I get an exception while trying to decrypt a cryptojs encrypted message. My decryption javascript code is given below. I am kind of stuck with no clue of what is happening. I did some debugging and could see that Base64 within the cipher-core library was undefined...
function decrypt(){
var salt = CryptoJS.enc.Hex.parse("3A79D3242F9D0DCE0C811DCCE7F830C5");
var iv = CryptoJS.enc.Hex.parse("9BCBD77036744C7F26DF591AE6A772C6");
var encryptedBase64 = "eKCnyuKiH3lvknsNZq9hARCr6xtDLU/De7sPc3RPSRFAh7WCurBKmDZx/Ol0mbROBtAJBCT0+U927iygd4GspQ==";
var key = CryptoJS.PBKDF2("passwordA", salt, { keySize: 128/32, iterations: 100 });
console.log('key '+key);
var encryptedStr = encryptedBase64; //CryptoJS.enc.Base64.parse(encryptedBase64);
console.log('encryptedStr : '+ encryptedStr );
var decrypted = CryptoJS.AES.decrypt(encryptedStr, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 });
console.log('decrypted : '+ decrypted);
var decryptedText = decrypted.toString(CryptoJS.enc.Utf8);
console.log('decrypted text : '+ decryptedText);
}
I get the following exception
TypeError: Cannot read property 'parse'
of undefined at Object.m.OpenSSL.parse(http: //domain.com/PEMSWeb/offlinePageDemo/offlineInspectionApp/CryptoJSv3.1.2/components/cipher-core-min.js:12:101)
at Object.f.SerializableCipher.k.extend._parse(http: //domain.com/PEMSWeb/offlinePageDemo/offlineInspectionApp/CryptoJSv3.1.2/components/cipher-core-min.js:13:220)
at Object.f.SerializableCipher.k.extend.decrypt(http: //domain.com/PEMSWeb/offlinePageDemo/offlineInspectionApp/CryptoJSv3.1.2/components/cipher-core-min.js:13:99)
at Object.decrypt(http: //domain.com/PEMSWeb/offlinePageDemo/offlineInspectionApp/CryptoJSv3.1.2/components/cipher-core-min.js:8:308)
I have no idea what is going wrong ...something is going incorrect within cryptojs
Updated
I have the following libraries in my page in the same sequence
1) CryptoJSv3.1.2/components/core-min.js
2) CryptoJSv3.1.2/components/cipher-core-min.js
3) CryptoJSv3.1.2/components/enc-base64-min.js
4) CryptoJSv3.1.2/components/enc-utf16-min.js
5) CryptoJSv3.1.2/rollups/aes.js
6) CryptoJSv3.1.2/rollups/pbkdf2.js
I'm not sure why you need the components scripts, but you should change the order around. This is a working ordering found by trial and error:
<script src="components/core-min.js "></script>
<script src="rollups/aes.js"></script>
<script src="components/cipher-core-min.js"></script>
<script src="components/enc-base64-min.js"></script>
<script src="rollups/pbkdf2.js"></script>
<script src="components/enc-utf16-min.js"></script>
and minimal cover set that is needed for the shown code is
<script src="rollups/aes.js"></script>
<script src="rollups/pbkdf2.js"></script>
core is contained in the rollups, base64 is contained in aes. utf16 is not needed in the code. I'm not sure what cipher-core does, but I guess it is also contained in aes.
The files are available for self-hosting from the Google Code Archive.
Related
As a newbie to Cryptography, I'm trying to reproduce the same default behavior of the AES256TextEncryptor Class of the jasypt-library with the CrpytoJS library. This is my Java method, that basically takes in two arguments - the message that I want to encrypt as well as my secret paraphrase:
private String encryptWithAes256(String messageToBeEncrypted, String encryptorSecret) {
AES256TextEncryptor encryptor = new AES256TextEncryptor();
encryptor.setPassword(encryptorSecret);
return encryptor.encrypt(messageToBeEncrypted);
}
When encrypting the messageToBeEncrypted with this code, the resulting encrypted message is fine. What I found out is that the AES256TextEncryptor, which internally uses the StandardPBEStringEncryptor as a encryptor, seems to use the PBEWithHMACSHA512AndAES_256 algorithm as a default.
How can I reproduce the same encryption behavior with CrpytoJS? When I'm trying to encrypt the message with CryptoJS in the way it's documented here, the result is totally different from what I expect it to be.
Based on Topaco's comment, I came up with the following JavaScript Code to mimic the Java code:
function encryptWithAes256(messageToEncrypt, encryptorKey){
// Generate random 16 bytes salt
var salt = CryptoJS.lib.WordArray.random(128/8);
// Derive key
var key = CryptoJS.PBKDF2(encryptorKey, salt, { keySize: 256/32, iterations: 1000 });
console.log("derived key: " + key);
// Generate random 16 bytes init vector (iv)
var iv = CryptoJS.lib.WordArray.random(128/8);
var cipherText = CryptoJS.AES.encrypt(messageToEncrypt, key, {iv: iv});
console.log("aes encrypted text: "+ salt.toString() + iv.toString() + cipherText.toString());
}
The generated result still seems not be as expected though, as it's length is 88 characters, whereas the Java code generates a 64 character long encrypted message.
The posted code is close to the required result. The following still needs to be corrected:
PBKDF2 applies SHA1 by default, which means SHA512 must be explicitly specified.
The concatenation must be done on a binary level and not with the hex and Base64 encoded data.
If this is fixed, a possible implementation is:
function encryptWithAes256(messageToEncrypt, encryptorKey){
// Generate random 16 bytes salt
var salt = CryptoJS.lib.WordArray.random(128/8);
// Derive key
var key = CryptoJS.PBKDF2(
encryptorKey,
salt,
{ keySize: 256/32, iterations: 1000, hasher: CryptoJS.algo.SHA512 } // Apply SHA512
);
console.log("derived key:\n" + key);
// Generate random 16 bytes init vector (iv)
var iv = CryptoJS.lib.WordArray.random(128/8);
// Encrypt
var cipherText = CryptoJS.AES.encrypt(messageToEncrypt, key, {iv: iv});
// Concatenate
var encryptedData = salt.clone().concat(iv).concat(cipherText.ciphertext); // Concatenate on binary level
var encryptedDataB64 = encryptedData.toString(CryptoJS.enc.Base64); // Base64 encode the result
console.log("aes encrypted text:\n", encryptedDataB64.replace(/(.{56})/g,'$1\n'));
}
encryptWithAes256('The quick brown fox jumps over the lazy dog', 'my passphrase');
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
Since because of the random salt and IV always different data is generated, a test of the implementation is not possible by comparing the data. Instead, it must be checked whether the data generated with the CryptoJS code is decryptable with the Jasypt counterpart for decryption:
private static String decryptWithAes256(String ciphertextToBeDecrypted, String encryptorSecret) {
AES256TextEncryptor encryptor = new AES256TextEncryptor();
encryptor.setPassword(encryptorSecret);
return encryptor.decrypt(ciphertextToBeDecrypted);
}
which is indeed the case with the above CryptoJS implementation.
I am using CryptoJS in my angular app to implement AES encryption but I am keep getting TypeError: Cannot read property '0' of undefined error when I try to send empty 16 byte array in IV
Here's my typescript code:
aesEncrypt(keys: string, value: string) { // encrypt api request parameter with aes secretkey
var key = CryptoJS.enc.Utf8.parse(keys);
//var iv = CryptoJS.enc.Utf8.parse(keys);
var iv = new Uint16Array(16);
var encrypted = CryptoJS.AES.encrypt(JSON.stringify(value), key,
{
//keySize: 256,
keySize: 128,
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
});
return encrypted.toString();
}
But same thing works fine in .NET, android, ios when I send empty 16 byte array in IV
.NET code:
private static AesCryptoServiceProvider AesCryptoServiceProvider(string key)
{
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.KeySize = 128;
aes.BlockSize = 128;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
aes.Key = Encoding.UTF8.GetBytes(key);
//aes.IV = Encoding.UTF8.GetBytes(key);
aes.IV = new byte[16];
return aes;
}
android code:
public static String encryptURLEncoding(byte[] key, String encryption) throws GeneralSecurityException
{
if (key.length != 16)
{
throw new IllegalArgumentException("Invalid key size.");
}
// Setup AES tool.
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[16]));
byte[] dstBuff = cipher.doFinal(encryption.getBytes());
String encryptedStringData = android.util.Base64.encodeToString(dstBuff, android.util.Base64.DEFAULT);
return encryptedStringData;
}
I want to implement AES encrypt decrypt by providing empty 16 byte array because this app is interconnected with my other apps which are on android, ios platform with same encryption setup but I am getting error in my angular app, How can I resolve this issue?
In the JavaScript code the IV must be passed as WordArray. Since a 0-IV was used in the C# code, this must also be done in the JavaScript code. The corresponding WordArray could be e.g.
var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");
Note that the Hex encoder is used so that the 16 bytes 0-IV correspond to 32 0-values.
Also be aware that generally a 0-IV should only be used for testing purposes. In practice, for security reasons, a random IV has to be generated for each encryption. Additionally, a key / IV pair may only be used once.
Furthermore CryptoJS does not know the parameter keySize and ignores it. The used AES variant is determined by the key size, e.g. for a 32 bytes key AES-256 is applied, here.
For those who faced a similar error in typescript for encrypting a string, you just need to import the package this way
import * as Crypto from 'crypto-js';
I faced the same problem.
Including the iv option solved it.
var iv = CryptoJS.enc.Hex.parse("101112131415161718191a1b1c1d1e1f"); var ciphertext = CryptoJS.AES.encrypt("msg", CryptoJS.enc.Hex.parse("000102030405060708090a0b0c0d0e0f"),{ iv: iv, mode: CryptoJS.mode.CTR, padding: CryptoJS.pad.AnsiX923 });
I am trying to encrypt data using crypto-js javascript library and trying to decrypt the same encrypted text on nodejs side using node crypto library. I am using AES 256 encryption algo with CTR mode with no padding. I am able to encrypt properly but the description on nodejs crypto module is not producing same plain text.
If I try to encrypt or decrypt using the same crypto-js and node crypto library, it works fine but encryption on crypto-js and description on crypto is not working as expected. I have tried to confirm if I encrypt and decrypt in the same library than it works or not and it works perfectly fine. Can someone please check what mistake I am making here?
Please find below code samples.
Encryption:
var key = CryptoJS.enc.Hex.parse('F29BA22B55F9B229CC9C250E11FD4384');
var iv = CryptoJS.enc.Hex.parse('C160C947CD9FC273');
function encrypt(plainText) {
return CryptoJS.AES.encrypt(
plainText,
key,
{
iv: iv,
padding: CryptoJS.pad.NoPadding,
mode: CryptoJS.mode.CTR
}
);
}
Descryption using NodeJS crypo module:
var algorithm = 'aes-256-ctr';
var key = 'F29BA22B55F9B229CC9C250E11FD4384';
var iv = 'C160C947CD9FC273';
var outputEncoding = 'hex';
var inputEncoding = 'hex';
const decipher = crypto.createDecipheriv(algorithm, key, iv);
let decrypted = decipher.update('8df5e11f521cf492437a95', inputEncoding, 'utf8');
decrypted += decipher.final('utf8');
console.log(decrypted);
As I have mentioned above, I have JavaScript crypo-js and NodeJS crypo module sessions working fine if I encrypt and decrypt using the same lib but doesn't work otherwise. Please check the working code as below.
JavaScript: http://jsfiddle.net/usr_r/2qwt8jsh/2/
NodeJS: https://repl.it/repls/AchingRegalPhp
I think your CryptoJS code isn't using AES-256, as the key and IV are too short and hence it's implicitly using AES-128. if you get the blockSize from the CryptoJS.AES object it says 4 for me. that said I don't know CryptoJS very well and that might not mean "4 words".
To bypass this implementation uncertainty, it's good to have a "gold standard" to replicate. NIST provides lots of test vectors, some of which apply to your CTR mode AES-256. First I pull out a set of (hex encoded) test vectors from that document:
const key = (
'603deb1015ca71be2b73aef0857d7781' +
'1f352c073b6108d72d9810a30914dff4'
)
const ctr = 'f0f1f2f3f4f5f6f7f8f9fafbfcfdff00'
const output = '5a6e699d536119065433863c8f657b94'
const cipher = 'f443e3ca4d62b59aca84e990cacaf5c5'
const plain = 'ae2d8a571e03ac9c9eb76fac45af8e51'
next I try and recover these from Node's crypto module:
const crypto = require('crypto')
function node_crypto(text) {
const dec = crypto.createDecipheriv(
'aes-256-ctr',
Buffer.from(key, 'hex'),
Buffer.from(ctr, 'hex')
);
const out = dec.update(Buffer.from(text, 'hex'))
return out.toString('hex')
}
now I can write a simple test harness for testing the above and use it with that function:
const zero = '00'.repeat(16);
function test_crypto(fn) {
return {
'zero => output': fn(zero) == output,
'cipher => plain': fn(cipher) == plain,
'plain => cipher': fn(plain) == cipher,
}
}
console.log(test_crypto(node_crypto))
which gives me true for all tests.
finally, the equivalent code for CryptoJS is:
const CryptoJS = require("crypto-js");
function cryptojs(text) {
const out = CryptoJS.AES.encrypt(
CryptoJS.enc.Latin1.parse(Buffer.from(text, 'hex').toString('binary')),
CryptoJS.enc.Hex.parse(key),
{
iv: CryptoJS.enc.Hex.parse(ctr),
mode: CryptoJS.mode.CTR,
padding: CryptoJS.pad.NoPadding,
}
);
return out.ciphertext.toString();
}
console.log(test_crypto(cryptojs))
which also works for me.
It's important to note that CryptoJS just silently accepts arbitrarily sized keys, with the docs saying:
CryptoJS supports AES-128, AES-192, and AES-256. It will pick the variant by the size of the key you pass in. If you use a passphrase, then it will generate a 256-bit key.
In contrast to the NodeJS-code (Crypto), the JavaScript-code (CryptoJS) interprets keys and IV as hexadecimal strings. Therefore, in the JavaScript-Code AES-128 is used and in the NodeJS-Code AES-256. To solve the problem, both codes must use the same encryption.
Option 1: Change the JavaScript-code to AES-256: Replace in the JavaScript-code
var key = CryptoJS.enc.Hex.parse('F18AB33A57F9B229CC9C250D00FC3273');
var iv = CryptoJS.enc.Hex.parse('D959B836CD9FB162');
by
var key = CryptoJS.enc.Utf8.parse('F18AB33A57F9B229CC9C250D00FC3273');
var iv = CryptoJS.enc.Utf8.parse('D959B836CD9FB162');
Option 2: Change the NodeJS-code to AES-128: Replace in the NodeJS-code
var algorithm = 'aes-256-ctr';
var key = 'F18AB33A57F9B229CC9C250D00FC3273';
var iv = 'D959B836CD9FB162';
by
var algorithm = 'aes-128-ctr';
var key = Buffer.from('F18AB33A57F9B229CC9C250D00FC3273', 'hex');
var iv = Buffer.from('D959B836CD9FB1620000000000000000', 'hex');
With one of each of the two changes, the codes of both links produce the same result.
If AES-256 should be used and key and IV should be specified as hexadecimal strings, a correspondingly large key and IV must be used, e.g. on the JavaScript-side:
var key = CryptoJS.enc.Hex.parse('F18AB33A57F9B229CC9C250D00FC3273F18AB33A57F9B229CC9C250D00FC3273');
var iv = CryptoJS.enc.Hex.parse('D959B836CD9FB16200000000000000');
and on the NodeJS-side:
var algorithm = 'aes-256-ctr';
var key = Buffer.from('F18AB33A57F9B229CC9C250D00FC3273F18AB33A57F9B229CC9C250D00FC3273', 'hex');
var iv = Buffer.from('D959B836CD9FB1620000000000000000', 'hex');
Scenario
I've got the following code:
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<div id="decrypted">Please wait...</div>
Insert new note:<input type="text" id="new_note"><input type="button" id="enc_button" value="Save">
<script>
var password = "testpassword";
var encrypted_text = localStorage.getItem("encrypted");
var rawData = atob(encrypted_text);
var iv = rawData.substring(0,16);
var crypttext = rawData.substring(16);
var plaintextArray = CryptoJS.AES.decrypt(
{ ciphertext: CryptoJS.enc.Latin1.parse(crypttext) },
CryptoJS.enc.Hex.parse(password),
{ iv: CryptoJS.enc.Latin1.parse(iv) }
);
var decrypted = CryptoJS.enc.Latin1.stringify(plaintextArray);
document.getElementById("decrypted").innerHTML = decrypted;
document.getElementById("enc_button").onclick = function(){
var text = document.getElementById("new_note").value;
var encrypted = CryptoJS.AES.encrypt(text, password);
localStorage.setItem("encrypted",encrypted);
}
</script>
What my code should do
Encrypt a string with AES using CryptoJS; decrypt encrypted text saved in local storage and show the result in a div
What is not working
While the string seems to get encrypted, the variable decrypt is empty. No errors are triggered in the chrome console.
My question
How can I successfully encrypt and decrypt my text?
CryptoJS has two slightly different types of encryption/decryption.
When you use
var encrypted = CryptoJS.AES.encrypt(text, password);
then you're using password-based encryption which is not the same as pure key/IV-based encryption. This means that the password and a randomly generated salt are run through one MD5 invocation to produce the key and IV for the actual encryption. This is an OpenSSL compatible way to encrypt something. The encrypted object stores the random salt which was used to generate the key and IV.
When you force encrypted to be converted to string (like adding it to localStorage), then it is converted into an OpenSSL compatible string encoding which includes the salt. In order to decrypt it again, you don't need to mess around with the key, IV or salt yourself, because CryptoJS automatically does that for you:
var decrypted = CryptoJS.AES.decrypt(encrypted, password);
Keep in mind that decrypted is a WordArray object and when you force it to be converted to string it will encode the contents into Hex by default. If you don't want that then you need to specify the encoding such as UTF-8 yourself.
A blank value is usually returned when the decryption failed for some reason such as wrong key, wrong ciphertext or wrong encoding. CryptoJS won't throw custom error messages, but will try to continue, because you should know what you're doing.
Full code:
var password = "testpassword";
document.getElementById("enc_button").onclick = function(){
var text = document.getElementById("new_note").value;
var encrypted = CryptoJS.AES.encrypt(text, password);
encrypted = encrypted.toString();
var decrypted = CryptoJS.AES.decrypt(encrypted, password);
decrypted = decrypted.toString(CryptoJS.enc.Utf8)
document.getElementById("decrypted").innerHTML = decrypted;
}
<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/aes.js"></script>
<div id="decrypted">Please wait...</div>
Insert new note:<input type="text" id="new_note"><input type="button" id="enc_button" value="Encrypt & Decrypt">
I tired debugging your code by placing the script in try-catch and looks like document.getElementById is returned undefined. This is because the method is being called before the element is being created. The following steps make this work:
Head:
var password = "testpassword";
var encrypted_text = localStorage.getItem("encrypted");
var rawData = atob(encrypted_text);
var iv = rawData.substring(0,16);
var crypttext = rawData.substring(16);
var plaintextArray = CryptoJS.AES.decrypt(
{ ciphertext: CryptoJS.enc.Latin1.parse(crypttext) },
CryptoJS.enc.Hex.parse(password),
{ iv: CryptoJS.enc.Latin1.parse(iv) }
);
var decrypted = CryptoJS.enc.Latin1.stringify(plaintextArray);
function setComponents() {
try {
document.getElementById("decrypted").innerHTML = decrypted;
document.getElementById("enc_button").onclick = function(){
var text = document.getElementById("new_note").value;
var encrypted = CryptoJS.AES.encrypt(text, password);
localStorage.setItem("encrypted",encrypted);
alert(encrypted);
};
} catch(e) {
alert(e);
}
}
Body:
<body onload="setComponents()">
<div id="decrypted">Please wait...</div>
Insert new note:<input type="text" id="new_note"/><input type="button" id="enc_button" value="Save"/>
</body>
For anyone who had the problem while building an api, GO CHECK THE BODY U ARE SENDING TO TEST MAKE SURE THE BODY OBJECT PROPERTIES ARE WELL NAMED xD took me 1h to realize that
You could just check the source code... there are examples.
Any way the easiest way to make it generate key, iv and salt from passphrase,
is the normal way CryptoJS.AES.encrypt("attack at dawn!","passphrase")
But you can set the parameters before by using for example:
CryptoJS.algo.AES.keySize=32
CryptoJS.algo.AES.blockSize=8
CryptoJS.algo.AES.ivSize=16
CryptoJS.algo.EvpKDF.cfg.iterations=100
CryptoJS.algo.EvpKDF.cfg.keySize=32
etc etc
I need to encrypt a sting with javascript using AES CBC no pad, pass the IV and encrypted data as HEX over HTTP, then decrypt with javascript on the server side.
The decryption function works, in that I can correctly decrypt data ecrypted using hurlant AS3 libraries correctly. However, the below encryption is not working - the result cannot be decrypted using the decrypt function, nor can it be decrypted using the hurant demo at: http://crypto.hurlant.com/demo/
Instead of the actual data, I am using "1234" as the message in this example.
I have searched and found no documentation for any of this library or its functions, beyond the quickstart guide which only has trivial cases, so everything is by trial and error. I have tried hundreds of variations of the below.
Example generated IV as Hex: "15ae89d17f632d21f0cda04734d38694"
Example generated encrypte data as HEX: "44ddf295"
Example message: "15ae89d17f632d21f0cda04734d3869444ddf295"
Can anyone see what is wrong in my encrypt() function?
// this function doesnt work - the resultant message (which is
// IV+Ecypted text all as HEX cannot be decrypted.
function encrypt() {
var key = CryptoJS.enc.Hex.parse('48656c6c6f2c20576f726c6421888888');
var IVLEN = 16; // Im guessing this is 16 bytes.
var iv= CryptoJS.lib.WordArray.random(IVLEN);
var encrypted;
var message;
encrypted = CryptoJS.AES.encrypt("1234", key, { iv: iv, padding: CryptoJS.pad.NoPadding, mode: CryptoJS.mode.CBC });
message = CryptoJS.enc.Hex.stringify(iv) + CryptoJS.enc.Hex.stringify(encrypted.ciphertext);
var test = decrypt(message); // throws a malformed UTF-8 exception
alert (test); // should alert "1234"
return message;
}
// this function works perfectly with data generated using HURLANT crypto libs.
function decrypt(data) {
var key = CryptoJS.enc.Hex.parse('48656c6c6f2c20576f726c6421888888');
var ivHexStr, iv;
var encMessageHexStr;
var IVLEN = 32; // This is 16 bytes, as one byte is 2 Hex chars.
var encrypted = {};
var decrypted;
var result;
ivHexStr = data.substring(0,IVLEN);
encMessageHexStr = data.substring(IVLEN);
iv = CryptoJS.enc.Hex.parse(ivHexStr);
encrypted.key = key;
encrypted.iv = iv;
encrypted.ciphertext = CryptoJS.enc.Hex.parse(encMessageHexStr);
decrypted = CryptoJS.AES.decrypt(encrypted, key, { iv: iv, padding: CryptoJS.pad.NoPadding, mode: CryptoJS.mode.CBC });
result = CryptoJS.enc.Utf8.stringify(decrypted);
return(result);
}; //decrypt()
With CBC mode padding is required. Neither CFB or OFB need padding.
CryptoJS supports the following modes:
CBC (the default)
CFB
CTR
OFB
ECB
And CryptoJS supports the following padding schemes:
Pkcs7 (the default)
Iso97971
AnsiX923
Iso10126
ZeroPadding
NoPadding