RSA encryption/signing needed

Hi,

for a project with an external supplier I have to do some encryption. I received a java script as example.Have no knowledge of JS .

We are trying to write this in RPG , but because we have no knowledge on crypto API's we get stuck.

the js looks like

       //Prepare RSA public key and encrypt details
        console.log(this.publicKey);
        let publicKey = forge.util.decode64(this.publicKey);
        console.log(publicKey);
        let rsaPublicKey = forge.pki.publicKeyFromPem(publicKey);
        console.log(JSON.parse(JSON.stringify(rsaPublicKey)));
        let keyString = rsaPublicKey.toLocaleString();
        console.log(keyString);
        let encryptedDetails = rsaPublicKey.encrypt(details, 'RSA-OAEP', {
            md: forge.md.sha256.create()
        });
        console.log(encryptedDetails);
        let encodedDetails = forge.util.encode64(encryptedDetails);
        console.log(encodedDetails);

The public key we receive looks like :LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUEzbm1YdUxRN0RGa2JlZC8rcGdBKwpqUGNPZ2pYaGxEaXVYRFVZNThBVGU0SDF3ZWxJalVBTTNyZkZsd3RVUVhXQ1NTeGtNb0NPK016V1pTblpOdFYxCm9BZnZ4a2t6MFErQkpUSENCTHpzMnpvUzlrMXM3cVZEbUJVdnV2VmVrZUZBUkkzV2lOeE52RTdWYTJWU1dqRjcKZ3hYTDBTVTFKUk8xTFJSb0N4WTI4dFFFcTg1bXVJUmpFQXNjLzRkL0hjY1NWUkRTaDFuQmNsMVVjZWxQVW9HZgpObjlCODBBZXJlMnBJYWRiQXVBSEZBZWc1WnUyb2haOGNXVHhKUUVJQlMwZFlyWWN6ZTZXdVBiRk9OYWpacXN6CnFqTWhLblV1bTV4Q1U2YXZRZUxJc0JoUlNkVEpBN09IVFJwemgvSlBuYzJUYXpxYlFVWVR0R1Iwb1BHRmQwaEIKSjZpMjAwdVgxSWcybURQZGRGd1EzZk1nYWxUSVcyeTNDMEhjR0JMbVQrUjVGZkh0c0dpanVTdG5zZTU3NFdSQQpUaDNFaURxSk03TXY4eWdVQUNSZWxaKzNlZEJoTnBWNFEwZS95aHp5ZGRvMFRQMmFDaExPb0dlQ0xEU3IxcTFRCnFJZnNjSWp2VGwvMVdoYVU2aXlYc0t3Yjl5SkJiNGpuQjBvVm5YS25SVzNRd1B1d1QzNG9oc2REZkV1dmwxWVMKU09CSDNRWHcxTWp1TjFXL251NkFtN1pobFdPM3ArNFlNMDdnVGFlcjNwTFljK1JnbnZ3V3IvL3IxenRSakhwUgo2UlZYS0ZDRW5SUWQzSUtDY01WM3RjQzFlU1RuOWh5Z0kybStoTC9abWpoeDIvdW04MXlYdWJnSERIUmNCZ3lPCnZpdVh4ZzI5VFZSSFZvM0FNZDArK2RFQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=

We are able to do the decode by using sql base64_decode:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3nmXuLQ7DFkbed/+pgA+
jPcOgjXhlDiuXDUY58ATe4H1welIjUAM3rfFlwtUQXWCSSxkMoCO+MzWZSnZNtV1
oAfvxkkz0Q+BJTHCBLzs2zoS9k1s7qVDmBUvuvVekeFARI3WiNxNvE7Va2VSWjF7
gxXL0SU1JRO1LRRoCxY28tQEq85muIRjEAsc/4d/HccSVRDSh1nBcl1UcelPUoGf
Nn9B80Aere2pIadbAuAHFAeg5Zu2ohZ8cWTxJQEIBS0dYrYcze6WuPbFONajZqsz
qjMhKnUum5xCU6avQeLIsBhRSdTJA7OHTRpzh/JPnc2TazqbQUYTtGR0oPGFd0hB
J6i200uX1Ig2mDPddFwQ3fMgalTIW2y3C0HcGBLmT+R5FfHtsGijuStnse574WRA
Th3EiDqJM7Mv8ygUACRelZ+3edBhNpV4Q0e/yhzyddo0TP2aChLOoGeCLDSr1q1Q
qIfscIjvTl/1WhaU6iyXsKwb9yJBb4jnB0oVnXKnRW3QwPuwT34ohsdDfEuvl1YS
SOBH3QXw1MjuN1W/nu6Am7ZhlWO3p+4YM07gTaer3pLYc+RgnvwWr//r1ztRjHpR
6RVXKFCEnRQd3IKCcMV3tcC1eSTn9hygI2m+hL/Zmjhx2/um81yXubgHDHRcBgyO
viuXxg29TVRHVo3AMd0++dECAwEAAQ==
-----END PUBLIC KEY-----

From what I understand from the js I need to encrypt my data with the given key and a signing hash SHA256

I tried this with QC3CalculateSignature. Is this the API to use ?

Always get error

Message ID . . . . . . . . . : CPF9DDB

Message file . . . . . . . . : QCPFMSG

  Library  . . . . . . . . . : QSYS

Message . . . . :   The key string or Diffie-Hellman parameter string is not

valid.

Cause . . . . . :   Either there is an error in the BER encoding or the BER

  encoded string describes an object not valid for this operation.

Recovery  . . . :   Correct the string and try the request again.

my code :

Dcl-proc Sign_RSA_SHA_256 Export;

Dcl-pi Sign_RSA_SHA_256 varchar(65535);
Message varchar(65535) const;
MessageKey varchar(65535) const CCSID(*UTF8);
KeyInstance varchar(255) const;
end-pi;

Dcl-pr CalculateSignature ExtProc('Qc3CalculateSignature');
InputData Like(#$$aBase.BigCharacter) options(*varsize);
InputDataLn Like(#$$iBase.Integer);
InputDataFmt Char(8);
Algorithm Like(#$$aBase.BigCharacter) options(*varsize);
AlgorithmFmt Char(8);
Key Like(#$$aBase.BigCharacter) options(*varsize);
KeyFmt Char(8);
SrvProvider Like(#$$aBase.SingleCharacter);
DeviceName Char(10);
SignatureData Like(#$$aBase.BigCharacter) ;
SignatureDataSz Like(#$$iBase.Integer);
SignatureDataLn Like(#$$iBase.Integer);
API Like(#$$aBase.Character) ;
End-pr;



dcl-s aInputData Like(#$$aBase.BigCharacter);
dcl-s aInputDataFmt Char(8) inz('DATA0100');
dcl-s iInputDataLn Like(#$$iBase.Integer);

Dcl-ds dsAlgorithm Qualified inz;
Cipher Like(#$$iBase.Integer) inz(50); // RSA
PKABlockFormat Like(#$$aBase.SingleCharacter) inz('1'); // OAEP not available
Reserved char(3) inz(X'000000');
SigningHash Like(#$$iBase.Integer) inz(3); // SHA-256
End-ds;

dcl-s aAlgorithm Char(12);
dcl-s aAlgorithmFmt Char(8) inz('ALGD0400');

Dcl-ds dsKey Qualified inz;
iKeyType Like(#$$iBase.Integer) inz(51); //RSA Private RSA public not allowe ???
iKeySz Like(#$$iBase.Integer) inz(32);
aKeyFormat Like(#$$aBase.SingleCharacter) inz('1');
aReserved char(3) inz;
aKeyString Like(#$$aBase.BigCharacter) inz ccsid(*UTF8);
end-ds;

Dcl-ds dsKey600 Qualified inz;
iPEMLength Like(#$$iBase.Integer) ;
aReserved char(4) inz(X'00000000');
aPEMString Like(#$$aBase.BigCharacter) ccsid(*UTF8) inz;
end-ds;

dcl-ds dsApi likeds(#$dsApi) inz(*likeds);

dcl-s aKey Like(#$$aBase.BigCharacter);
dcl-s aKeyFmt Char(8) inz('KEYD0200');
dcl-s aSrvProvider Like(#$$aBase.SingleCharacter) inz('0');
dcl-s aDeviceName Char(10);
dcl-s aSignatureData Like(#$$aBase.BigCharacter);
dcl-s iSignatureDataSz Like(#$$iBase.Integer);
dcl-s iSignatureDataLn Like(#$$iBase.Integer);
dcl-s aAPI Like(#$$aBase.Character);

aInputData = Message;
iInputDataLn = %Len(Message);

aAlgorithm = dsAlgorithm;

If aKeyFMt = 'KEYD0200';
Reset dsKey;
dsKey.aKeyString = MessageKey;
dsKey.iKeySz = %len(MessageKey);
dsKey.aKeyString = aExtractPublicKey(MessageKey);
dsKey.iKeySz = %len(dsKey.aKeyString);
aKey = dskey;
Endif;

iSignatureDataSz = %Size(aSignatureData);

aApi = dsApi;

CalculateSignature(aInputData:
iInputDataLn:
aInputDataFmt:
aAlgorithm:
aAlgorithmFmt:
aKey:
aKeyFmt:
aSrvProvider:
aDeviceName:
aSignatureData:
iSignatureDataSz:
iSignatureDataLn:
aAPI);

dsApi = aApi;

If dsApi.iRtnLength = 0;
return %subst(aSignatureData:1:iSignatureDataLn);
endif;

return '';

End-proc;

Any suggestions on what I have to do to get my key accepted ?

Other question : is it possible to call a JS routine from RPG with in and output parameters ?

Kind regards,

Luc.