January 22, 2021

Getting Modolous and Exponent out from a public key aws encryption

Hi Guys I’m trying to extract a public key modolous/ exponent from aws encryption library, I’m able to extract it via another language but I’m facing a major blocker for javascript.

The publickey decoded has to be in ASN.l base64 value appreciate if anyone can provide me guidance, I’ve look up relevant url [https://www.example-code.com/nodejs/rsa_key_modulus.asp](https://www.example-code.com/nodejs/rsa_key_modulus.asp) extraction process already but it doesn’t seem to work for me.

As well as sof, answers provided is not in javascript.


/**Extract Modulous and exponent ASN.l from publickey */

import {
} from ‘@aws-crypto/client-node’;
import { generateKeyPair } from ‘crypto’;
import { promisify } from ‘util’;
const generateKeyPairAsync = promisify(generateKeyPair);
/* This builds the client with the REQUIRE_ENCRYPT_REQUIRE_DECRYPT commitment policy,
 * which enforces that this client only encrypts using committing algorithm suites
 * and enforces that this client
 * will only decrypt encrypted messages
 * that were created with a committing algorithm suite.
 * This is the default commitment policy
 * if you build the client with `buildClient()`.
const { encrypt, decrypt } = buildClient(
 * This function is an example of using the RsaKeyringNode
 * to encrypt and decrypt a simple string
export async function rsaTest() {
/* You need to specify a name
   * and a namespace for raw encryption key providers.
   * The name and namespace that you use in the decryption keyring *must* be an exact,
   * *case-sensitive* match for the name and namespace in the encryption keyring.
const keyName = ‘rsa-name’;
const keyNamespace = ‘rsa-namespace’;
// Get your key pairs from wherever you  store them.
const rsaKey = await generateRsaKeys();
const { publicKey, privateKey } = await generateRsaKeys();
/**Would like to extract Modulous and exponent ASN.l from publickey here*/
/* The RSA keyring must be configured with the desired RSA keys
   * If you only want to encrypt, only configure a public key.
   * If you only want to decrypt, only configure a private key.
const keyring = new RawRsaKeyringNode({ keyName, keyNamespace, rsaKey });
/* Encryption context is a *very* powerful tool for controlling and managing access.
   * It is ***not*** secret!
   * Encrypted data is opaque.
   * You can use an encryption context to assert things about the encrypted data.
   * Just because you can decrypt something does not mean it is what you expect.
   * For example, if you are are only expecting data from ‘us-west-2’,
   * the origin can identify a malicious actor.
   * See: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#encryption-context
const context = {
stage: ‘demo’,
purpose: ‘simple demonstration app’,
origin: ‘us-west-2’,
/* Find data to encrypt.  A simple string. */
const cleartext = ‘asdf’;
/* Encrypt the data. */
const { result } = await encrypt(keyring, cleartext, {
encryptionContext: context,
/* Decrypt the data. */
const { plaintext, messageHeader } = await decrypt(keyring, result);
/* Grab the encryption context so you can verify it. */
const { encryptionContext } = messageHeader;
/* Verify the encryption context.
   * If you use an algorithm suite with signing,
   * the Encryption SDK adds a name-value pair to the encryption context that contains the public key.
   * Because the encryption context might contain additional key-value pairs,
   * do not add a test that requires that all key-value pairs match.
   * Instead, verify that the key-value pairs you expect match.
Object.entries(context).forEach(([key, value]) => {
if (encryptionContext[key] !== value)
throw new Error(‘Encryption Context does not match expected values’);
/* Return the values so the code can be tested. */
return { plaintext, result, cleartext };
 * This is a helper function to generate an RSA key pair for testing purposes only.
async function generateRsaKeys() {
const modulusLength = 3072;
const publicKeyEncoding = { type: ‘pkcs1’, format: ‘pem’ };
const privateKeyEncoding = { type: ‘pkcs1’, format: ‘pem’ };
// @ts-ignore
return generateKeyPairAsync(‘rsa’, {

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.