Decrypt string DES-ECB using cryptojs - javascript

I tried using this online tool to decrypt my string and it works perfectly fine, which I want to implement in my React app.
encrypted string: "iPPGVzyogeiPwpro65A0eUaQggN+8+J4mteJdeaEeFiCL4nTGWnI3F16SIjtZBIxsc7WJNlKm0HtZ754aGgzDIPzFaL/aK97"
decrypted string: "http://aac.saavncdn.com/666/487fc075363611f93bb2a8bfc27635f6_96.mp4",
When I'm trying to code this the encrypted string comes out different if I try to encrypt and vice versa
Here is my code:
var encrypted = CryptoJS.DES.encrypt(
"http://aac.saavncdn.com/666/487fc075363611f93bb2a8bfc27635f6_96.mp4",
"38346591"
).toString();
this gives a different output:
U2FsdGVkX18ql9OPbTS4FRRHvl8Tvm7m2Vg5SkUdIM2p9OF6GU0wYmJQoitwGoPlKCx8tTfdcLGNc34V3sgw1EKlCeSYtJ6LFc2BDpdfNOw3XYoadapisA==
var encrypted =
"iPPGVzyogeiPwpro65A0eUaQggN+8+J4mteJdeaEeFiCL4nTGWnI3F16SIjtZBIxsc7WJNlKm0HtZ754aGgzDIPzFaL/aK97";
var decrypted = CryptoJS.DES.decrypt(encrypted, "38346591");
console.log(decrypted.toString());
that's why the decrypt also doesn't work.
Am I missing anything?

Related

Crypto-JS can't decode AES string from cryptopals challenge

I'm trying to decode this AES string: https://cryptopals.com/static/challenge-data/7.txt (from here)
The page simply says it's been AES encrypted in ECB mode using the key YELLOW SUBMARINE.
The Crypto-JS library should be able to decode this. The docs show a simple method, and I'm using it like so:
// message is the base64 data in the link above
// key is: YELLOW SUBMARINE
const decrypted = CryptoJS.AES.decrypt(message, key, {
mode: CryptoJS.mode.ECB
});
return decrypted.toString(CryptoJS.enc.Utf8);
Except then it throws an error on the last line: "Malformed UTF-8 data". I've tried a number of different things including all the different paddings and trying to convert the base64 data to either hex or utf-8 first. It's always that same error.
I'm really at a loss of what I'm doing wrong here.
Here's a stupid simple jsfiddle: https://jsfiddle.net/jg7hwLuk/
The key must be passed to decrypt() as WordArray. This can be achieved with the Utf8 encoder.
The ciphertext can be passed directly as Base64 encoded string and is implicitly converted to a CipherParams object by CryptoJS.
This allows the ciphertext to be decrypted:
var message = "CRIwqt4+szDbqkNY+I0qbDe3LQz0wiw0SuxBQtAM5TDdMbjCMD/venUDW9BLPEXODbk6a48oMbAY6DDZsuLbc0uR9cp9hQ0QQGATyyCESq2NSsvhx5zKlLtzdsnfK5ED5srKjK7Fz4Q38/ttd+stL/9WnDzlJvAo7WBsjI5YJc2gmAYayNfmCW2lhZE/ZLG0CBD2aPw0W417QYb4cAIOW92jYRiJ4PTsBBHDe8o4JwqaUac6rqdi833kbyAOV/Y2RMbN0oDb9Rq8uRHvbrqQJaJieaswEtMkgUt3P5Ttgeh7J+hE6TR0uHot8WzHyAKNbUWHoi/5zcRCUipvVOYLoBZXlNu4qnwoCZRSBgvCwTdz3Cbsp/P2wXB8tiz6l9rL2bLhBt13Qxyhhu0H0+JKj6soSeX5ZD1Rpilp9ncR1tHW8+uurQKyXN4xKeGjaKLOejr2xDIw+aWF7GszU4qJhXBnXTIUUNUfRlwEpS6FZcsMzemQF30ezSJHfpW7DVHzwiLyeiTJRKoVUwo43PXupnJXDmUysCa2nQz/iEwyor6kPekLv1csm1Pa2LZmbA9Ujzz8zb/gFXtQqBAN4zA8/wt0VfoOsEZwcsaLOWUPtF/Ry3VhlKwXE7gGH/bbShAIKQqMqqUkEucZ3HPHAVp7ZCn3Ox6+c5QJ3Uv8V7L7SprofPFN6F+kfDM4zAc59do5twgDoClCbxxG0L19TBGHiYP3CygeY1HLMrX6KqypJfFJW5O9wNIF0qfOC2lWFgwayOwq41xdFSCW0/EBSc7cJw3N06WThrW5LimAOt5L9c7Ik4YIxu0K9JZwAxfcU4ShYu6euYmWLP98+qvRnIrXkePugS9TSOJOHzKUoOcb1/KYd9NZFHEcp58Df6rXFiz9DSq80rR5Kfs+M+Vuq5Z6zY98/SP0A6URIr9NFu+Cs9/gf+q4TRwsOzRMjMQzJL8f7TXPEHH2+qEcpDKz/5pE0cvrgHr63XKu4XbzLCOBz0DoFAw3vkuxGwJq4Cpxkt+eCtxSKUzNtXMn/mbPqPl4NZNJ8yzMqTFSODS4bYTBaN/uQYcOAF3NBYFd5x9TzIAoW6ai13a8h/s9i5FlVRJDe2cetQhArrIVBquF0L0mUXMWNPFKkaQEBsxpMCYh7pp7YlyCNode12k5jY1/lc8jQLQJ+EJHdCdM5t3emRzkPgND4a7ONhoIkUUS2R1oEV1toDj9iDzGVFwOvWyt4GzA9XdxT333JU/n8m+N6hs23MBcZ086kp9rJGVxZ5f80jRz3ZcjU6zWjR9ucRyjbsuVn1t4EJEm6A7KaHm13m0vwN/O4KYTiiY3aO3siayjNrrNBpn1OeLv9UUneLSCdxcUqjRvOrdA5NYv25Hb4wkFCIhC/Y2ze/kNyis6FrXtStcjKC1w9Kg8O25VXB1Fmpu+4nzpbNdJ9LXahF7wjOPXN6dixVKpzwTYjEFDSMaMhaTOTCaqJig97624wv79URbCgsyzwaC7YXRtbTstbFuEFBee3uW7B3xXw72mymM2BS2uPQ5NIwmacbhta8aCRQEGqIZ078YrrOlZIjar3lbTCo5o6nbbDq9bvilirWG/SgWINuc3pWl5CscRcgQQNp7oLBgrSkQkv9AjZYcvisnr89TxjoxBO0Y93jgp4T14LnVwWQVx3l3d6S1wlscidVeaM24E/JtS8k9XAvgSoKCjyiqsawBMzScXCIRCk6nqX8ZaJU3rZ0LeOMTUw6MC4dC+aY9SrCvNQub19mBdtJUwOBOqGdfd5IoqQkaL6DfOkmpnsCs5PuLbGZBVhah5L87IY7r6TB1V7KboXH8PZIYc1zlemMZGU0o7+etxZWHgpdeX6JbJIs3ilAzYqw/Hz65no7eUxcDg1aOaxemuPqnYRGhW6PvjZbwAtfQPlofhB0jTHt5bRlzF17rn9q/6wzlc1ssp2xmeFzXoxffpELABV6+yj3gfQ/bxIB9NWjdZK08RX9rjm9CcBlRQeTZrD67SYQWqRpT5t7zcVDnx1s7ZffLBWm/vXLfPzMaQYEJ4EfoduSutjshXvR+VQRPs2TWcF7OsaE4csedKUGFuo9DYfFIHFDNg+1PyrlWJ0J/X0PduAuCZ+uQSsM/ex/vfXp6Z39ngq4exUXoPtAIqafrDMd8SuAtyEZhyY9V9Lp2qNQDbl6JI39bDz+6pDmjJ2jlnpMCezRK89cG11IqiUWvIPxHjoiT1guH1uk4sQ2Pc1J4zjJNsZgoJDcPBbfss4kAqUJvQyFbzWshhtVeAv3dmgwUENIhNK/erjpgw2BIRayzYw001jAIF5c7rYg38o6x3YdAtU3d3QpuwG5xDfODxzfL3yEKQr48C/KqxI87uGwyg6H5gc2AcLU9JYt5QoDFoC7PFxcE3RVqc7/Um9Js9X9UyriEjftWt86/tEyG7F9tWGxGNEZo3MOydwX/7jtwoxQE5ybFjWndqLp8DV3naLQsh/Fz8JnTYHvOR72vuiw/x5D5PFuXV0aSVvmw5Wnb09q/BowS14WzoHH6ekaWbh78xlypn/L/M+nIIEX1Ol3TaVOqIxvXZ2sjm86xRz0EdoHFfupSekdBULCqptxpFpBshZFvauUH8Ez7wA7wjL65GVlZ0f74U7MJVu9SwsZdgsLmnsQvr5n2ojNNBEv+qKG2wpUYTmWRaRc5EClUNfhzh8iDdHIsl6edOewORRrNiBay1NCzlfz1cj6VlYYQUM9bDEyqrwO400XQNpoFOxo4fxUdd+AHmCBhHbyCR81/C6LQTG2JQBvjykG4pmoqnYPxDyeiCEG+JFHmP1IL+jggdjWhLWQatslrWxuESEl3PEsrAkMF7gt0dBLgnWsc1cmzntG1rlXVi/Hs2TAU3RxEmMSWDFubSivLWSqZj/XfGWwVpP6fsnsfxpY3d3h/fTxDu7U8GddaFRQhJ+0ZOdx6nRJUW3u6xnhH3mYVRk88EMtpEpKrSIWfXphgDUPZ0f4agRzehkn9vtzCmNjFnQb0/shnqTh4Mo/8oommbsBTUKPYS7/1oQCi12QABjJDt+LyUan+4iwvCi0k0IUIHvk21381vC0ixYDZxzY64+xx/RNID+iplgzq9PDZgjc8L7jMg+2+mrxPS56e71m5E2zufZ4d+nFjIg+dHD/ShNPzVpXizRVUERztLuak8Asah3/yvwOrH1mKEMMGC1/6qfvZUgFLJH5V0Ep0n2K/Fbs0VljENIN8cjkCKdG8aBnefEhITdV7CVjXcivQ6efkbOQCfkfcwWpaBFC8tD/zebXFE+JshW16D4EWXMnSm/9HcGwHvtlAj04rwrZ5tRvAgf1IR83kqqiTvqfENcj7ddCFwtNZrQK7EJhgB5Tr1tBFcb9InPRtS3KYteYHl3HWR9t8E2YGE8IGrS1sQibxaK/C0kKbqIrKpnpwtoOLsZPNbPw6K2jpko9NeZAx7PYFmamR4D50KtzgELQcaEsi5aCztMg7fp1mK6ijyMKIRKwNKIYHagRRVLNgQLg/WTKzGVbWwq6kQaQyArwQCUXo4uRtyzGMaKbTG4dns1OFB1g7NCiPb6s1lv0/lHFAF6HwoYV/FPSL/pirxyDSBb/FRRA3PIfmvGfMUGFVWlyS7+O73l5oIJHxuaJrR4EenzAu4Avpa5d+VuiYbM10aLaVegVPvFn4pCP4U/Nbbw4OTCFX2HKmWEiVBB0O3J9xwXWpxN1Vr5CDi75FqNhxYCjgSJzWOUD34Y1dAfcj57VINmQVEWyc8Tch8vg9MnHGCOfOjRqp0VGyAS15AVD2QS1V6fhRimJSVyT6QuGb8tKRsl2N+a2Xze36vgMhw7XK7zh//jC2H";
var key = "YELLOW SUBMARINE";
const decrypted = CryptoJS.AES.decrypt(message, CryptoJS.enc.Utf8.parse(key), {
mode: CryptoJS.mode.ECB
});
document.getElementById("pt").innerHTML = decrypted.toString(CryptoJS.enc.Utf8);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
<p style="font-family:'Courier New', monospace;" id="pt"></p>

Decrypt external AES256/CBC/PKCS7 data with CryptoJS, provided 64-char Hex key from SiteMinder

I'm attempting to using CryptoJS to decrypt a string, provided a 64 character string from SiteMinder.
The decrypted string looks like:
8yi6XwyLPZq%2FNjV9fmoyHYtC2UUS48KlpPLMl063gPwDDLJYkLeUFAwC8hTcXrPJkShbjJTShlLUoh2y17kwOA%3D%3D
And the key provided to me is a 64-character Hex string, like so: B55E3CE5E4E335D61E3224B2EAAA79E68AFF43FFAAA85A9D4F2BA07618DF2D67
After the information is decrypted, it should present a string that shows something like:
term1;term2
The JavaScript code I am using to decrypt with CryptoJS looks like:
CryptoJS.AES.decrypt(
encryptedValue,
64CharacterKeyProvidedAbove
).toString();
However, the decrypted value isn't coming back as expected. I've read some information about providing an IV to use a pre-defined key, but I don't have any information, only the key used when SiteMinder encrypts information from the database it is connected to.
Do I need to change the way I'm using CryptoJS?
Assuming you mean encrypted string looks like 8yi6XwyLPZq%2FNjV9fmoyHYtC2UUS48KlpPLMl063gPwDDLJYkLeUFAwC8hTcXrPJkShbjJTShlLUoh2y17kwOA%3D%3D.
And given that encryption is AES256/CBC/PKCS7.
We can make these observations:
The string looks URL-encoded and Base64-encoded (%3D is =, and Base64 often ends with =)
There is no IV which is required for CBC, so it is probably in the first 16 bytes of the encoded string. The remainder of the string is probably the ciphertext
So we can decrypt it with CryptoJS like this:
var encrypted = CryptoJS.enc.Base64.parse(decodeURIComponent(encryptedStr));
var key = CryptoJS.enc.Hex.parse(hexKey);
var iv = CryptoJS.enc.Hex.parse(CryptoJS.enc.Hex.stringify(encrypted).substr(0, 32));
var ciphertext = CryptoJS.enc.Hex.parse(CryptoJS.enc.Hex.stringify(encrypted).substr(32));
var plaintext = CryptoJS.AES.decrypt({ciphertext: ciphertext}, key, {iv: iv});
Here's a working DEMO on jsFiddle.
Result:
SERLOGINNAME=T6ATD1F;password=QWERTY!8;

Decrypt a string using Base64 decode in angularJS

I am encrypting a token that is sent from JAVA code to Angular using Base64 encryption:
String token = "1345BCHCNB";
Cipher ecipher = Cipher.getInstance("AES");
String mykey = "1234567891234567";
SecretKey key = new SecretKeySpec(mykey.getBytes(), "AES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
byte[] utf8 = token.getBytes("UTF-8");
byte[] enc = ecipher.doFinal(utf8);
String enctoken = Base64.encodeBase64(enc).toString());
Now i want to decrypt it on Angular side. I am not able to figure it out how to convert it back to actual token
Base64 is NOT about encryption, but it is an encoding flavour. You can always, with no key nor anything secret, get the original data.
In Javascript, it is implemented using the functions btoa and atob.
More infos here: http://www.w3schools.com/jsref/met_win_atob.asp
And a related topic: Base64 encoding and decoding in client-side Javascript
For the AES part, you could give a look at this topic: How to decrypt message with CryptoJS AES. I have a working Ruby example

NodeJS Crypto with RC4 yields blank

I have a php function that generates an RC4 encrypted string. I would like to decode that string using Node - ideally using the built in Crypto module. But I am unable to do so - I just get a blank string.
The PHP code is here http://code.google.com/p/rc4crypt/
My JS code is
crypto = require('crypto');
decipher = crypto.createDecipher("rc4", "MY SECRET KEY");
text = "HELLO";
decrypted = decipher.update(text, "utf8", "hex");
decrypted += decipher.final("hex");
console.log(decrypted);
I don't get any output. I have checked that my OpenSSL implementation has RC4 using openssl list-message-digest-algorithms
I am on OSX 10.8, latest node.
I am open to using another module to decrypt - I tried the cryptojs module but did not figure out how to make it work - gave me errors when I tried RC4.
Thanks
Figured it out
First one must use crypto.createDecipheriv otherwise the key is - I believe - md5 hashed instead of used raw.
Secondly the input encoding mut be set to binary.
Third - in my case I was dealing with POST data instead of a hardcoded string and I had to urldecode it - decodeURIComponent() jsut choked - but unescape() with removal of + signs did the trick ex:
var text = unescape((response.post.myvar + '').replace(/\+/g, '%20'))
var crypto = require('crypto');
decipher = crypto.createDecipheriv("rc4", key, '');
decrypted = decipher.update(text, "binary", "utf8");
decrypted += decipher.final("utf8");
console.log(decrypted);

My CryptoJS encryption/decryption is not working

I have an array of JSON arrays whose values I am trying to encrypt with CryptoJS and then print for use in another file, where these values should be decrypted using a user-given passphrase.
But I am doing something wrong and I am getting "Uncaught Error: Malformed UTF-8 data" when decrypting the URL's.
encrypt.js:
var encrypted = CryptoJS.AES.encrypt(item[key], pass);
json[j] += encrypted.ciphertext.toString(CryptoJS.enc.Base64);
decrypt.js:
var decrypted = CryptoJS.AES.decrypt(item[key], pass);
html += '' + icons[key] + '';
I followed this example... Help, pretty please?
That error message usually means the data wasn't decrypted correctly, and the resulting plaintext bytes don't form valid UTF-8 characters.
A couple things to check:
First, make sure you're using the same password for both encryption and decryption. You may want to keep a hash of the correct password so that you can verify if the user gave the correct password before you use it for decryption.
Second, make sure that the value item[key] is a string before encrypting. CryptoJS can't encrypt JSON objects. You'll have to serialize it first.

Categories

Resources