diff --git a/.gitignore b/.gitignore index c0cc4df..1693057 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,6 @@ coverage/ .nyc_output/ build/ *.node -settings.json \ No newline at end of file +settings.json +*.pem +client_keys/ \ No newline at end of file diff --git a/src/core/crypto/rsa.ts b/src/core/crypto/rsa.ts index 6b15057..e521f7d 100644 --- a/src/core/crypto/rsa.ts +++ b/src/core/crypto/rsa.ts @@ -3,7 +3,7 @@ * Matches the Python implementation using RSA-OAEP with SHA-256 */ -import { getCrypto, pemToArrayBuffer, arrayBufferToPem, stringToArrayBuffer, arrayBufferToString } from './utils'; +import { getCrypto, pemToArrayBuffer, arrayBufferToPem, stringToArrayBuffer, arrayBufferToString, generateRandomBytes } from './utils'; import { SecureByteContext } from '../memory/secure'; export class RSAOperations { @@ -162,8 +162,8 @@ export class RSAOperations { ); // Wrap salt so it is zeroed after use - const saltBytes = crypto.getRandomValues(new Uint8Array(16)); - const saltContext = new SecureByteContext(saltBytes.buffer, true); + const saltBytes = generateRandomBytes(16); + const saltContext = new SecureByteContext(saltBytes.buffer as ArrayBuffer, true); return saltContext.use(async (saltBuf) => { const saltView = new Uint8Array(saltBuf); const derivedKey = await this.subtle.deriveKey( @@ -175,8 +175,8 @@ export class RSAOperations { ); // Wrap IV so it is zeroed after use - const ivBytes = crypto.getRandomValues(new Uint8Array(16)); - const ivContext = new SecureByteContext(ivBytes.buffer, true); + const ivBytes = generateRandomBytes(16); + const ivContext = new SecureByteContext(ivBytes.buffer as ArrayBuffer, true); return ivContext.use(async (ivBuf) => { const ivView = new Uint8Array(ivBuf); const encrypted = await this.subtle.encrypt(