I'm trying to create a Postman pre-request script that will hash the request. I am able to use a bash script to do this using this command
SIG=$(echo -n ${CONTENT} | openssl dgst -sha1 -hmac ${PRIVATE_KEY} -binary | openssl enc -base64)
So far I have been unable to replicate this using CryptoJs to do the same, does anyone know how this can be done?
This is what I have tried
CryptoJS.HmacSHA1(CONTENT, pm.environment.get(PRIVATE_KEY)).toString(CryptoJS.enc.Base64)
Related
I'm trying to use crypto.js with openssl, so I would like to encrypt a message with one of them and decrypt with the other.
I included crypto.js from here: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
I tried in js:
CryptoJS.AES.encrypt("This is a message", "secret").toString()
The result is:
"U2FsdGVkX1+BK06UxXoEdF5CkAhhxRPAN5r+XYLse/PSgtWI5e9BX3pkMBRpF6Te"
Then with openssl I do:
echo "U2FsdGVkX1+BK06UxXoEdF5CkAhhxRPAN5r+XYLse/PSgtWI5e9BX3pkMBRpF6Te" | openssl enc -d -a -aes-256-cbc -k "secret"
And I get this error:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140411423139136:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
��+|�W��ۿ��4~
I also tried to add option -pbkdf2 to the openssl command, but I get a similar result.
And I also tried the other way like this:
echo "This is a message" | openssl enc -e -a -aes-256-cbc -k "secret" -pbkdf2
I get this result:
U2FsdGVkX1/QYJ+ZdUeun6mZn2aS+XxpnCTE3/50wc46Tvc3+JJxq+1rR3nS+4cP
Then in js I do:
CryptoJS.AES.decrypt("U2FsdGVkX1/QYJ+ZdUeun6mZn2aS+XxpnCTE3/50wc46Tvc3+JJxq+1rR3nS+4cP", "secret").toString(CryptoJS.enc.Utf8)
And I get:
""
I also tried to remove option -pbkdf2 in openssl command but I get the same result.
I spent hours on this problem, trying to change the algorithm, size key, etc. without finding any solution. Stack overflow is my last hope.
Thanks in advance.
i try import my pem key to Google KMS(with hsm support). I have google guide how it create with openssl:
Wrap the key
Generate a temporary random AES key that is 32 bytes long.
openssl rand -out temp_aes_key.bin 32
Wrap the temporary AES key with the wrapping public key using CKM_RSA_PKCS_OAEP.
openssl rsautl -encrypt
-pubin -inkey wrap_pub_key.pub
-in temp_aes_key.bin
-out temp_aes_key_wrapped.bin
-oaep
Wrap the target key with the temporary AES key using CKM_AES_KEY_WRAP_PAD.
openssl enc -id-aes256-wrap-pad -K $( hexdump -v -e '/1
"%02x"' < "temp_aes_key.bin" ) -iv A65959A6 -in my_key.pem
-out target_key_wrapped.bin
Note the use of -iv A65959A6 sets A65959A6 as the Alternate Initial Value as required by the RFC 5649 specification.
I have wrap_pub_key.pub and my_key.pem, where wrap_pub_key.pub:
-----BEGIN PUBLIC KEY-----
...........key...........
-----END PUBLIC KEY-----
How to programm this steps in nodeJs with cryto lib(without openssl)?
I think you are following this guide I'm not familiar with NodeJs, however I found the next documentation that It could be helpful,
I found the github repo list of each language supported for the Cloud Platform services/APIs!
I think that you can start with this available examples
If you need more details you can use these references:
Google KMS Node.js io Samples
KMS Node.js Client Library
Finally I understand that when you import this kind of key you need to choose a key wrapping algorithms
I hope you find this information helpful
I'm using this command to generate SHA hash in command line on my Mac:
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A
The result looks like this:
93Zn4wbvkSu+.......PksSwU4A+2a.....t0OOmyCompName:public
I then paste this sha with prefix in integrity html attribute: Like this:
<script type="text/javascript" integrity="sha384-93Zn4wbvkSu+.......PksSwU4A+2a.....t0OOmyCompName:public">
And Chrome gives me an error:
Error parsing 'integrity' attribute ('sha384-93Zn4wbvkSu+.......PksSwU4A+2a.....t0OOmyCompName:public'). The digest must be a valid, base64-encoded value.
I tried with myCompName:public and without. Help me please - how to correctly generate this integrity hash?
I don't use https://www.srihash.org/ because no cors enabled. Nginx serves my static files.
I found an error. Do not include in your integrity token this text in the end:
myCompName:public
If you delete -A key from you command in the end it will give you the same result but without name of your local machine and :public word ending.
so the right hash will look like this:
sha384-93Zn4wbvkSu+.......PksSwU4A+2a.....t0OO
I'm trying to encrypt a long UTF-8 encoded string using the aes-256-ecb cipher via node.js's built in crypto library. Bellow are my encryption code written tested in node.js (v0.10.24) and corresponding output and decryption command for OpenSSL (OpenSSL 1.0.1 14 Mar 2012) command line.
Encryption using node.js
var crypto = require('crypto');
var cipher = crypto.createCipher('aes-256-ecb','password');
var plaintext = [
'this is a very long long long long long long',
'long long long long long long long long long',
'long long long long long long string!!!!!!!!'
].join('')
console.log(cipher.update(plaintext,'utf8', 'base64') + cipher.final('base64'))
Output
XBnU6WZ9wr2GdA1YWZVhsG+mHQ0xlXXc8rAFEud6I/PqfFZL6Pdit7Sm8v+ViKNZmhgTzi7zfg8GHKFntkCDuj6F54TDaWKAdJRftLP9I+22jiKRvYtpD4SDV2oIy93MM5IMbSoBRvXayNF8H9FQnhACM5MHhHX1pLiR4yCg/l6iHH2BDLrwCSifGcGCaQYx
Decrypting using OpenSSL
echo -n 'XBnU6WZ9wr2GdA1YWZVhsG+mHQ0xlXXc8rAFEud6I/PqfFZL6Pdit7Sm8v+ViKNZmhgTzi7zfg8GHKFntkCDuj6F54TDaWKAdJRftLP9I+22jiKRvYtpD4SDV2oIy93MM5IMbSoBRvXayNF8H9FQnhACM5MHhHX1pLiR4yCg/l6iHH2BDLrwCSifGcGCaQYx' | openssl enc -d -aes-256-ecb -nosalt -a -pass pass:password
Output
bad decrypt
3074361544:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
Which one is wrong; my encryption or decryption? And how can I make them compatible with one another?
In the openssl command you should use -A option to base64 process the data on one line.
openssl enc -d -aes-256-ecb -nosalt -a -A -pass pass:password
I have an encrypted message created with this openssl command:
openssl enc -aes-256-cbc -salt -in plaintext.txt -out cipher.enc
I've tried CryptoJS and this aes library to decrypt it following the examples. All I get out is gibberish. My quess is that the decryption fails because I don't know how to tell the javascript decryption that the cipher is salted or because it's in "cbc-mode". CryptoJS looks more flexible so it might very well work. But what kind of parameters should I feed it?
Note: this is running in a browser, not in node.js
I put "Message" in a file using:
echo -n "Message" > plaintext.txt
Then I used your example, and password as my password
openssl enc -aes-256-cbc -salt -in plaintextut cipher.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
Then I needed the Base64 version of cipher.enc
cat cipher.enc | base64
U2FsdGVkX1/oA4O+uXXBXAjAenRJwpUV4UqQp4aYCpk=
Lastly, this is the CryptoJS that worked for me:
var dec = CryptoJS.AES.decrypt("U2FsdGVkX1/oA4O+uXXBXAjAenRJwpUV4UqQp4aYCpk=", "password");
var plaintext = CryptoJS.enc.Latin1.stringify(dec);