fips-rsa-crypto

FIPS-compatible RSA decryption module for decrypting AES session keys handling in secure financial or payment integrations (e.g., Payment Service Providers, banking APIs, or PCI DSS systems).
Designed for Node.js ≥18 and Node-RED, fully compliant with PCI DSS 4.0 (3.5 / 3.6).

This module was originally designed for Payment Service Provider (PSP) integrations,
where the PSP encrypts the transaction data using AES and RSA keys.
However, it can be used in any project requiring FIPS-compliant RSA decryption.

---

$3

- RSA-2048 / PKCS#1 v1.5 decryption (legacy-compatible, suitable for PSP and banking APIs)
- Uses OpenSSL 3.0 / FIPS-capable libraries (Ubuntu 22.04 LTS and newer)
- AES-256-CTR ready – for decrypting encrypted financial or payment payloads
- 100% in-memory – no temporary files, no subprocess calls
- Compatible with Node-RED Function nodes and plain Node.js ≥ 18
- Cross-platform – Linux, macOS, Windows, ARM

---

$3

``bash
npm install fips-rsa-crypto
`

$3


If you are building from source, ensure build tools are installed:
`bash
sudo apt install -y build-essential python3 make g++
`

---

$3

`js
import { decrypt } from 'fips-rsa-crypto';
import crypto from 'crypto';

// Simulated PSP response (encrypted symmetric key)
const encryptedKeyBase64 = 'MIIClzBABgkqhkiG9w0BB...'; // example data
const privateKeyPem =
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC4qv5D...
-----END RSA PRIVATE KEY-----
;

// 1️ Decrypt symmetric AES key from PSP response
const decryptedKeyJSON = decrypt(encryptedKeyBase64, privateKeyPem);
const { key, iv } = JSON.parse(decryptedKeyJSON);

// 2️ Use decrypted AES key to decrypt PSP "info" field
const encryptedInfo = 'CjAd3T8p...'; // PSP 'info' field in base64
const decipher = crypto.createDecipheriv(
'aes-256-ctr',
Buffer.from(key, 'base64'),
Buffer.from(iv, 'base64')
);

const decryptedData = Buffer.concat([
decipher.update(Buffer.from(encryptedInfo, 'base64')),
decipher.final()
]);

console.log('Decrypted PSP payload:', decryptedData.toString());
``