xml-encryption - npm Package Compare versions

Comparing version 1.3.0 to 2.0.0

lib/xmlenc.js

@@ -5,3 +5,2 @@ var crypto  = require('crypto');
 var utils   = require('./utils');
-var pki     = require('node-forge').pki;
 
@@ -13,7 +12,13 @@ const insecureAlgorithms = [
   'http://www.w3.org/2001/04/xmlenc#tripledes-cbc'];
+
 function encryptKeyInfoWithScheme(symmetricKey, options, scheme, callback) {
+  const padding = scheme === 'RSA-OAEP' ? crypto.constants.RSA_PKCS1_OAEP_PADDING : crypto.constants.RSA_PKCS1_PADDING;
+  const symmetricKeyBuffer = Buffer.isBuffer(symmetricKey) ? symmetricKey : Buffer.from(symmetricKey, 'utf-8');
+
   try {
-    var rsa_pub = pki.publicKeyFromPem(options.rsa_pub);
-    var encrypted = rsa_pub.encrypt(symmetricKey.toString('binary'), scheme);
-    var base64EncodedEncryptedKey = Buffer.from(encrypted, 'binary').toString('base64');
+    var encrypted = crypto.publicEncrypt({
+      key: options.rsa_pub,
+      padding: padding
+    }, symmetricKeyBuffer);
+    var base64EncodedEncryptedKey = encrypted.toString('base64');
 
@@ -253,5 +258,5 @@ var params = {
 function decryptKeyInfoWithScheme(encryptedKey, options, scheme) {
-  var key = Buffer.from(encryptedKey.textContent, 'base64').toString('binary');
-  var private_key = pki.privateKeyFromPem(options.key);
-  var decrypted = private_key.decrypt(key, scheme);
+  var padding = scheme === 'RSA-OAEP' ? crypto.constants.RSA_PKCS1_OAEP_PADDING : crypto.constants.RSA_PKCS1_PADDING;
+  var key = Buffer.from(encryptedKey.textContent, 'base64');
+  var decrypted = crypto.privateDecrypt({ key: options.key, padding: padding}, key);
   return Buffer.from(decrypted, 'binary');
@@ -258,0 +263,0 @@ }

package-lock.json

 {
   "name": "xml-encryption",
-  "version": "1.3.0",
+  "version": "2.0.0",
   "lockfileVersion": 1,
@@ -690,7 +690,2 @@ "requires": true,
     },
-    "node-forge": {
-      "version": "0.10.0",
-      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz",
-      "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA=="
-    },
     "normalize-path": {
@@ -697,0 +692,0 @@ "version": "3.0.0",

package.json

 {
   "name": "xml-encryption",
-  "version": "1.3.0",
+  "version": "2.0.0",
   "devDependencies": {
@@ -25,3 +25,2 @@ "mocha": "^7.1.2",
     "escape-html": "^1.0.3",
-    "node-forge": "^0.10.0",
     "xpath": "0.0.32"
@@ -37,4 +36,4 @@ },
   "engines": {
-    "node": ">=8"
+    "node": ">=12"
   }
 }

README.md

@@ -5,3 +5,3 @@ [![Build Status](https://travis-ci.org/auth0/node-xml-encryption.png)](https://travis-ci.org/auth0/node-xml-encryption)
 
-Supports node >= 8
+Supports node >= 12
 
@@ -8,0 +8,0 @@ ## Usage

No alert changes

Improved metrics

Dependency count

3

decreased by-25%

Worsened metrics

Total package byte prevSize

64595

decreased by-0.07%

Lines of code

1457

decreased by-0.14%

Dependency changes

• - Removednode-forge@^0.10.0

• - Removednode-forge@0.10.0(transitive)