node-red-contrib-fips-rsa-crypto

🔐 FIPS-compatible RSA decryption module and Node-RED node
for decrypting AES session keys in secure financial or payment integrations
(e.g., Payment Service Providers, acquiring gateways, or PCI DSS environments).

Built on top of OpenSSL 3.0 (FIPS-capable) and designed for
Node.js ≥ 18 and Node-RED, fully compliant with PCI DSS 4.0 (3.5 / 3.6).

💡 Overview

This module was originally developed for Payment Service Provider (PSP) integrations,
where transaction payloads are encrypted using AES (session key)
and the session key itself is protected with RSA.

However, it can be used in any project that requires
secure FIPS-compliant decryption of hybrid AES+RSA payloads.

🔐 Features

• RSA-2048 / PKCS#1 v1.5 decryption (PSP & banking API compatible)
• Uses OpenSSL 3.0 / FIPS-capable libraries (Ubuntu 22.04+ ready)
• AES-256-CTR decryption ready
• 100% in-memory — no temporary files or subprocess calls
• Works in both Node-RED and plain Node.js environments
• Cross-platform: Linux, macOS, Windows, ARM
• ✅ PCI DSS 4.0 ready (Sections 3.5 / 3.6 — key management)

📦 Installation

Node.js

npm install node-red-contrib-fips-rsa-crypto

🧩 Example Usage (Node-RED)

Use the “FIPS RSA decrypt” node to securely decrypt AES-encrypted payloads using your RSA private key.

🔹 Input (msg)

{
  "payload": {
    "key": "BASE64_RSA_ENCRYPTED_AES_KEY",
    "info": "BASE64_AES_ENCRYPTED_DATA"
  },
  "private_key_pem": "-----BEGIN RSA PRIVATE KEY-----\\n..."
}

🔹 Output (msg.payload)

{
  "transaction_id": "123456",
  "status": "Success",
  "amount": 100.5
}

🟢 The node automatically performs:

1. RSA private decryption — decrypts the AES session key
2. AES-256-CTR decryption — decrypts the payload using the session key
3. JSON parsing — automatically parses JSON or returns raw data if not JSON

🧩 Note for Developers

If you are building from source, ensure build tools are installed:

sudo apt install -y build-essential python3 make g++