[Feature] More Crypto Libraries

[cadaniel]

the API I'm working with has heavy use of RSA-SHA512 signatures, as well as working with x509 certificates. Without the ability to load a library using an HTTP request, and cryptoJS not supporting asymmetric encryption, postman is not maintainable for me.

Having a way to add a library or an expansion of the current sandbox scripts would allow more usages.

[dvishniakov]

+1 for asymmetric encryption and signatures (OAuth 1.0 and JWS/JWE)

[mstaalesen]

This is so needed. cryptojs has not been updated the last 4 years either.

[glennkidd]

Support for the jsbn library or something similar would be dreamy.

Or the ability to import our own libraries so we could do this ourselves...

[kingwrcy]

+1,please support RSA encrypt/decrypt/sign/verify。

[brugr9]

+1: crypto.createHmac('sha1', pm.apiToken)

[mparaz]

Is it possible to support the window.crypto available in Chrome? https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto

I need to make HMAC-SHA-512 signatures that are compatible with Python, similar to: https://stackoverflow.com/questions/48430211/python-hmac-to-cryptojs

I see that CryptoJS does not make compatible signatures, but SubtleCrypto does.

[garreth-sutton]

This is sorely needed and pretty much a deal-breaker for customers who are using cryptocurrency APIs, Spent a couple of days trying to produce pre-request scripts that can generate a hashed and signed order for one of our new products and have now given up because of the restrictions on importing libraries. 😡

I really want to use Postman to provide potential API users with fully functional API specs but if i can't generate the payloads correctly then this is impossible. Without access to the libraries i need i am left with little choice but to revert back to using Github examples. 😒

Some Cryptocurrency libraries that I could really benefit from having access to:
web3
eth-util
elliptic
0x
ethereumjs-utils

[artmac]

Could this feature request be prioritised to higher level?

Currently exposed crypto-js is very limited. There are no AES GCM, RSA encryption methods which are commonly used in enterprise.
Exposing Web/API/SubtleCrypto or Node/crypto library would solve many use cases

[arlemi]

@artmac Have you tried looking at this (from one of our Solutions Engineer) in the meantime? https://github.com/matt-ball/postman-external-require

[Edward-Wang-Foris]

I have tried to import the third part javascript lib to handle the AES-GCM, but actually, there aren't a suitable lib, because of postman don't support the object like 'window' and so on.

[kool79]

+1 for asymmetric encryption, for JWE support

[smrnv]

+1 Definitely need for SubtleCrypto support for digital signatures

[wgcisotto]

+1 for asymmetric encryption, for JWE support

[antunmod-ec]

Our project requires SHA3 512 encryption and the imported CryptoJS implementation of the algorithm is invalid. There is a PR in that project which fixes this, but it seems it will take a while or not be done at all.

The built-in node:crypto module provides the correct implementation so I would appreciate it if it would be accessible through pre-request script.

We were planning on using this for creating interactive API docs, but without this encryption we cannot proceed with your software. I hope you fix this.

[PeterMacko]

+1 for JWE support. iI try to use jose library but it cant work in postman because there is no TextEncoder class in it :(