Web Crypto API RSASSA-PKCS1-v1_5 Generate Keys Sign & verify Message

by Anish

Posted on Monday september 24, 2018

This sample chapter extracted from the book, Cryptography for JavaScript Developers.

The Web crypto api RSASSA-PKCS1-v1_5 algorithm identifier is used to perform signing and verification using the RSASSA-PKCS1-v1_5 algorithm specified in [RFC3447] and using the SHA hash functions defined in this specification.

  • Sign: Perform the signature generation operation
  • Verify: Perform the signature verification operation
  • Generate Key: Generate an RSA key pair, with RSA modulus length equal to the modulusLength attribute of normalizedAlgorithm and RSA public exponent equal to the publicExponent attribute of normalizedAlgorithm

RSASSA-PKCS1-v1_5 Demo

This is the web cryptography api example of performing RSASSA-PKCS1-v1_5 message signing and verifying the signature, for the demo purpose the RSASSA-PKCS1-v1_5 keys are extracted in JWK format

Input Text to Signed
Signature Output (Hex)
RSASSA-PKCS1-v1_5 Public Key (JWK) :
RSASSA-PKCS1-v1_5 Private Key (JWK):

RSASSA-PKCS1-v1_5 Javascript example of using webcrypto api

Generate RSASSA-PKCS1-v1_5 Keys for the signing and verifying purpose, message signing is done through

   window.crypto.subtle.generateKey({
            name: "RSASSA-PKCS1-v1_5",
            modulusLength: 2048, //can be 1024, 2048, or 4096
            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
            hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
        },
        true, //whether the key is extractable (i.e. can be used in exportKey)
        ["sign", "verify"] //can be any combination of "sign" and "verify"
    )
    .then(function(key) {

        publicKey = key.publicKey;
        privateKey = key.privateKey;
        // For Demo Purpos Only Exported in JWK format
        window.crypto.subtle.exportKey("jwk", key.publicKey).then(
            function(keydata) {
                publicKeyhold = keydata;
                publicKeyJson = JSON.stringify(publicKeyhold);
                document.getElementById("rsapublic").value = publicKeyJson;
            }
        );

        window.crypto.subtle.exportKey("jwk", key.privateKey).then(
            function(keydata) {
                privateKeyhold = keydata;
                privateKeyJson = JSON.stringify(privateKeyhold);
                document.getElementById("rsaprivate").value = privateKeyJson;
            }
        );

The sign process using the user private key.

        window.crypto.subtle.sign({
                    name: "RSASSA-PKCS1-v1_5",
                },
                privateKey, //from generateKey or importKey above
                asciiToUint8Array(plainText) //ArrayBuffer of data you want to sign
            )
            .then(function(signature) {
                //returns an ArrayBuffer containing the signature
                document.getElementById("cipherText").value = bytesToHexString(signature);
            })
            .catch(function(err) {
                console.error(err);
            });


    })
    .catch(function(err) {
        console.error(err);
    });

RSASSA-PKCS1-v1_5 Verify the message signature using the public key

    window.crypto.subtle.verify({
            name: "RSASSA-PKCS1-v1_5",
        },
        publicKey, //from generateKey or importKey above
        hexStringToUint8Array(cipherText), //ArrayBuffer of the data
        asciiToUint8Array(plainText)
    )
    .then(function(decrypted) {
        alert("Verified   " + decrypted);
    })
    .catch(function(err) {
        console.error(err);
    });
Download the sample code here
Next Reading RSA-OAEP generateKey/Encrypt/Decrypt

Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9

Web Crypto API Topics
Go Lang Cryptography Topics
Applied Cryptography Topics
Ansible Related Topics
Kubernetes Related Topics
  • kubernetes (pod/deployment/svc) YAML/JSON Generator
  • Docker compose to kubernetes Generator
  • kubernetes to Docker Compose Generator
  • Docker compose Generator
  • Docker run to compose Generator
  • Docker compose to docker run Generator
  • kubernetes install on using ansible
  • kube install on in centos7/ubuntu7
  • kubernetes Dashbaord Setup
  • Pod,Cluster,Deploy,ReplicaSet Light Dive
  • kubernetes secure nginx deployment
  • kubernetes Port, Targetport and NodePort
  • kubernetes Namespace
  • kubenetes Auth,Authorization,Admission
  • kubernetes Role-Based Access Control
  • Kubernetes Privilege Escalation Vulnerability
  • Upgrading kubernetes cluster
  • Prometheus Dashboard Access
  • Kubernetes mysql installation
  • Kubernetes Jenkins installation
  • Podman Jenkins installation
  • Kubernetes mariadb installation
  • Kubernetes wordpress installation
  • Kubernetes drupal installation
  • Kubernetes traefik installation
  • Kubernetes Ingress traefik
  • kubernetes service external ip pending ?
  • Service Mesh With Istio
  • Access SVC in Another Namespaces
  • kubernetes Java client example
  • kubernetes letsencrypt deploy wild card certificate
  • Right Way to Install Docker
  • Docker Private repo with SSL and AUTH
  • Creating Docker Base Image
  • Container Runtime (RUNC,RKT,CRI-O,Conatinerd)
  • Podman Install on Ubuntu/Debian
    • Openstack Articles
    Linux Related Topics
    python Cryptography Topics
    PHP Cryptography Topics
    Topics
    For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

    Kubernetes for DevOps

    Hello Dockerfile

    Cryptography for Python Developers

    Cryptography for JavaScript Developers

    Go lang ryptography for Developers

    Here