feat: support encryption with RSA_PKCS1_PADDING

Renovate will now attempt to decrypt with existing default padding, and if that fails then try with RSA_PKCS1_PADDING.

feat: support encryption with RSA_PKCS1_PADDING
3d0637f4 · Rhys Arkins · 00b89c77 · 3d0637f4
Commit 3d0637f4 authored 6 years ago by Rhys Arkins
--- a/lib/config/decrypt.js
+++ b/lib/config/decrypt.js
@@ -15,9 +15,25 @@ function decryptConfig(config, privateKey) {
      if (privateKey) {
        for (const [eKey, eVal] of Object.entries(val)) {
          try {
-            const decryptedStr = crypto
-              .privateDecrypt(privateKey, Buffer.from(eVal, 'base64'))
-              .toString();
+            let decryptedStr;
+            try {
+              logger.debug('Trying default padding');
+              decryptedStr = crypto
+                .privateDecrypt(privateKey, Buffer.from(eVal, 'base64'))
+                .toString();
+            } catch (err) {
+              logger.debug('Trying RSA_PKCS1_PADDING');
+              decryptedStr = crypto
+                .privateDecrypt(
+                  {
+                    key: privateKey,
+                    padding: crypto.constants.RSA_PKCS1_PADDING,
+                  },
+                  Buffer.from(eVal, 'base64')
+                )
+                .toString();
+              // let it throw if the above fails
+            }
            logger.info(`Decrypted ${eKey}`);
            if (eKey === 'npmToken') {
              const token = decryptedStr.replace(/\n$/, '');