Need a fix for CVE-2023-46809

[cjbathras]

When upgrading to Node 20, I can no longer use jsencrypt because it uses PKCS1 padding. Node is preventing using PKCS1 padding because of CVE-2023-46809. It would be great if the padding method was changed or if there was an option to use a different padding scheme. If there's a way to get around this that I haven't uncovered, I'd love to hear about it.

[tomato42]

use OAEP padding?

[cjbathras]

How do I use OAEP padding with jsencrypt? I haven't found anything about that. If you can point me to an example that would be great!

[fengmk2]

#84