.
Your key is not valid key for this lib.
You can use openssl for it I guess.
Did I understand correctly that the vulnerability essentially necessitated access to the machine running node-rsa code?
Is it same result with default pkcs1_oaep scheme? Also, can you pls confirm same result with `keyObj.setOptions({environment: "browser"})`? Probably yes, just wondering.
@tomato42 It doesn't seem like anything can be fixed here. The engine on pure JS is used only in client-side code, and shouldn't be vulnerable to such an exploit through...