I am trying to use the CryptoJS library to get the same value as I'm getting from an encryption tool, but I'm not able to get the same encrypted value.
Result using encryption tool:
Base64 Encoded Key: SisBCd6mVzPzZP7cpl/HvjqdkCpnujnJKUu8iosq/Yc=
Value to Encrypt: 55554444
Encrypted (ECB) Base64 Encoded Value: MLnK8JOyp+J4CoaqcWTAnW==
Here is my code where I'm trying to get that same result:
var data = '55554444'
var key = 'SisBCd6mVzPzZP7cpl/HvjqdkCpnujnJKUu8iosq/Yc='
// encrypt with key
var encrypted_ecb = CryptoJS.AES.encrypt(data, key, {mode: CryptoJS.mode.ECB});
console.log('encrypted_ecb: ', encrypted_ecb.toString())
// to base64
var rawStr = encrypted_ecb;
var wordArray = CryptoJS.enc.Utf8.parse(rawStr);
var base64_ecb = CryptoJS.enc.Base64.stringify(wordArray);
console.log('encrypted_base64_ecb: ', base64_ecb);
// Console Result:
// encrypted_ecb: U2FsdGVkX196PQg/s6RPQr3V9GEjf/WP7qRXxVh5GEU=
// encrypted_base64_ecb: VTJGc2RHVmtYMTk2UFFnL3M2UlBRcjNWOUdFamYvV1A3cVJYeFZoNUdFVT0=
As you can see I am getting the result I get is far different than the result I'm getting with the tool. Can anyone point me in the right direction?
Thank you!
You'll need to parse the key as well. Change the following line
var key = 'SisBCd6mVzPzZP7cpl/HvjqdkCpnujnJKUu8iosq/Yc='
to
var key = CryptoJS.enc.Base64.parse('SisBCd6mVzPzZP7cpl/HvjqdkCpnujnJKUu8iosq/Yc=');
Related
I need to decrypt base64 string using base64 key with ECB mode and Iso10126 padding using DES.
In theory it is simple:
const decryptedKeyDes = CryptoJS.DES.decrypt(
encryptedData, // QAKH7qnKxZTIta...
ResponseParser.secretKey, // MfKhm... length=32
{
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Iso10126
}
);
I get sigBytes:162response and after converting it to base64 (because then I need to ungzip) I get
byteLength:243 which is wrong, it should be byteLength:395 (I am just compering it with my correct Java code).
I have no idea what is wrong here.
I also tried to do it using node.js's crypto but I also get wrong and different result. I can't find how to set padding in crypto and I can get only utf8, binary or ascii
function encodeDesECB(textToEncode, keyString) {
var key = new Buffer(
"some key with 32 length".substring(0, 8),
"utf8"
);
var cipher = crypto.createDecipheriv("des-ecb", key, null);
cipher.setAutoPadding(false);
var c = cipher.update(textToEncode, "base64", "utf8");
c += cipher.final("utf8");
return c;
}
The java code is:
import javax.crypto.Cipher
import static javax.crypto.Cipher.DECRYPT_MODE
//CIPHER_ALGORITHM_MODE_PADDING = 'DESede/ECB/ISO10126Padding'
Cipher decryptingCipher = Cipher.getInstance(CIPHER_ALGORITHM_MODE_PADDING)
decryptingCipher.init(DECRYPT_MODE, secretKeySpec)
decryptingCipher.doFinal(data)
where secretKeySpec is object with algorithm: DESede and key, which is bit[] equal to mine.
I have no idea what is wrong in my code.
Does CryptoJs works wrong, or maybe I forgot about something in my decoding.
Do you have any clues what can be wrong?
Thanks to #Topaco I finally solved it.
The key has to be WordArray: CryptoJS.enc.Base64.parse('some key with 32 length')
The message has to be base64 string: QAKH7qnKxZTIta...;
Then you need to parse the response like this: tripleDesResult.toString(CryptoJS.enc.Base64)
Thanks again!
I'm using CryptoJS library to TripleDES function but the decrypt data doesn't work. my decrypted data dons't return the origin string.
var t = "a";
var d = "john";
var key = CryptoJS.MD5(t).toString()
var param = CryptoJS.TripleDES.encrypt(d, key).toString();
console.log('decrypt',CryptoJS.TripleDES.decrypt(param, key).toString())
console.log('encrypt',param) // it should return `john`. but it returns a different value.
the result of this encryption:
decrypt 6a6f686e
encrypt U2FsdGVkX19Ww0uMTSo+qAV5PVzsEhSR
https://github.com/brix/crypto-js
solved:
You should CryptoJS.enc.Utf8 inside toString function.
console.log('decrypt',CryptoJS.TripleDES.decrypt(param, key).toString(CryptoJS.enc.Utf8))
I'm using node forge to encrypt a form before sending it to the server using AES.
The code for the crypto part for now is
const bigInt = require("big-integer");
const forge = require('node-forge');
function generateParams() {
// Cryptographic random number generator
var array = new Uint32Array(2);
var _key = bigInt(window.crypto.getRandomValues(array)[0]).toString();
var _iv = bigInt(window.crypto.getRandomValues(array)[1]).toString();
// generate random key and IV
var key = forge.util.encode64(_key);
var iv = forge.util.encode64(_iv);
const params = {
key: key,
iv: iv
}
return params;
}
function encrypt(params) {
var cipher = forge.rc2.createEncryptionCipher(params.key);
cipher.start(params.iv);
// Encrypting "testing"
cipher.update(forge.util.createBuffer("testing"));
cipher.finish();
return cipher.output;
}
function decrypt(params, encrypted) {
var cipher = forge.rc2.createDecryptionCipher(params.key);
cipher.start(params.iv);
cipher.update(encrypted);
cipher.finish();
return cipher.output;
}
and the jQuery function is (not posting yet)
$('#recordForm').submit(function(event) {
// Stop form from submitting normally
event.preventDefault();
// Grab form data
// Crypto
const params = generateParams();
const encryptedForm = {
test: encrypt(params),
}
console.log("Encrypted: " + encryptedForm.test);
const decryptedForm = {
test: decrypt(params, encryptedForm.id).data,
}
console.log("Decrypted: " + decryptedForm.test);
});
My problem is that I keep getting back (cryptob.js is the name of my file, generated with browserify)
Uncaught URIError: URI malformed
at decodeURIComponent (<anonymous>)
at Object.util.decodeUtf8 (cryptob.js:24437)
at ByteStringBuffer.util.ByteStringBuffer.toString (cryptob.js:23490)
at HTMLFormElement.<anonymous> (cryptob.js:1282)
at HTMLFormElement.dispatch (jquery-3.1.1.slim.min.js:3)
at HTMLFormElement.q.handle (jquery-3.1.1.slim.min.js:3)
when calling encrypt().
There is this answer here which recommends including a special meta tag. I have done that but it still doesn't work. Since some resources online say it is related to UTF-8 encoding, I tried replacing
cipher.update(forge.util.createBuffer("testing"));
with
cipher.update(forge.util.createBuffer(encodeURIComponent("testing")));
or
cipher.update(forge.util.createBuffer("testing", 'utf8'));
but it didn't work either (based on encodeURIComponent(str)).
You can test forge here, and if you run this code (which is essentially what I'm doing)
var forge = require("node-forge")
// generate a random key and IV
var key = forge.util.encode64("12354523465");
var iv = forge.util.encode64("2315");
// encrypt some bytes
var cipher = forge.rc2.createEncryptionCipher(key);
cipher.start(iv);
cipher.update(forge.util.createBuffer("testing"));
cipher.finish();
var encrypted = cipher.output;
console.log(encrypted);
// decrypt some bytes
var cipher = forge.rc2.createDecryptionCipher(key);
cipher.start(iv);
cipher.update(encrypted);
cipher.finish();
console.log(cipher.output.data)
it works fine.
How can I solve this?
It looks like this error is actually happening in the toString, where you generate your _key and _iv.
Try testing with some hard-coded strings, as used in the example code you posted. Then, use a method to generate random byte strings for the key and IV.
Also, for AES-256, the key should have 32 bytes (not bits) of entropy. The IV should have 16 bytes of entropy.
NOTE: Yes, I understand there is a lot of code in this message, but you do encourage us to show prior research and how we've been trying.
Let me preface this by saying, I am not interested in the security of this function. All I want is to encrypt and decrypt arbitrarily long messages using RSA. Usually to do this, the message is encrypted using a block cipher (such as AES) and encrypting the key with the RSA cipher. However, I am just trying to find the easiest way to encrypt/decrypt long messages, irregardless of security. Hence why I am using RC4 in place of the block cipher.
Now, I can encrypt properly using the following code:
function encryptLong(signedCert, msg) {
var key256Bits = CryptoJS.SHA256("password");
var ciphertext = CryptoJS.RC4.encrypt(msg, key256Bits);
key = new RSAKey();
var m = CryptoJS.SHA256("password").toString(CryptoJS.enc.Hex);
m = new BigInteger(m, 16);
key.setPublic(signedCert.msg.subject.pk.n, signedCert.msg.subject.pk.e);
var ctxt = key.doPublic(m).toString(16);
var cipherstring = ciphertext + ":" + ctxt;
var obj = { "type": "CTXT-LONG", "encrypted": cipherstring };
return JSON.stringify(obj);
}
The message and the key are encrypted properly. I tested them individually using these functions.
function encryptRSA(signedCert, msg) {
//create a new RSA key object
var key = new RSAKey();
//convert ASCII message to hex
var m = asciiToHex(msg);
// create new BigInterger from m
m = new BigInteger(m, 16);
// set the values for the public key
key.setPublic(signedCert.msg.subject.pk.n, signedCert.msg.subject.pk.e);
// compute the RSA public key operation, and convert to a hex value
var ctxt = key.doPublic(m).toString(16);
//enter ctxt into the JSON obj
var obj = { "type": "CTXT-SHORT", "c": ctxt };
return JSON.stringify(obj);
}
And...
function encryptRSA(password, message) {
var key256Bits = CryptoJS.SHA256(password);
var ciphertext = CryptoJS.RC4.encrypt(CryptoJS.enc.Utf8.parse(message), key256Bits);
return ciphertext;
}
Now, here is our decryption code:
function decryptLong(sk, ctxt) {
key = new RSAKey();
encryptedStuff = JSON.stringify(ctxt.encrypted);
log(encryptedStuff);
splitEncryptedstuff = encryptedStuff.split(":");
rsaencryption = splitEncryptedstuff[1];
log(rsaencryption);
rc4encryption = splitEncryptedstuff[0];
log(rc4encryption);
c = new BigInteger(rsaencryption, 16);
key.setPrivate(sk.n, sk.e, sk.d);
var key256Bits = key.doPrivate(c).toString(16);
log(key256Bits);
// RC4 decryption
var message = CryptoJS.RC4.decrypt(rc4encryption, key224Bits);
// var ptxt = CryptoJS.enc.Utf8.stringify(message);
// log(ptxt);
return CryptoJS.enc.Utf8.stringify(message);
}
This code doesn't decrypt properly, but I know parts of it work. For example, where I have
log(key356Bits);
it returns the key exactly. So I know that at least the RSA decryption works. What I don't understand is, I followed the decryption function that I have exactly. Which is as follows.
function decryptRC4(password, ciphertext) {
var key256Bits = CryptoJS.SHA256(password);
var message = CryptoJS.RC4.decrypt(ciphertext, key256Bits);
return CryptoJS.enc.Utf8.stringify(message);
}
Well not exactly, I don't have to take the Hash of the password to get the key, as I already have the key. But, I still don't understand what is not working. When we decrypt our ciphertext using this individual function, the plaintext is correct.
Any assistance in this matter would be greatly appreciated.
Knowing my luck, it's probably just something annoying like it's in the wrong encoding type thing.
I can get a hmac sing using Python as following:
import hmac, base64, hashlib
def make_sign():
hash_data = "data"
secret = "this is secret"
sha512 = hashlib.sha512
hmac_obj = hmac.new(secret, hash_data, sha512)
str_hash = hmac_obj.digest()
sign = base64.b64encode(str_hash)
hex_hash = hmac_obj.hexdigest()
hex_sign = base64.b64encode(hex_hash)
print "correct_sign:",sign
print "hex_digest_sign:",hex_sign
make_sign()
output:
correct_sign: Lg4pXNCIpitNQt2DLU19qWb+FxdsYZlK4LLncfkTzSidrYoFJLNolUziRqh09B5HyRdCTEP7enZp6/Te34FK1g==
hex_digest_sign: MmUwZTI5NWNkMDg4YTYyYjRkNDJkZDgzMmQ0ZDdkYTk2NmZlMTcxNzZjNjE5OTRhZTBiMmU3NzFmOTEzY2QyODlkYWQ4YTA1MjRiMzY4OTU0Y2UyNDZhODc0ZjQxZTQ3YzkxNzQyNGM0M2ZiN2E3NjY5ZWJmNGRlZGY4MTRhZDY=
but with js, I can get hex_digest_sign, but I need to get correct_sign for web request.
function make_request() {
hash_data = "data"
secret = "this is secret"
hmac = hmac_512(hash_data, secret)
var sign = $.base64.encode(hmac),
console.log("js_sign="+sign);
}
function hmac_512(message, secret) {
var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA512, secret);
hmac.update(message);
var hash = hmac.finalize();
return hash;
}
js output:
js_sign="MmUwZTI5NWNkMDg4YTYyYjRkNDJkZDgzMmQ0ZDdkYTk2NmZlMTcxNzZjNjE5OTRhZTBiMmU3NzFmOTEzY2QyODlkYWQ4YTA1MjRiMzY4OTU0Y2UyNDZhODc0ZjQxZTQ3YzkxNzQyNGM0M2ZiN2E3NjY5ZWJmNGRlZGY4MTRhZDY="
the correct sign is correct_sign: Lg4pXNCIpitNQt2DLU19qWb+FxdsYZlK4LLncfkTzSidrYoFJLNolUziRqh09B5HyRdCTEP7enZp6/Te34FK1g==
how to get it in js?
I suspect that you are running into trouble with types and encoding. According to the CryptoJS source, the iterative hashing style that you are using returns a WordArray once you call finalize().
With that, once you go to print the results, you are printing the contents of the WordArray.
The purpose for itterative hashing is typically if you have a large input, you can break it into chunks to work on one piece at a time. Try the below edit I made that removes this as it does not look like you need to iterate.
function hmac_512(message, secret) {
var newHMAC = CryptoJS.HmacSHA256(message, secret);
return newHMAC;
}
The above will simply return the HMAC in string form which, once Base64 encoded, should match the result you see in Python.
Hope this helps!