I prepared an example web page here:
https://mowa-net.jp/demos/jsrsasign_exp/index.html
Based on jsrsasign 4.1.2 release.
Look at encrypted rsa pem strings. They won't be decrypted with "openssl rsa" even if we specify the correct password "hogehoge". We can even see the content looks obviously inappropriate
Example:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,101D89EE3900CAFAAF580A3EEB54E1D3
AAAAAHUAAAAUAAAAAAEAAAAAyQAAAwAAAAAAAAAAVwALAAwBDwAAAAAAAAoPAAAA
AAAAAAACAAAPDwAAAGW+AKMEAAAKAAAAAAAAAAAICgAMAAAANgANAAAAAAAAAAAA
AMAAAA+WAJ4AAwAAAAAAAAsAAAoACgwAAAADCg4A7wAOAAEADw8AAAwAAAgAAAAP
CAkADgAPAA4ADAgAAAgAAAAMAAAAAA8AAAAADAAAAAAAAAsAAADRAOwJAAAAowAA
AA8AAAAADAAAAA0AAAAABQAAAAAAAABeAAAAAAAAAAAAAAAAAAABDAD5AAAAAAAA
AAAAAAAAAGkAAAAFDs4AANwAAAAKDJUKAOYABwD6AADdAAAAAAAAAAALAKQAAA0J
AAAKAA0AAA8AAA8OoAsAAAYAAAoAAAAADQwA+QAKAAAAAAAAuQAAAAoAAAAACgAA
AAA7ALXKAAUAAAgDAAAAAAAAAO0ADQAAAAAAngAAAAcAAAAJBgC7DgAP5gAIDA0A
AAAAAAAAAAAADg0OAAgADAANmAAOBA==
-----END RSA PRIVATE KEY-----
There are a lot of 'A's.
The root cause seems that PKCS5PKEY.encryptGeneral() has seemingly wrong logic.
var encryptGeneral = function(f, dataHex, keyHex, ivHex) {
var data = CryptoJS.enc.Hex.parse(dataHex);
var key = CryptoJS.enc.Hex.parse(keyHex);
var iv = CryptoJS.enc.Hex.parse(ivHex);
var msg = {};
var encryptedHex = f.encrypt(data, key, { iv: iv });
var encryptedWA = CryptoJS.enc.Hex.parse(encryptedHex.toString());
var encryptedB64 = CryptoJS.enc.Base64.stringify(encryptedWA);
return encryptedB64;
};
It seems this should be
var encryptGeneral = function(f, dataHex, keyHex, ivHex) {
var data = CryptoJS.enc.Hex.parse(dataHex);
var key = CryptoJS.enc.Hex.parse(keyHex);
var iv = CryptoJS.enc.Hex.parse(ivHex);
return f.encrypt(data, key, { iv: iv }).toString();
};
Confusingly crypto-js's OpenSSLFormatter (see crypto-js's cipher-core.js) returns BASE64 string, not hex, so applying Hex.parse() and Base64.stringify() are inappropriate for that exact case (crypto-js's other formatter does use Hex).
A modified version is here:
https://mowa-net.jp/demos/jsrsasign_exp/mod.html
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,2738243672EA92E5D087AC8FB082014F
PgmtJrgX8WlD2fiESIVIMC7Th2CAITzZNAxMLx9gjnxbzP+CdQF8him3AoeOl4zx
w8LB0JoUvjPqiwGaggv7K9qQLAUSoyEd/IYzGdJdXVrRYk1ZmwZm6c2L4KegdNLE
4+SZ10oU/XKzFkpdzb5cvYRksuje4gLAwR0osC3FS7LzJF2/hhmDmf6Lh7DWxdWF
/VxiqYvq3RswOldLwvLQjcmdE4OrRk2TCiYy/Hr3FjIApVQe0xRu7oM86kIExNB0
QNq2shu37pOTRMjaIlFeBvC8rZDDmmlC1T+IntXkaZalt4k49HlGea1PzHFPku9w
YLXKPxkl+sLVhojN2Lpm9D+OWubLMNgZrY6N6wnEF2mErYcstbL8q0FCfnJnpg+1
GEGxhnRVX8kPWBE1g24EEJcCfVj8ks5R2sRj9wotEBCOuQw3A1hEVFlbhwJ2xsKK
6q9BXUba3m8yCaV5Ldga0bkD9VfImN08iE0SHTPIWMIgMv4bqU//5COxkz9Fm1se
vvdDW99hg4KwDjVwBm9wcvwgq2wAT54voC5KVW1QGMeYuZMyAeGeQL7RbLkoLcNL
Pe2l8Gtzl2GHXPJKsMZbeYvggrol7mVVOogXSqlJXVxb9drHCSt2mNxv6BafXo+o
kwL00Fw4YrcCeq3msog19QV6qHcW9iH6QzjKSNnoZhKRuOxpmBxEelQX1tEJF412
DMOKCh/pBLXI2O99shbRx6vjb98HB79TPJrd5Jm+GGJLChpYRqOIPn0GP37nvZTN
sCEHy0S0x8OP45Nap01GOMWZf8JmpAMBTvtKCVMVrA4=
-----END RSA PRIVATE KEY-----
This can be decrypted with "openssl rsa"