Laravel and node js encryption - javascript

Update:
var key = new Buffer('laravel app ', 'base64');
var json = JSON.parse(new Buffer(password_encrypted,'base64').toString('utf8'));
var _iv = new Buffer(json.iv , 'base64');
var decipher = crypto.createDecipheriv('AES-256-CBC', key, _iv);
decipher.setAutoPadding(false);
var t = new Buffer(json.value,'base64');
var dec = decipher.update(t) + decipher.final();
console.log(dec);
So i got it working with the code above. Now the problem is the output is showing additional characters.
output : "s:8:\"asd123\";\u0001"
the password is asd123
s:x seems to be the size, any idea how to remove this?
i only want to extract the password, maybe im missing some settings in crypto?

Related

Cryptojs encryption with Pkcs padding in angularjs

I am trying to create an encrypted request at the frontend using cryptojs using below code:
function createAesRequestPayload(jsonRequiredToEncrypt) {
var base64Key = $window.CryptoJS.lib.WordArray.random(128/8);
var ivkey = $window.CryptoJS.lib.WordArray.random(128/16);
var aesEncrypted = $window.CryptoJS.AES.encrypt(JSON.stringify(jsonRequiredToEncrypt), base64Key,
{ iv: ivkey, mode: $window.CryptoJS.mode.CBC, padding: $window.CryptoJS.pad.Pkcs7});
var iv = btoa(ivkey);
var key = btoa(base64Key);
var data = btoa(aesEncrypted.toString());
var ivAndKey = iv + "|" + key;
var header = crypt.encrypt(ivAndKey); // Using RSA
return (header + "|" + data);
}
Via this code, I am able to create request but on the server-side, I am getting an exception:
Input length must be multiple of 16 when decrypting with padded cipher
Backend is working fine for android and IOS, and I am not able to understand what I am doing wrong.
The padding used at the backend
Cipher.getInstance("AES/CBC/PKCS7Padding")
I don't have the backend with me only I can see the logs on the server.
Any help would be much appreciated.

Encrypt string with Blowfish in NodeJS

I need to encrypt a string but I almost get the output I desire, I read online that it has something to do with padding and iv_vector at the end to complete for the remaining 8 bytes to be same length as txtToEncrypt.
I'm using this library https://github.com/agorlov/javascript-blowfish
// function in Java that I need
// javax.crypto.Cipher.getInstance("Blowfish/CBC/NoPadding").doFinal("spamshog")
var iv_vector = "2278dc9wf_178703";
var txtToEncrypt = "spamshog";
var bf = new Blowfish("spamshog", "cbc");
var encrypted = bf.encrypt(txtToEncrypt, iv_vector);
console.log(bf.base64Encode(encrypted));
Actual output: /z9/n0FzBJQ=
What I need: /z9/n0FzBJRGS6nPXso5TQ==
If anyone has any clue please let me know. I searched all over Google all day.
Finally, here is how to encrypt a string in NodeJS with Blowfish
// Module crypto already included in NodeJS
var crypto = require('crypto');
var iv = "spamshog";
var key = "spamshog";
var text = "2278dc9wf_178703";
var decipher = crypto.createCipheriv('bf-cbc', key, iv);
decipher.setAutoPadding(false);
var encrypted = decipher.update(text, 'utf-8', "base64");
encrypted += decipher.final('base64');
console.log(encrypted);
Returns: /z9/n0FzBJRGS6nPXso5TQ==

Decrypt code , from ruby to js

does anyone know how to translate below ruby script to javascript?
source = ENCRYPTED_STRING
cipher = OpenSSL::Cipher::Cipher.new('AES-128-ECB')
cipher.decrypt
cipher.key = ['SECRET'].pack('H*')
decoded = Base64.decode64(source)
decrypted = cipher.update(decoded) + cipher.final
I'm assuming you want to encrypt a string using "SECRET" as a passphrase.
Here's an example using crypto-js:
source = ENCRYPTED_STRING
var encrypted = CryptoJS.AES.encrypt(source, "SECRET");
http://yijiebuyi.com/blog/13e2ae33082ac12ba4946b033be04bb5.html
problem solved.
function decryption(data, key) {
var iv = "";
var clearEncoding = 'utf8';
var cipherEncoding = 'base64';
var cipherChunks = [];
var decipher = crypto.createDecipheriv('aes-128-ecb', key, iv);
decipher.setAutoPadding(true);
cipherChunks.push(decipher.update(data, cipherEncoding, clearEncoding));
cipherChunks.push(decipher.final(clearEncoding));
return cipherChunks.join('');
}

Sign Key HMAC SHA1 with Javascript

For some reason I am not able to create a signature from a private key in JS. Using this online help from google:
https://m4b-url-signer.appspot.com/
URL:https://google.maps.com/maps/api/geocode/json?address=New+York&client=test
Example Key (fake for the purposes of the exercise)
Key: QNade5DtdJKKZbidTsrIgONupc4=
(Result) Signature: XDsiH5JAY7kJLgA1K2PWlhTdO1k=
However, my javascript code:
var keyString = 'QNade5DtdJKKZbidTsrIgONupc4=';
console.log(keyString)
var urlString = encodeURIComponent('/maps/api/geocode/json?address=New+York&client=test');
console.log(urlString)
// We need to decode private key to binary
var decoded_key_words = CryptoJS.enc.Utf8.parse(keyString);
var decoded_key = CryptoJS.enc.Base64.stringify(decoded_key_words);
console.log(decoded_key);
var signature = CryptoJS.HmacSHA1(decoded_key,urlString);
console.log(signature);
// Encode binary signature to base 64
var encoded_signature = CryptoJS.enc.Base64.stringify(signature);
console.log(encoded_signature)
Gives me a signature:
bOenVNeXI6xI1xlSa77oqGKssyY=
I can't seem to figure out what I'm doing wrong. Am I decoding base64 incorrectly?
For the record, this worked:
<script src="sha.js"></script>
var url = '/maps/api/geocode/json?address=New+York&client=test';
var key = 'QNade5DtdJKKZbidTsrIgONupc4='
var hmacObj = new jsSHA(url, 'TEXT');
var hmacOutput = hmacObj.getHMAC(key,'B64','SHA-1','B64');
console.log(hmacOutput)
Giving me:
XDsiH5JAY7kJLgA1K2PWlhTdO1k=

Node.js Crypto input/output types

I am trying to figure out the Node.js Crypto library and how to use it properly for my situation.
My Goal is:
key in hex string 3132333435363738313233343536373831323334353637383132333435363738
text in hex string 46303030303030303030303030303030
ciphered text in hex string 70ab7387a6a94098510bf0a6d972aabe
I am testing this through a c implementation of AES 256 and through a website at http://www.hanewin.net/encrypt/aes/aes-test.htm
This is what I have to far, it's not working the way I would expect it to work. My best guess is that the input and output types are incorrect for the cipher function. The only one that works is utf8 if I use hex it fails with a v8 error. Any ideas on what I should convert or change to get it to work.
var keytext = "3132333435363738313233343536373831323334353637383132333435363738";
var key = new Buffer(keytext, 'hex');
var crypto = require("crypto")
var cipher = crypto.createCipher('aes-256-cbc',key,'hex');
var decipher = crypto.createDecipher('aes-256-cbc',key,'hex');
var text = "46303030303030303030303030303030";
var buff = new Buffer(text, 'hex');
console.log(buff)
var crypted = cipher.update(buff,'hex','hex')
The output in crypted in this example is 8cfdcda0a4ea07795945541e4d8c7e35 which is not what I would expect.
Your code is using aes-256-cbc when the website you are deriving test vectors from is using ecb mode. Also, you are calling createCipher, but with ECB you should use createCipheriv with no IV (see nodeJS: can't get crypto module to give me the right AES cipher outcome),
Here is some code that demonstrates this:
var crypto = require("crypto");
var testVector = { plaintext : "46303030303030303030303030303030",
iv : "",
key : "3132333435363738313233343536373831323334353637383132333435363738",
ciphertext : "70ab7387a6a94098510bf0a6d972aabe"};
var key = new Buffer(testVector.key, "hex");
var text = new Buffer(testVector.plaintext, "hex");
var cipher = crypto.createCipheriv("aes-256-ecb", key, testVector.iv);
var crypted = cipher.update(text,'hex','hex');
crypted += cipher.final("hex");
console.log("> " + crypted);
console.log("? " + testVector.ciphertext);
The output of running that code is not exactly what I expect, but the first block of the encrypted output matches your expectation. Probably another parameter that needs to be tweaked.:
$ node test-aes-ecb.js
> 70ab7387a6a94098510bf0a6d972aabeeebbdaed7324ec4bc70d1c0343337233
? 70ab7387a6a94098510bf0a6d972aabe

Categories

Resources