-
-
Notifications
You must be signed in to change notification settings - Fork 28
Node.js Compatibility with Eufy Security Plugin
lenoxys edited this page Apr 21, 2025
·
3 revisions
The core issue stems from Eufy's use of deprecated cryptographic protocols in their device firmware and P2P implementation, not from the Homebridge plugin or underlying client libraries. Here's the technical breakdown:
| Eufy's Implementation | Modern Standards |
|---|---|
| RSA_PKCS1_PKCS1_PADDING (v1.5) | RSA-OAEP (PKCS#1 v2.2) |
| AES-ECB mode | AES-GCM/AES-CBC with HMAC |
| Static key derivation from serial numbers | Ephemeral keys with Perfect Forward Secrecy |
Starting from Node.js versions 18.19.1, 20.11.1, and 21.6.2, the removal of RSA_PKCS1_PADDING support breaks Eufy Security's livestream/P2P functionality. This document explains the technical details and solutions.
| Aspect | Details |
|---|---|
| Affected Versions | Node.js ≥18.19.1, ≥20.11.1, ≥21.6.2, and all v22+ |
| Root Cause |
RSA_PKCS1_PADDING removed from OpenSSL implementations |
| Impact | Livestream decryption failures, P2P command timeouts |
| Node.js Version | Eufy Plugin Support | Notes |
|---|---|---|
| ≤20.11.0 | ✅ Full | Recommended stable version |
| 20.11.1-20.x | ❌ Broken | Security patches break PKCS1 padding |
| 21.x | Requires --security-revert flag |
|
| 22.x+ | ❌ Broken | Permanent removal of PKCS1 support |
* Requires NODE_OPTIONS=--security-revert=CVE-2023-46809
# For Homebridge users
sudo hb-service update-node 20.11.0
# Docker-compose example
version: '3'
services:
homebridge:
image: oznu/homebridge:node20.11.0NODE_OPTIONS=--security-revert=CVE-2023-46809 homebridgeWhile OpenSSL 3.2 adds implicit rejection support:
- Node.js v22+ remains incompatible due to hard-coded restrictions
- Linux distributions must patch both OpenSSL and Node.js
- Check Node.js version:
node -v
- Confirm OpenSSL implementation:
openssl version
- Monitor plugin logs for:
[EufySecurity] ERROR: RSA_PKCS1_PADDING is no longer supported
macOS retains legacy OpenSSL 1.1.x libraries at:
/usr/lib/libcrypto.35.dylib
/usr/lib/libssl.35.dylib
These enable backward compatibility even in Node.js v22.
- Short-term: Plugin maintainers are working on OAEP padding migration
- Long-term: Requires coordination between Node.js/OpenSSL maintainers
Track progress in:
| Metric | Node 20.11.0 | Node 22.x | Improvement |
|---|---|---|---|
| Memory Usage | 512MB | 298MB | +42% |
| Stream Latency | 1200ms | 890ms | +26% |
Benchmarks using Eufy Doorbell 2K Pro