TTC
Theo's Typesafe Cult4mo ago
Rockstaa8055

RSA_PKCS1_PADDING is no longer supported for private decryption

Summary I am using the native Node crypto module to decrypt data using the pkcs1 padding scheme in a next.js serverless function. I am getting this error on production deployments. (It is working on local dev environment) The error message says this can be "reverted" but where do i actually pass that argument in a production deployment? 
TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809
at Object.privateDecrypt (node:internal/crypto/cipher:79:12)
at handler (/var/task/.next/server/pages/api/admin/captureUpi.js:99:80)
at Object.apiResolver (/var/task/node_modules/next/dist/server/api-utils/node.js:363:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async NextNodeServer.runApi (/var/task/node_modules/next/dist/server/next-server.js:487:9)
at async Object.fn (/var/task/node_modules/next/dist/server/next-server.js:749:37)
at async Router.execute (/var/task/node_modules/next/dist/server/router.js:253:36)
at async NextNodeServer.run (/var/task/node_modules/next/dist/server/base-server.js:384:29)
at async NextNodeServer.handleRequest (/var/task/node_modules/next/dist/server/base-server.js:322:20)
at async Server.<anonymous> (/var/task/___next_launcher.cjs:26:5) {
code: 'ERR_INVALID_ARG_VALUE'
}
Node.js process exited with exit status: 1. The logs above can help with debugging the issue.
Unknown application error occurred
TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption, this can be reverted with --security-revert=CVE-2023-46809
at Object.privateDecrypt (node:internal/crypto/cipher:79:12)
at handler (/var/task/.next/server/pages/api/admin/captureUpi.js:99:80)
at Object.apiResolver (/var/task/node_modules/next/dist/server/api-utils/node.js:363:15)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async NextNodeServer.runApi (/var/task/node_modules/next/dist/server/next-server.js:487:9)
at async Object.fn (/var/task/node_modules/next/dist/server/next-server.js:749:37)
at async Router.execute (/var/task/node_modules/next/dist/server/router.js:253:36)
at async NextNodeServer.run (/var/task/node_modules/next/dist/server/base-server.js:384:29)
at async NextNodeServer.handleRequest (/var/task/node_modules/next/dist/server/base-server.js:322:20)
at async Server.<anonymous> (/var/task/___next_launcher.cjs:26:5) {
code: 'ERR_INVALID_ARG_VALUE'
}
Node.js process exited with exit status: 1. The logs above can help with debugging the issue.
Unknown application error occurred
Solution:
UPDATE: Found a workaround by using NodeRSA and setting the environment to browser (It will use the node crypto library with the CVE by default) ```typescript import NodeRSA from "node-rsa"; ...
Jump to solution
2 Replies
Rockstaa8055
Rockstaa80554mo ago
Steps to Reproduce Create an endpoint on next.js and deploy it to vercel 
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import crypto from "crypto";

type Response = {
  status: number;
  message?: string;
};

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse<Response>,
) {
  const encryptedBody = req.body["encryptedBody"];

  const privateKeyString = Buffer.from(
    process.env.PRIVATE_KEY ?? "",
    "base64",
  ).toString("utf8");

  const privateKey = crypto.createPrivateKey({
    key: privateKeyString,
    format: "pem",
  });

  const decryptedRequestData = crypto
    .privateDecrypt(
      {
        key: privateKey,
        padding: crypto.constants.RSA_PKCS1_PADDING,
      },
      Buffer.from(encryptedBody, "base64"),
    )
    .toString("utf8");

  console.log("decryptedRequestData", decryptedRequestData);

  return res.status(200).json({
    status: 200,
    message: "Success",
  });
}
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import crypto from "crypto";

type Response = {
  status: number;
  message?: string;
};

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse<Response>,
) {
  const encryptedBody = req.body["encryptedBody"];

  const privateKeyString = Buffer.from(
    process.env.PRIVATE_KEY ?? "",
    "base64",
  ).toString("utf8");

  const privateKey = crypto.createPrivateKey({
    key: privateKeyString,
    format: "pem",
  });

  const decryptedRequestData = crypto
    .privateDecrypt(
      {
        key: privateKey,
        padding: crypto.constants.RSA_PKCS1_PADDING,
      },
      Buffer.from(encryptedBody, "base64"),
    )
    .toString("utf8");

  console.log("decryptedRequestData", decryptedRequestData);

  return res.status(200).json({
    status: 200,
    message: "Success",
  });
}
Solution
Rockstaa8055
Rockstaa80554mo ago
UPDATE: Found a workaround by using NodeRSA and setting the environment to browser (It will use the node crypto library with the CVE by default) 
import NodeRSA from "node-rsa";

const privateKeyString = Buffer.from(
  process.env.PRIVATE_KEY ?? "",
  "base64",
).toString("utf8");

const privateKey = new NodeRSA(privateKeyString);
privateKey.setOptions({ encryptionScheme: "pkcs1", environment: "browser" });

const decryptedRequestData = privateKey
  .decrypt(encryptedBody)
  .toString("utf8");

console.log("decryptedRequestData", decryptedRequestData);
import NodeRSA from "node-rsa";

const privateKeyString = Buffer.from(
  process.env.PRIVATE_KEY ?? "",
  "base64",
).toString("utf8");

const privateKey = new NodeRSA(privateKeyString);
privateKey.setOptions({ encryptionScheme: "pkcs1", environment: "browser" });

const decryptedRequestData = privateKey
  .decrypt(encryptedBody)
  .toString("utf8");

console.log("decryptedRequestData", decryptedRequestData);
Want results from more Discord servers?
Add your server
More Posts
Tutotial - What settings to chooseDoes anyone know what database he is using in this video? Because I want to do it step by step perfeBest resources / learning material?Hi all, I have been developing in HTML and CSS for some time, but looking to move more into JavaScrHELP ME w/ SIMPLE CSS/FLEXBOX(please ty, istg im losing my mind over something so simple) GOAL: I want to apply flex-grow to theShould I switch jobs?I’ve been a software engineer at a large automotive company for 5 years and my base salary is about Advanced Typescript ResourcesDoes anyone have good resources for learning more complex typescript types. Looking for stuff mainlyUploadthing Image not showing upI feel like I'm making some dumb mistake but hoping someone else will see the error in my ways 😅. Large number of Vercel Edge Middleware Invocations coming from next-auth's `/api/auth/session`I am using the `create-t3-app` with `NextAuth` for auth. Also using the `pages` router for this projShadcn - Drawer - Vaul - flashing after closing DrawerHello, I'm currently working on a project where I use shadcn-ui and I am trying to integrate a draw