An API I am working with only accepts encrypted JSON object data with the openssl_encrypt formula below:
data = openssl_encrypt(body, 'aes-256-cbc', ciphertext+api_key, OPENSSL_RAW_DATA, ciphertext)
All responses from the API are also encrypted in this same way. Is it possible for me to achieve the same encryption format with CryptoJS so that the API will accept my encrypted data requests?
Here is what I have with CryptoJS at the moment.
var encryptedData = CryptoJS.AES.encrypt(JSON.stringify(body), 'aes-256-cbc', ciphertext + apikey, ciphertext);
var decryptedData = CryptoJS.AES.decrypt(encryptedData.toString(), 'aes-256-cbc', ciphertext + apikey, ciphertext);
var decryptedObjectData = JSON.parse(decryptedData.toString(CryptoJS.enc.Utf8));
console.log(decryptedObjectData);
When I encrypt my data and decrypt it with this code, it works. But when I receive encrypted data from the API and try to decrypt it with this CyptoJS, it tells me I have malformed UTF-8. Similarly, when I try to encrypt my data with CryptoJS to be accepted by the API, I get a 'Bad Request' response, meaning the encryption isn't accepted.
I am doing it via CryptoJS because I am new to encryption and do not know how to use openssl_encrypt with my application. But if someone can teach me, that would be great. I don't know how to run openssl_encrypt in php on my server and have my JS application run it. Is AJAX the way to call on a script on the server on your application?
Related
I want to encrpyt my password and username from client side and decrypt it at server side(Asp.net core) with RSA(Or any other asymmetric algorithms). I am gonna send public key from server side so I don't need to create a public key at client side only need to encrypt it.
I am trying something like this..
var encrypt = new JSEncrypt();
encrypt.setPublicKey($('#pubkey').val());
var encrypted = encrypt.encrypt($('#input').val());
but it says JSEncrypt is not defined normally. But I don't know how to include this propery at my code.
https://github.com/travist/jsencrypt in here there is a good explanation but still I couldn't manage to do it. Also I really need a simple thing for just encryption with a known public key.
Edit 1: I am using https already but I still need to do it unfortunately.
I am struggling with authorisation to Google OAuth2.0 for Service Account.
The script I am writing is pure ECMASCript5, it is running on special purpose server and the communication will be my server - Google server.
I am following this documentation:
https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
I have created my signed JWT as described in the documentation.
The problem I have is that after I send access token request, the response form Google server is :
{"error":"invalid_grant","error_description":"Invalid JWT Signature."}
My suspicion is that I may have my private key formatted in wrong way. Google documentation seems to confirm that too.
The key is saved in JSON file downloaded from Google dev console / service account dashboard, and it is in following format:
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDE5vuC4GeikWBu\n8ZQEkcJMFBHJAW40b2WogwWc46pSAnvPVtbeEoVI4n8qx3r2IfpURqQgRr............................=\n-----END PRIVATE KEY-----\n"
The questions is - should I format the key in some way before using it in my encryption method for JWT sign? I noticed it has lots of '\n' and some '=' characters. Should it have newlines or just one line? Should it have the headers?
I have tried .replace(/\\n/g, '\n') and even .replace(/\\n/g, '') but that does not seem to work either.
I am using server's dedicated library and it is closed system without possibility of importing external libraries.
One more confusing thing:
Google documentation says the JWT should be following format:
{Base64url encoded header}.
{Base64url encoded claim set}.
{Base64url encoded signature}
But then in error description they say:
Alternatively, the JWT assertion might be encoded incorrectly - it
must be Base64-encoded, without newlines or padding equal signs.
Is this a mistake when they say in the error description about base64 encoding as opposed to earlier base64url encoding?
Thanks for any help!
Say I have some Form's authentication Cookie:
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
"TESTTEST",
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
String.Empty,
FormsAuthentication.FormsCookiePath);
Normally in C# we can decrypt this like so:
var authToken = FormsAuthentication.Decrypt(authCookie.Value);
I'm creating a tool for testing an I want to decrypt the cookie on the client-side.
If my machine key is: GHFDK45sDFGSKj234 How can I decrypt the Authentication from Javascript?
First you need to know the algorithm that the forms authentication is using. Then you need to find a javascript library that can decrypt that algorithm
I need to sign XML SAML message with the SAML 2.0 standardised algorithm (RSAwithSHA256). But my saml plugin (passport-saml) only seems to support sha1 and sha256. The SHA256 sounds pretty close to RSAwithSHA256, but probably is not the same thing? What is the difference, and how could I use RSAwithSHA256 instead? I probably need to edit the passport-saml library, to allow the use of RSAwithSHA256 algorithm?
I try to explain the differences, but not how to solve your issue.
RSA is a Public Key Cryptographic algorithm (Public and Private Key-Pair algorithm) and it assures Confidentiality, Authenticity (includes Identification) and Non-Repudiation.
SHA-256 is a Hashing algorithm, that produce a unique, fixed size 256-bit (32-byte) hash and it assures Message Integrity.
Hashing algorithm employed as follows,
Sender sends message and its hash to receiver. [Hashing employed]
Receiver hash the message to generate new hash. [Hashing employed]
Receiver check whether the new hash is equal to original hash.
If its equal, then message integrity is confirmed and receiver process the message further.
If its unequal, then message is tampered and receiver discard the message.
Here, how receiver confirms that message and its hash are indeed sent by expected sender? There is no authentication or identification of sender by receiver in the above case.
To do that, we have to use both Public Key Cryptography and Hashing Algorithms (like RSAWithSHA256) together to satisfy the above said requirement.
So, when employ Public Key Cryptography and Hashing Algorithms together,
Sender sends message and its encrypted hash (using private-key of sender) to receiver. [Encryption and Hashing employed]
Receiver decrypt the encrypted hash (using public-key of sender). [Decryption and Hashing employed]
Receiver hash the message to generate new hash. [Hashing employed]
Receiver check whether the new hash is equal to decrypted hash.
If its equal, then message integrity, authenticity and
identification of sender is confirmed and receiver process the
message further.
If its unequal, then message is tampered or not sent by intended
sender (since encrypted hash is not generated with private-key of expected sender) and receiver discard the message.
CryptoJS's convenience function CryptoJS.AES.encrypt("some plaintext", "password") doesn't seem to do any authentication.
I see CryptoJS provides an HMAC class, but I'm confused about how to use this to encrypt-then-authenticate.
I searched around for tutorials and other questions but couldn't find any.
How would I add authentication using the above CryptoJS HMAC class to authenticate the ciphertext produced by CryptoJS.AES.encrypt?
The idea with the HMAC provided by cryptoJS is to have you, the developer, pass it both the encrypted data and a key in order for it to spit out the MAC on the other end.
Below is an example of how you could use it to produce a MAC for your encrypted data. The idea here is that the key object is the shared secret used between you and trusted parties to verify the integrity of the encrypted data.
//Encrypt Data
var encryptObject = CryptoJS.AES.encrypt(content, key, { iv: yourIV });
//Calculate HMAC
var HMAC = CryptoJS.HmacSHA256(encryptObject.toString(), key);
A few things to keep in mind.
Always calculate the HMAC on the encrypted object before decryption. This prevents any manipulation of the encrypted data to cause harm after decryption.
Make sure the data encoding/format is the same when validating the HMAC. For example, above I used the toString() of my encrypted object, I did this becuase cryptoJS automatically serializes that object to only be the ciphertext. Upon decryption, I calculate the HMAC on the binary string of the encrypted blob I am presented with to make sure the HMAC calculates correctly.
With that I think you should be set to validate some data!
Also for a working example, you could check out http://meowcrypt.com/ which is my in browser file encryption service for google drive that uses cryptoJS.