From e810ce241f14585ceba5adaaff4d4fd2a3b05100 Mon Sep 17 00:00:00 2001
From: Maik Marschner <m.marschner@wertarbyte.com>
Date: Wed, 26 Mar 2025 15:18:06 +0100
Subject: [PATCH] Use node-rsa for private pkcs1 decryption.

---
 lib/crypto/Crypto.js | 13 +++++++++----
 package-lock.json    | 11 +++++++++--
 package.json         |  1 +
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/lib/crypto/Crypto.js b/lib/crypto/Crypto.js
index 1cefdac..f3aad15 100644
--- a/lib/crypto/Crypto.js
+++ b/lib/crypto/Crypto.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const crypto = require('crypto');
+const NodeRSA = require('node-rsa');
 
 const BigNumber = require('./BigNumber.js');
 const mgf1 = require('./MGF1');
@@ -54,10 +55,14 @@ module.exports = class Crypto {
 	}
 
 	static privateDecrypt(key, data) {
-		return crypto.privateDecrypt({
-			key: key.toPem(),
-			padding: crypto.constants.RSA_PKCS1_PADDING,
-		}, data);
+		const keyRSA = new NodeRSA(
+			key.toPem(),
+			'pkcs1-private-pem', {
+				encryptionScheme: 'pkcs1',
+				environment: 'browser', // would use the crypto module by default, which blocks pkcs1
+			},
+		);
+		return keyRSA.decrypt(data);
 	}
 
 	static privateSign(key, data, outputEncoding = 'base64') {
diff --git a/package-lock.json b/package-lock.json
index 93bca49..6a19aff 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -13,6 +13,7 @@
 				"handlebars": "^4.7.8",
 				"js2xmlparser": "^5.0.0",
 				"node-forge": "^1.3.1",
+				"node-rsa": "^1.1.1",
 				"rock-req": "^5.1.3",
 				"uuid": "^9.0.1",
 				"xml-crypto": "^6.0.0",
@@ -767,7 +768,6 @@
 		},
 		"node_modules/asn1": {
 			"version": "0.2.4",
-			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"safer-buffer": "~2.1.0"
@@ -3498,6 +3498,14 @@
 			"integrity": "sha512-uYr7J37ae/ORWdZeQ1xxMJe3NtdmqMC/JZK+geofDrkLUApKRHPd18/TxtBOJ4A0/+uUIliorNrfYV6s1b02eQ==",
 			"dev": true
 		},
+		"node_modules/node-rsa": {
+			"version": "1.1.1",
+			"resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
+			"integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
+			"dependencies": {
+				"asn1": "^0.2.4"
+			}
+		},
 		"node_modules/normalize-path": {
 			"version": "3.0.0",
 			"dev": true,
@@ -4218,7 +4226,6 @@
 		},
 		"node_modules/safer-buffer": {
 			"version": "2.1.2",
-			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/semver": {
diff --git a/package.json b/package.json
index 116eb86..e345050 100644
--- a/package.json
+++ b/package.json
@@ -70,6 +70,7 @@
 		"handlebars": "^4.7.8",
 		"js2xmlparser": "^5.0.0",
 		"node-forge": "^1.3.1",
+		"node-rsa": "^1.1.1",
 		"rock-req": "^5.1.3",
 		"uuid": "^9.0.1",
 		"xml-crypto": "^6.0.0",