I'm trying to use crypto.js with openssl, so I would like to encrypt a message with one of them and decrypt with the other.
I included crypto.js from here: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js
I tried in js:
CryptoJS.AES.encrypt("This is a message", "secret").toString()
The result is:
"U2FsdGVkX1+BK06UxXoEdF5CkAhhxRPAN5r+XYLse/PSgtWI5e9BX3pkMBRpF6Te"
Then with openssl I do:
echo "U2FsdGVkX1+BK06UxXoEdF5CkAhhxRPAN5r+XYLse/PSgtWI5e9BX3pkMBRpF6Te" | openssl enc -d -a -aes-256-cbc -k "secret"
And I get this error:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140411423139136:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
��+|�W��ۿ��4~
I also tried to add option -pbkdf2 to the openssl command, but I get a similar result.
And I also tried the other way like this:
echo "This is a message" | openssl enc -e -a -aes-256-cbc -k "secret" -pbkdf2
I get this result:
U2FsdGVkX1/QYJ+ZdUeun6mZn2aS+XxpnCTE3/50wc46Tvc3+JJxq+1rR3nS+4cP
Then in js I do:
CryptoJS.AES.decrypt("U2FsdGVkX1/QYJ+ZdUeun6mZn2aS+XxpnCTE3/50wc46Tvc3+JJxq+1rR3nS+4cP", "secret").toString(CryptoJS.enc.Utf8)
And I get:
""
I also tried to remove option -pbkdf2 in openssl command but I get the same result.
I spent hours on this problem, trying to change the algorithm, size key, etc. without finding any solution. Stack overflow is my last hope.
Thanks in advance.
Related
I'm trying to create a Postman pre-request script that will hash the request. I am able to use a bash script to do this using this command
SIG=$(echo -n ${CONTENT} | openssl dgst -sha1 -hmac ${PRIVATE_KEY} -binary | openssl enc -base64)
So far I have been unable to replicate this using CryptoJs to do the same, does anyone know how this can be done?
This is what I have tried
CryptoJS.HmacSHA1(CONTENT, pm.environment.get(PRIVATE_KEY)).toString(CryptoJS.enc.Base64)
I'm using this command to generate SHA hash in command line on my Mac:
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A
The result looks like this:
93Zn4wbvkSu+.......PksSwU4A+2a.....t0OOmyCompName:public
I then paste this sha with prefix in integrity html attribute: Like this:
<script type="text/javascript" integrity="sha384-93Zn4wbvkSu+.......PksSwU4A+2a.....t0OOmyCompName:public">
And Chrome gives me an error:
Error parsing 'integrity' attribute ('sha384-93Zn4wbvkSu+.......PksSwU4A+2a.....t0OOmyCompName:public'). The digest must be a valid, base64-encoded value.
I tried with myCompName:public and without. Help me please - how to correctly generate this integrity hash?
I don't use https://www.srihash.org/ because no cors enabled. Nginx serves my static files.
I found an error. Do not include in your integrity token this text in the end:
myCompName:public
If you delete -A key from you command in the end it will give you the same result but without name of your local machine and :public word ending.
so the right hash will look like this:
sha384-93Zn4wbvkSu+.......PksSwU4A+2a.....t0OO
I know there are a bunch of similar questions here but after hours of reading I cannot find a solution to mine. So:
I am trying to use jwk-to-pem for signing a JSON web token using jsonwebtoken. I have previously achieved this but now the same code does not work. After calling jwt.sign with the generated pem I get error:0906D06C:PEM routines:PEM_read_bio:no start line.
I know that common reasons would include wrong linebreaks like \r or generally wrong format. I actually even dug through the core nodejs code and found the line throwing this error.
Countless adjustments and attempts brought no solution. Specifically:
I made sure that all linebreaks are \n
I tried different strings for the first and last line, e.g. -----BEGIN PUBLIC KEY----- or -----BEGIN RSA PUBLIC KEY-----
I made sure that the last line contains a \n as last character
I tried to write the pem string to disk and re-reading it, using node's fs.
I compared the pem file to several other files with several editors e.g. using vi -b or regex.
I tried handing the raw file buffer with the pem content to jwt.sign as well as pem.toString('utf8') as well as every other string encouding supported by node
I tried to generate a random pem file using linux tools and give that to jwt.sign. Specifically: ssh-keygen -t rsa -b 2048 -f jwtRS256.key
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.pem
What am I missing here? What possible causes I did not think of can this have?
I found a very simple explanation: I was by mistake using the public instead of the private key. The error thrown by openssl/crypto is very misleading.
Using a private pem/key the signing works as expected.
I'm trying to encrypt a long UTF-8 encoded string using the aes-256-ecb cipher via node.js's built in crypto library. Bellow are my encryption code written tested in node.js (v0.10.24) and corresponding output and decryption command for OpenSSL (OpenSSL 1.0.1 14 Mar 2012) command line.
Encryption using node.js
var crypto = require('crypto');
var cipher = crypto.createCipher('aes-256-ecb','password');
var plaintext = [
'this is a very long long long long long long',
'long long long long long long long long long',
'long long long long long long string!!!!!!!!'
].join('')
console.log(cipher.update(plaintext,'utf8', 'base64') + cipher.final('base64'))
Output
XBnU6WZ9wr2GdA1YWZVhsG+mHQ0xlXXc8rAFEud6I/PqfFZL6Pdit7Sm8v+ViKNZmhgTzi7zfg8GHKFntkCDuj6F54TDaWKAdJRftLP9I+22jiKRvYtpD4SDV2oIy93MM5IMbSoBRvXayNF8H9FQnhACM5MHhHX1pLiR4yCg/l6iHH2BDLrwCSifGcGCaQYx
Decrypting using OpenSSL
echo -n 'XBnU6WZ9wr2GdA1YWZVhsG+mHQ0xlXXc8rAFEud6I/PqfFZL6Pdit7Sm8v+ViKNZmhgTzi7zfg8GHKFntkCDuj6F54TDaWKAdJRftLP9I+22jiKRvYtpD4SDV2oIy93MM5IMbSoBRvXayNF8H9FQnhACM5MHhHX1pLiR4yCg/l6iHH2BDLrwCSifGcGCaQYx' | openssl enc -d -aes-256-ecb -nosalt -a -pass pass:password
Output
bad decrypt
3074361544:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:evp_enc.c:532:
Which one is wrong; my encryption or decryption? And how can I make them compatible with one another?
In the openssl command you should use -A option to base64 process the data on one line.
openssl enc -d -aes-256-ecb -nosalt -a -A -pass pass:password
I have an encrypted message created with this openssl command:
openssl enc -aes-256-cbc -salt -in plaintext.txt -out cipher.enc
I've tried CryptoJS and this aes library to decrypt it following the examples. All I get out is gibberish. My quess is that the decryption fails because I don't know how to tell the javascript decryption that the cipher is salted or because it's in "cbc-mode". CryptoJS looks more flexible so it might very well work. But what kind of parameters should I feed it?
Note: this is running in a browser, not in node.js
I put "Message" in a file using:
echo -n "Message" > plaintext.txt
Then I used your example, and password as my password
openssl enc -aes-256-cbc -salt -in plaintextut cipher.enc
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:
Then I needed the Base64 version of cipher.enc
cat cipher.enc | base64
U2FsdGVkX1/oA4O+uXXBXAjAenRJwpUV4UqQp4aYCpk=
Lastly, this is the CryptoJS that worked for me:
var dec = CryptoJS.AES.decrypt("U2FsdGVkX1/oA4O+uXXBXAjAenRJwpUV4UqQp4aYCpk=", "password");
var plaintext = CryptoJS.enc.Latin1.stringify(dec);