I'm using Crypt::encrypt to encrypt my data and feed to Javascript code. How can I decrypt the data in Javascript?
Using laravel 5.1 and CryptoJS which can be found at (https://code.google.com/p/crypto-js/).
in .env set:
APP_KEY=uberkeythatrocks
in config/app.php set:
'cipher' => 'AES-256-CBC'
in MyController.php:
$mySecret = "Something I wanna hide from them";
$encrypted = Crypt::encrypt($mySecret);
in index.js:
var key = "uberkeythatrocks";
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
var readable = decrypted.toString(CryptoJS.enc.Utf8);
IMPORTANT:
The 'key' in PHP must be the same with 'key' in JS and the 'cipher' in PHP must be the same in JS however, CryptoJS will automatically select either AES-128-CBC or AES-256-CBC depending on the length of your 'key'. Although laravel 5.1 default 'cipher' is AES-256-CBC so I would suggest you get your 'key' from .env file to use in JS.
To change or generate a new 'key' from Laravel
C:/mylaravel> php artisan key:generate [enter]
To use AES-128-CBC
Edit config/app.php and set 'cipher' => 'AES-128-CBC'
then
C:/mylaravel> php artisan key:generate [enter]
NOTE that the change of 'key' will mean that an existing user account login password will not work unless you delete the user and then create new.
HOPE THIS HELPS! :)
CryptoJs and Laravel 6 & 7.x
Place a Mix variable inside .env file
MIX_APP_KEY=${APP_KEY}
See: https://laravel.com/docs/7.x/mix#environment-variables
In /resources/assets/js/app.js add:
const CryptoJS = require("crypto-js");
window.decrypt = (encrypted) => {
let key = process.env.MIX_APP_KEY.substr(7);
var encrypted_json = JSON.parse(atob(encrypted));
return CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(key), {
iv : CryptoJS.enc.Base64.parse(encrypted_json.iv)
}).toString(CryptoJS.enc.Utf8);
};
And finally somewhere in your script you can decrypt like so:
console.log(decrypt(encrypted_text));
I SOLVE THIS:
I'm using Laravel Framework 5.7.28 and i want to decrypt some users passwords in my node.js application
For Decrypt in my Js file i include CryptoJS and Base64 JS
Here is the code:
$key is the APP_KEY that you have in your .env file
$encrypted is what you encrypt with the Crypt::encrypt in laravel
var CryptoJS = require("crypto-js");
var Base64 = require('js-base64').Base64;
var encrypted = '{{ $encrypted }}';
var key = "{{ $key }}";
var encrypted_json = JSON.parse(Base64.decode(encrypted));
// Now I try to decrypt it.
var decrypted = CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(key), {
iv : CryptoJS.enc.Base64.parse(encrypted_json.iv)
});
console.log(decrypted.toString(CryptoJS.enc.Utf8));
The answers above didn't work for me. So I tried to encrypt the string "1234" on Laravel 8 and then decrypt it on Node.js.
My actual use case is that we set our OAuth2 access token as an encrypted cookie on Laravel 8. Then our client sends HTTP-requests to a Node.js backend (microservice architecture). To validate the JWT token, the Node.js backend needs to decrypt the (Laravel)-encrypted access token first.
ENCRYPT (Laravel 8):
Open any Controller and add the following code in a function:
use Illuminate\Support\Facades\Crypt;
return Crypt::encrypt("1234");
If you now open the route, which is linked to the controller method, you get the encrypted string of "1234".
DECRYPT (Node.js)
Please make sure to install crypto-js first (https://github.com/brix/crypto-js).
Do the following steps before you run the code:
Replace "your_string_to_decrypt" by the encrypted "1234" string (you retrieved from Laravel before)
Replace "your_laravel_app_key" with your Laravel APP_KEY from your .env (remove the "base64:" part !)
Important to know: Your encryption cipher-method in Laravel is defined in config/app.php. The default is "AES-256-CBC". Crypto-Js automatically selects the right AES-cipher depending on the length of your specified key. After removing "base64:" your key should have 44 characters for using "AES-256-CBC". (https://security.stackexchange.com/questions/45318/how-long-in-letters-are-encryption-keys-for-aes#:~:text=An%20AES%20128%2Dbit%20key,hexadecimal%20string%20with%2032%20characters.)
CryptoJS supports AES-128, AES-192, and AES-256. It will pick the variant by the size of the key you pass in. If you use a passphrase, then it will generate a 256-bit key.
https://cryptojs.gitbook.io/docs/#ciphers
import CryptoJS from 'crypto-js';
let payload = "your_string_to_decrypt"
let key = "your_laravel_app_key"
let encryptStr = CryptoJS.enc.Base64.parse(payload);
let encryptData = encryptStr.toString(CryptoJS.enc.Utf8);
encryptData = JSON.parse(encryptData);
let iv = CryptoJS.enc.Base64.parse(encryptData.iv);
var decrypted = CryptoJS.AES.decrypt(encryptData.value, CryptoJS.enc.Base64.parse(key), {
iv : iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
decrypted = CryptoJS.enc.Utf8.stringify(decrypted);
console.log(decrypted)
Finally you are done and the Node.js log shows "1234".
(Of course this is not the best code, but it shows the functionality).
References:
Node.js code: https://gist.github.com/huzemin/e8d7a904cec55d4d7635c9322f143c42
Related
I have encrypted the response from the server using Laravel encrypter.
I'm using Laravel 5.8
use Illuminate\Encryption\Encrypter;
....
$key = "ls1KlnDpyl2ZJT0vdNX1tNygAftBlgah";
$value = "secret";
$encrypter = new Encrypter($key, 'AES-256-CBC');
$encrypt = $encrypter->encryptString($value);
return response()->json([
'payload' => $encrypt
], 200);
My question is, how to decrypt it in javascript client ? or how to encrypt decrypt in javascript if i want to use Laravel encrypter for read it.
I have found a way to decrypt it. But without validation
Example code :
<script src="https://cdn.jsdelivr.net/npm/js-base64#2.5.1/base64.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>
<script>
function decrypt(){
// key set on the server when encrypt using Laravel encrypter
var key = "ls1KlnDpyl2ZJT0vdNX1tNygAftBlgah";
// response from server
var encrypted = "eyJpdiI6IjN2UmswOFVOd0lncHh4cCszbThnc1E9PSIsInZhbHVlIjoiMllmZ0dHTCtmejg0VFV1dVlFZVNhQT09IiwibWFjIjoiYzliODBkYTUzMDlmODEwMjJlY2Y2ZDhmN2UwM2NkN2FjYTc3OThjOTA3NTAyYTIxMDM3MjE5NDY2NTlhY2RjMSJ9";
var encrypted_json = JSON.parse(Base64.decode(encrypted));
// {"iv":"3vRk08UNwIgpxxp+3m8gsQ==","value":"2YfgGGL+fz84TUuuYEeSaA==","mac":"c9b80da5309f81022ecf6d8f7e03cd7aca7798c907502a2103721946659acdc1"}
var decrypted = CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(Base64.encode(key)),{
iv: CryptoJS.enc.Base64.parse(encrypted_json.iv),
mode: CryptoJS.mode.CBC
});
console.log('decripted : ' + decrypted.toString(CryptoJS.enc.Utf8));
}
</script>
And now, how to encrypt in javascript and i can read it in server with Laravel encrypter ?
You should not use Laravel APP_KEY(var key in your case) on the frontend side. NEVER! Laravel uses APP_KEY to encrypt everything including cookies (Session cookie and csrf cookie).
Your application could be hacked if it's in your HTML code! To answer your question a bit: use Crypt::decrypt($encrypted) on the server-side of your application (within Laravel).
Today I tried to encrypt and transfer the user-submitted password through the RSA+AES method. I have already completed the preparation of the front-end JS (the code is as follows, and the result of the operation is the same, AES, the value of the RSA encryption will be changed), it uses The two libraries, jsencrypt and crypto-js, are now writing PHP for backend decryption (the code is as follows), but I have encountered some difficulties in this process. The RSA decryption part has been written and tested correctly, but I I don't know how to write the AES decryption part. Even though I have consulted a lot of materials, their examples are different from me. I don't know how to use it (I will attach some examples at the end of the article).
problem:
1. Is my JS encryption part correct and logical?
2, how should I write PHP AES decryption part;
3. Is my idea correct? :
Client (JavaScript):
AES encryption original user password
RSA public key encryption AES key
---data transmission---
Server (PHP):
RSA private key decryption Get AES key
AES decryption Get the original user password
Obtain the encrypted user password by encrypting the original user password and store it in the database.
My JavaScript code:
$(function () {
//Encrypted part
//AES
var password_form="QAQ";
console.log(password_form);
var password = CryptoJS.AES.encrypt(password_form,'Lime Website').toString();
console.log(password);
//RSA
var public_key = $("#inputPublic_key").val();
console.log(public_key);
var private_key = $("#inputPrivate_key").val();
console.log(private_key);
var encrypt = new JSEncrypt();
encrypt.setPublicKey(public_key);
var AES_key = encrypt.encrypt(password);
console.log(AES_key);
});
//Decryption part (actually should be done by the server, here for convenience)
//RSA
var decrypt = new JSEncrypt();
decrypt.setPrivateKey(private_key);
var AES_key_decrypt = decrypt.decrypt(AES_key);
console.log(AES_key_decrypt);
//AES
var bytes = CryptoJS.AES.decrypt(AES_key_decrypt,'Lime Website');
var password_decrypt = bytes.toString(CryptoJS.enc.Utf8);
console.log(password_decrypt);
My PHP code:
<?php
$private_key = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQ
WMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNR
aY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB
AoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fv
xTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeH
m7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd
8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAF
z/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5
rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIM
V7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATe
aTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5Azil
psLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Oz
uku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876
-----END RSA PRIVATE KEY-----';
$private_key_public_key_availability = openssl_pkey_get_private($private_key);//这个函数可用来判断私钥是否是可用的,可用返回资源id Resource id
$AES_key = "iOks+yhKxQBiqtd5rHQRNdXOGqixhNzquuZuPZ5dDsYfh1nDTLiygukiyexNBqHfmA7zis1nRTZW2Nw4bN5Pr2yCgvh1GPV6K5WigO5jD1+ztuyp1hV5ymNSws6EUPPjW9cwrOpO7EIeiYjvGo7ziyPwsCU0vwtQAkNAFY3uhB0=";
$AES_key_decrypted = "";
echo "After decrypting the data:";
openssl_private_decrypt(base64_decode($AES_key),$AES_key_decrypted,$private_key_public_key_availability);
echo $AES_key_decrypted;
Screenshot of one of the JavaScript running results:
Screenshot
Some examples:
https://odan.github.io/2017/08/10/aes-256-encryption-and-decryption-in-php-and-csharp.html
AES - Crypto JS & PHP
Java encrypt AES, PHP decrypt AES
Finally, sorry for my bad English.
I am using RoR for server side and sending some encryption data to JS Client side. For ROR I am using OpenSSl encryption technique.
`c= OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c = cipher.encrypt
c.key = Digest::SHA256.digest(key)
Base64.strict_encode64(c.update(value.to_s) + c.final)
`
This is my code for encryption in ROR
`var cipherParams:any = CryptoJS.lib.CipherParams.create({
ciphertext: CryptoJS.enc.Base64.parse(encrypted_data)
});
var digest = CryptoJS.SHA256(key.toString(CryptoJS.enc.Utf8));
let bytes = CryptoJS.AES.decrypt(cipherParams, digest, {iv: iv});
bytes.toString(CryptoJS.enc.Utf8);
`
This is my JS decryption logic
when I am encrypting some key value pair data from server I am not able to decrypt it. I am getting this error
MalFormed Utf8
but when I am trying to decrypt single value like: "5678" I am getting correct value.If I changed CryptoJS.enc.Utf8 to CryptoJS.enc.Latin1 I am getting some unreadable value but error is not showing.
I think converting it to UTF8 is giving problem.But why?
I have tried many solutions. I am using proper key and digest and IV, I have checked it multiple times, and I am also sending proper string keys and values.
I am working on mvc application, there i am trying to encrypt my password. I have encrypted the password onclick and its working fine. How to decrypt the same value in mvc controller using CryptoJs.
Here is my code:
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/tripledes.js"></script>
var secretString = document.getElementById("txtPassword").value;
var password = "$1$O3JMY.Tw$AdLnLjQ/5jXF9.MTp3gHv/";
debugger;
//document.getElementById("secretstring").innerHTML = secretString;
// var pass = document.getElementById("txtPassword").value;
var encrypted = CryptoJS.TripleDES.encrypt(secretString, password);
// document.getElementById("encryptedstring").innerHTML = encrypted.toString();
//var decrypted = CryptoJS.TripleDES.decrypt(encrypted.toString(), password);
//var finaltext = decrypted.toString(CryptoJS.enc.Utf8);
//document.getElementById("txtPassword").value = encrypted;
I have to pass the encrypted value to C# code and decrypt there itself using cruptoJs.TripleDES.decrypt.
Anybody help me please?
Thanks in advance.
There is a 3DES provider in the .NET Library and here is a good example of how to use it: How to implement Triple DES in C# (complete example)
In principle, if you use 3DES on the client you just use another 3DES implementation on the server, you don't need to use the same implementation -- and since cryptoJS is JavaScript, it is mostly restricted to client-side use anyway.
That being said, your string is not sent securely over the network, because your source code clearly identifies the method + password used to encrypt. So anyone who can sniff the data going to your server can decrypt.
To really encrypt the traffic securely, you'd need to use SSL (= HTTPS).
My team must share data between a localnet html/js app, and a server in the same net listening on a websocket.
The first idea was to simply send variables to the server with get
http://192.168.1.100:8080/var=hello
It's simple and works, but we must add a security level to the data exchange, encrypting all in Aes and then hexing the result to send it as plain string.
The best solution that we found is Crypto-JS https://code.google.com/p/crypto-js/
We are able to follow the examples and encrypting/decrypting data inside the same js block, but are unable to decrypt the data on another software.
we do:
var text = "Message";
var password = "Secret Passphrase";
var encrypted = CryptoJS.AES.encrypt(text, password);
var EnText = encrypted.ciphertext; //returns the hexed/encrypted text
var Key = encrypted.key;
It doesn't work with the c# code running on the server, so we tried an online decrypting tool http://aes.online-domain-tools.com/ passing both the password and the Key, but similarly returns unreadable text
JS generated value for reference
EnText: 5768c9b4d75e0cc32b610d9e6f518c36
Key: 005e316192f5162f7fd104ce2c9fe91de6c6f2977849dcd5878226022a7073be
What are we missing?
Ok i got it, the text is in hexadecimal.
Try decyphering it there:
http://www.unit-conversion.info/texttools/hexadecimal/