I have encrypted the response from the server using Laravel encrypter.
I'm using Laravel 5.8
use Illuminate\Encryption\Encrypter;
....
$key = "ls1KlnDpyl2ZJT0vdNX1tNygAftBlgah";
$value = "secret";
$encrypter = new Encrypter($key, 'AES-256-CBC');
$encrypt = $encrypter->encryptString($value);
return response()->json([
'payload' => $encrypt
], 200);
My question is, how to decrypt it in javascript client ? or how to encrypt decrypt in javascript if i want to use Laravel encrypter for read it.
I have found a way to decrypt it. But without validation
Example code :
<script src="https://cdn.jsdelivr.net/npm/js-base64#2.5.1/base64.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>
<script>
function decrypt(){
// key set on the server when encrypt using Laravel encrypter
var key = "ls1KlnDpyl2ZJT0vdNX1tNygAftBlgah";
// response from server
var encrypted = "eyJpdiI6IjN2UmswOFVOd0lncHh4cCszbThnc1E9PSIsInZhbHVlIjoiMllmZ0dHTCtmejg0VFV1dVlFZVNhQT09IiwibWFjIjoiYzliODBkYTUzMDlmODEwMjJlY2Y2ZDhmN2UwM2NkN2FjYTc3OThjOTA3NTAyYTIxMDM3MjE5NDY2NTlhY2RjMSJ9";
var encrypted_json = JSON.parse(Base64.decode(encrypted));
// {"iv":"3vRk08UNwIgpxxp+3m8gsQ==","value":"2YfgGGL+fz84TUuuYEeSaA==","mac":"c9b80da5309f81022ecf6d8f7e03cd7aca7798c907502a2103721946659acdc1"}
var decrypted = CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(Base64.encode(key)),{
iv: CryptoJS.enc.Base64.parse(encrypted_json.iv),
mode: CryptoJS.mode.CBC
});
console.log('decripted : ' + decrypted.toString(CryptoJS.enc.Utf8));
}
</script>
And now, how to encrypt in javascript and i can read it in server with Laravel encrypter ?
You should not use Laravel APP_KEY(var key in your case) on the frontend side. NEVER! Laravel uses APP_KEY to encrypt everything including cookies (Session cookie and csrf cookie).
Your application could be hacked if it's in your HTML code! To answer your question a bit: use Crypt::decrypt($encrypted) on the server-side of your application (within Laravel).
Related
I am trying to encrypt password with cryptojs and then I will decrypt the encrypted string on server side. I added script
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/aes.js"></script>
var key="abcdef";
var password = document.getElementById('password').value;
var encrypted = CryptoJS.AES.encrypt(password, key);
I am getting error
ReferenceError: CryptoJS is not defined
Can someone tell me how can i do encryption in jsp and decrypt it on java side with key defined on jsp.
Thank you.
I found core library and Now I can encrypt and decrypt on Jsp
var encryptedpassword=CryptoJS.AES.encrypt(password,'abcd');
var ciphertext = encryptedpassword.ciphertext.toString(CryptoJS.enc.Base64);
console.log(ciphertext);
and decrypted using following
var decryptedpassword=CryptoJS.AES.decrypt(encryptedpassword,'abcd');
var plaintext = decryptedpassword.toString(CryptoJS.enc.Utf8);
console.log(plaintext);
My problem now is I want to decrypt the encrypted password on java side can some one tell me how can I do it?
I am having problem in calling a python function with angularjs $http request.
I am having a python function which is on server like this
import cgi, cgitb
data= cgi.FieldStorage()
name = data.getvalue("name");
age = data.getvalue("age");
def printinfo( name, age ):
print "Name: ", name
print "Age ", age
return name,age
and i've also included cgi and my javascript code is
angular.module('app1',[])
.controller('ctrl',['$scope','$http' ,function ($scope,$http) {
$scope.bin = 'examp';
$scope.go = function () {
var url = "http://localhost/dump/test/test.py";
var bad =$http({
url :url ,
method:'POST',
data:{"name":"kumar" , "age":21}
}).success(function(data){
alert("working");
});
}
}])
and my javascript code is able to make a call to http://localhost/dump/test/test.py but it is shown as a document even when i included cgi in it ..
Please guide me and also can you guys tell me is it the right way to send the values to server ie can i invoke the function print info by just sending name and age or should i send the function name too. If yes let me know how can i pass it ..
Thanks in advance..
May be your webserver do not know how to handle .py files. You need to configure webserver to handle python. Try the below if it is not configured.
https://www.linux.com/community/blogs/129-servers/757148-configuring-apache2-to-run-python-scripts
But a more good approach is to create a web app using some python framework and expose urls via a web server. If you are interested in that then I would recommend you to learn flask python framework.
I'm using Crypt::encrypt to encrypt my data and feed to Javascript code. How can I decrypt the data in Javascript?
Using laravel 5.1 and CryptoJS which can be found at (https://code.google.com/p/crypto-js/).
in .env set:
APP_KEY=uberkeythatrocks
in config/app.php set:
'cipher' => 'AES-256-CBC'
in MyController.php:
$mySecret = "Something I wanna hide from them";
$encrypted = Crypt::encrypt($mySecret);
in index.js:
var key = "uberkeythatrocks";
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
var readable = decrypted.toString(CryptoJS.enc.Utf8);
IMPORTANT:
The 'key' in PHP must be the same with 'key' in JS and the 'cipher' in PHP must be the same in JS however, CryptoJS will automatically select either AES-128-CBC or AES-256-CBC depending on the length of your 'key'. Although laravel 5.1 default 'cipher' is AES-256-CBC so I would suggest you get your 'key' from .env file to use in JS.
To change or generate a new 'key' from Laravel
C:/mylaravel> php artisan key:generate [enter]
To use AES-128-CBC
Edit config/app.php and set 'cipher' => 'AES-128-CBC'
then
C:/mylaravel> php artisan key:generate [enter]
NOTE that the change of 'key' will mean that an existing user account login password will not work unless you delete the user and then create new.
HOPE THIS HELPS! :)
CryptoJs and Laravel 6 & 7.x
Place a Mix variable inside .env file
MIX_APP_KEY=${APP_KEY}
See: https://laravel.com/docs/7.x/mix#environment-variables
In /resources/assets/js/app.js add:
const CryptoJS = require("crypto-js");
window.decrypt = (encrypted) => {
let key = process.env.MIX_APP_KEY.substr(7);
var encrypted_json = JSON.parse(atob(encrypted));
return CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(key), {
iv : CryptoJS.enc.Base64.parse(encrypted_json.iv)
}).toString(CryptoJS.enc.Utf8);
};
And finally somewhere in your script you can decrypt like so:
console.log(decrypt(encrypted_text));
I SOLVE THIS:
I'm using Laravel Framework 5.7.28 and i want to decrypt some users passwords in my node.js application
For Decrypt in my Js file i include CryptoJS and Base64 JS
Here is the code:
$key is the APP_KEY that you have in your .env file
$encrypted is what you encrypt with the Crypt::encrypt in laravel
var CryptoJS = require("crypto-js");
var Base64 = require('js-base64').Base64;
var encrypted = '{{ $encrypted }}';
var key = "{{ $key }}";
var encrypted_json = JSON.parse(Base64.decode(encrypted));
// Now I try to decrypt it.
var decrypted = CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(key), {
iv : CryptoJS.enc.Base64.parse(encrypted_json.iv)
});
console.log(decrypted.toString(CryptoJS.enc.Utf8));
The answers above didn't work for me. So I tried to encrypt the string "1234" on Laravel 8 and then decrypt it on Node.js.
My actual use case is that we set our OAuth2 access token as an encrypted cookie on Laravel 8. Then our client sends HTTP-requests to a Node.js backend (microservice architecture). To validate the JWT token, the Node.js backend needs to decrypt the (Laravel)-encrypted access token first.
ENCRYPT (Laravel 8):
Open any Controller and add the following code in a function:
use Illuminate\Support\Facades\Crypt;
return Crypt::encrypt("1234");
If you now open the route, which is linked to the controller method, you get the encrypted string of "1234".
DECRYPT (Node.js)
Please make sure to install crypto-js first (https://github.com/brix/crypto-js).
Do the following steps before you run the code:
Replace "your_string_to_decrypt" by the encrypted "1234" string (you retrieved from Laravel before)
Replace "your_laravel_app_key" with your Laravel APP_KEY from your .env (remove the "base64:" part !)
Important to know: Your encryption cipher-method in Laravel is defined in config/app.php. The default is "AES-256-CBC". Crypto-Js automatically selects the right AES-cipher depending on the length of your specified key. After removing "base64:" your key should have 44 characters for using "AES-256-CBC". (https://security.stackexchange.com/questions/45318/how-long-in-letters-are-encryption-keys-for-aes#:~:text=An%20AES%20128%2Dbit%20key,hexadecimal%20string%20with%2032%20characters.)
CryptoJS supports AES-128, AES-192, and AES-256. It will pick the variant by the size of the key you pass in. If you use a passphrase, then it will generate a 256-bit key.
https://cryptojs.gitbook.io/docs/#ciphers
import CryptoJS from 'crypto-js';
let payload = "your_string_to_decrypt"
let key = "your_laravel_app_key"
let encryptStr = CryptoJS.enc.Base64.parse(payload);
let encryptData = encryptStr.toString(CryptoJS.enc.Utf8);
encryptData = JSON.parse(encryptData);
let iv = CryptoJS.enc.Base64.parse(encryptData.iv);
var decrypted = CryptoJS.AES.decrypt(encryptData.value, CryptoJS.enc.Base64.parse(key), {
iv : iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
decrypted = CryptoJS.enc.Utf8.stringify(decrypted);
console.log(decrypted)
Finally you are done and the Node.js log shows "1234".
(Of course this is not the best code, but it shows the functionality).
References:
Node.js code: https://gist.github.com/huzemin/e8d7a904cec55d4d7635c9322f143c42
I am working on mvc application, there i am trying to encrypt my password. I have encrypted the password onclick and its working fine. How to decrypt the same value in mvc controller using CryptoJs.
Here is my code:
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/tripledes.js"></script>
var secretString = document.getElementById("txtPassword").value;
var password = "$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/";
debugger;
//document.getElementById("secretstring").innerHTML = secretString;
// var pass = document.getElementById("txtPassword").value;
var encrypted = CryptoJS.TripleDES.encrypt(secretString, password);
// document.getElementById("encryptedstring").innerHTML = encrypted.toString();
//var decrypted = CryptoJS.TripleDES.decrypt(encrypted.toString(), password);
//var finaltext = decrypted.toString(CryptoJS.enc.Utf8);
//document.getElementById("txtPassword").value = encrypted;
I have to pass the encrypted value to C# code and decrypt there itself using cruptoJs.TripleDES.decrypt.
Anybody help me please?
Thanks in advance.
There is a 3DES provider in the .NET Library and here is a good example of how to use it: How to implement Triple DES in C# (complete example)
In principle, if you use 3DES on the client you just use another 3DES implementation on the server, you don't need to use the same implementation -- and since cryptoJS is JavaScript, it is mostly restricted to client-side use anyway.
That being said, your string is not sent securely over the network, because your source code clearly identifies the method + password used to encrypt. So anyone who can sniff the data going to your server can decrypt.
To really encrypt the traffic securely, you'd need to use SSL (= HTTPS).
My team must share data between a localnet html/js app, and a server in the same net listening on a websocket.
The first idea was to simply send variables to the server with get
http://192.168.1.100:8080/var=hello
It's simple and works, but we must add a security level to the data exchange, encrypting all in Aes and then hexing the result to send it as plain string.
The best solution that we found is Crypto-JS https://code.google.com/p/crypto-js/
We are able to follow the examples and encrypting/decrypting data inside the same js block, but are unable to decrypt the data on another software.
we do:
var text = "Message";
var password = "Secret Passphrase";
var encrypted = CryptoJS.AES.encrypt(text, password);
var EnText = encrypted.ciphertext; //returns the hexed/encrypted text
var Key = encrypted.key;
It doesn't work with the c# code running on the server, so we tried an online decrypting tool http://aes.online-domain-tools.com/ passing both the password and the Key, but similarly returns unreadable text
JS generated value for reference
EnText: 5768c9b4d75e0cc32b610d9e6f518c36
Key: 005e316192f5162f7fd104ce2c9fe91de6c6f2977849dcd5878226022a7073be
What are we missing?
Ok i got it, the text is in hexadecimal.
Try decyphering it there:
http://www.unit-conversion.info/texttools/hexadecimal/