I have an array of JSON arrays whose values I am trying to encrypt with CryptoJS and then print for use in another file, where these values should be decrypted using a user-given passphrase.
But I am doing something wrong and I am getting "Uncaught Error: Malformed UTF-8 data" when decrypting the URL's.
encrypt.js:
var encrypted = CryptoJS.AES.encrypt(item[key], pass);
json[j] += encrypted.ciphertext.toString(CryptoJS.enc.Base64);
decrypt.js:
var decrypted = CryptoJS.AES.decrypt(item[key], pass);
html += '' + icons[key] + '';
I followed this example... Help, pretty please?
That error message usually means the data wasn't decrypted correctly, and the resulting plaintext bytes don't form valid UTF-8 characters.
A couple things to check:
First, make sure you're using the same password for both encryption and decryption. You may want to keep a hash of the correct password so that you can verify if the user gave the correct password before you use it for decryption.
Second, make sure that the value item[key] is a string before encrypting. CryptoJS can't encrypt JSON objects. You'll have to serialize it first.
Related
I tried using this online tool to decrypt my string and it works perfectly fine, which I want to implement in my React app.
encrypted string: "iPPGVzyogeiPwpro65A0eUaQggN+8+J4mteJdeaEeFiCL4nTGWnI3F16SIjtZBIxsc7WJNlKm0HtZ754aGgzDIPzFaL/aK97"
decrypted string: "http://aac.saavncdn.com/666/487fc075363611f93bb2a8bfc27635f6_96.mp4",
When I'm trying to code this the encrypted string comes out different if I try to encrypt and vice versa
Here is my code:
var encrypted = CryptoJS.DES.encrypt(
"http://aac.saavncdn.com/666/487fc075363611f93bb2a8bfc27635f6_96.mp4",
"38346591"
).toString();
this gives a different output:
U2FsdGVkX18ql9OPbTS4FRRHvl8Tvm7m2Vg5SkUdIM2p9OF6GU0wYmJQoitwGoPlKCx8tTfdcLGNc34V3sgw1EKlCeSYtJ6LFc2BDpdfNOw3XYoadapisA==
var encrypted =
"iPPGVzyogeiPwpro65A0eUaQggN+8+J4mteJdeaEeFiCL4nTGWnI3F16SIjtZBIxsc7WJNlKm0HtZ754aGgzDIPzFaL/aK97";
var decrypted = CryptoJS.DES.decrypt(encrypted, "38346591");
console.log(decrypted.toString());
that's why the decrypt also doesn't work.
Am I missing anything?
I'm trying to decode this AES string: https://cryptopals.com/static/challenge-data/7.txt (from here)
The page simply says it's been AES encrypted in ECB mode using the key YELLOW SUBMARINE.
The Crypto-JS library should be able to decode this. The docs show a simple method, and I'm using it like so:
// message is the base64 data in the link above
// key is: YELLOW SUBMARINE
const decrypted = CryptoJS.AES.decrypt(message, key, {
mode: CryptoJS.mode.ECB
});
return decrypted.toString(CryptoJS.enc.Utf8);
Except then it throws an error on the last line: "Malformed UTF-8 data". I've tried a number of different things including all the different paddings and trying to convert the base64 data to either hex or utf-8 first. It's always that same error.
I'm really at a loss of what I'm doing wrong here.
Here's a stupid simple jsfiddle: https://jsfiddle.net/jg7hwLuk/
The key must be passed to decrypt() as WordArray. This can be achieved with the Utf8 encoder.
The ciphertext can be passed directly as Base64 encoded string and is implicitly converted to a CipherParams object by CryptoJS.
This allows the ciphertext to be decrypted:
var message = "CRIwqt4+szDbqkNY+I0qbDe3LQz0wiw0SuxBQtAM5TDdMbjCMD/venUDW9BLPEXODbk6a48oMbAY6DDZsuLbc0uR9cp9hQ0QQGATyyCESq2NSsvhx5zKlLtzdsnfK5ED5srKjK7Fz4Q38/ttd+stL/9WnDzlJvAo7WBsjI5YJc2gmAYayNfmCW2lhZE/ZLG0CBD2aPw0W417QYb4cAIOW92jYRiJ4PTsBBHDe8o4JwqaUac6rqdi833kbyAOV/Y2RMbN0oDb9Rq8uRHvbrqQJaJieaswEtMkgUt3P5Ttgeh7J+hE6TR0uHot8WzHyAKNbUWHoi/5zcRCUipvVOYLoBZXlNu4qnwoCZRSBgvCwTdz3Cbsp/P2wXB8tiz6l9rL2bLhBt13Qxyhhu0H0+JKj6soSeX5ZD1Rpilp9ncR1tHW8+uurQKyXN4xKeGjaKLOejr2xDIw+aWF7GszU4qJhXBnXTIUUNUfRlwEpS6FZcsMzemQF30ezSJHfpW7DVHzwiLyeiTJRKoVUwo43PXupnJXDmUysCa2nQz/iEwyor6kPekLv1csm1Pa2LZmbA9Ujzz8zb/gFXtQqBAN4zA8/wt0VfoOsEZwcsaLOWUPtF/Ry3VhlKwXE7gGH/bbShAIKQqMqqUkEucZ3HPHAVp7ZCn3Ox6+c5QJ3Uv8V7L7SprofPFN6F+kfDM4zAc59do5twgDoClCbxxG0L19TBGHiYP3CygeY1HLMrX6KqypJfFJW5O9wNIF0qfOC2lWFgwayOwq41xdFSCW0/EBSc7cJw3N06WThrW5LimAOt5L9c7Ik4YIxu0K9JZwAxfcU4ShYu6euYmWLP98+qvRnIrXkePugS9TSOJOHzKUoOcb1/KYd9NZFHEcp58Df6rXFiz9DSq80rR5Kfs+M+Vuq5Z6zY98/SP0A6URIr9NFu+Cs9/gf+q4TRwsOzRMjMQzJL8f7TXPEHH2+qEcpDKz/5pE0cvrgHr63XKu4XbzLCOBz0DoFAw3vkuxGwJq4Cpxkt+eCtxSKUzNtXMn/mbPqPl4NZNJ8yzMqTFSODS4bYTBaN/uQYcOAF3NBYFd5x9TzIAoW6ai13a8h/s9i5FlVRJDe2cetQhArrIVBquF0L0mUXMWNPFKkaQEBsxpMCYh7pp7YlyCNode12k5jY1/lc8jQLQJ+EJHdCdM5t3emRzkPgND4a7ONhoIkUUS2R1oEV1toDj9iDzGVFwOvWyt4GzA9XdxT333JU/n8m+N6hs23MBcZ086kp9rJGVxZ5f80jRz3ZcjU6zWjR9ucRyjbsuVn1t4EJEm6A7KaHm13m0vwN/O4KYTiiY3aO3siayjNrrNBpn1OeLv9UUneLSCdxcUqjRvOrdA5NYv25Hb4wkFCIhC/Y2ze/kNyis6FrXtStcjKC1w9Kg8O25VXB1Fmpu+4nzpbNdJ9LXahF7wjOPXN6dixVKpzwTYjEFDSMaMhaTOTCaqJig97624wv79URbCgsyzwaC7YXRtbTstbFuEFBee3uW7B3xXw72mymM2BS2uPQ5NIwmacbhta8aCRQEGqIZ078YrrOlZIjar3lbTCo5o6nbbDq9bvilirWG/SgWINuc3pWl5CscRcgQQNp7oLBgrSkQkv9AjZYcvisnr89TxjoxBO0Y93jgp4T14LnVwWQVx3l3d6S1wlscidVeaM24E/JtS8k9XAvgSoKCjyiqsawBMzScXCIRCk6nqX8ZaJU3rZ0LeOMTUw6MC4dC+aY9SrCvNQub19mBdtJUwOBOqGdfd5IoqQkaL6DfOkmpnsCs5PuLbGZBVhah5L87IY7r6TB1V7KboXH8PZIYc1zlemMZGU0o7+etxZWHgpdeX6JbJIs3ilAzYqw/Hz65no7eUxcDg1aOaxemuPqnYRGhW6PvjZbwAtfQPlofhB0jTHt5bRlzF17rn9q/6wzlc1ssp2xmeFzXoxffpELABV6+yj3gfQ/bxIB9NWjdZK08RX9rjm9CcBlRQeTZrD67SYQWqRpT5t7zcVDnx1s7ZffLBWm/vXLfPzMaQYEJ4EfoduSutjshXvR+VQRPs2TWcF7OsaE4csedKUGFuo9DYfFIHFDNg+1PyrlWJ0J/X0PduAuCZ+uQSsM/ex/vfXp6Z39ngq4exUXoPtAIqafrDMd8SuAtyEZhyY9V9Lp2qNQDbl6JI39bDz+6pDmjJ2jlnpMCezRK89cG11IqiUWvIPxHjoiT1guH1uk4sQ2Pc1J4zjJNsZgoJDcPBbfss4kAqUJvQyFbzWshhtVeAv3dmgwUENIhNK/erjpgw2BIRayzYw001jAIF5c7rYg38o6x3YdAtU3d3QpuwG5xDfODxzfL3yEKQr48C/KqxI87uGwyg6H5gc2AcLU9JYt5QoDFoC7PFxcE3RVqc7/Um9Js9X9UyriEjftWt86/tEyG7F9tWGxGNEZo3MOydwX/7jtwoxQE5ybFjWndqLp8DV3naLQsh/Fz8JnTYHvOR72vuiw/x5D5PFuXV0aSVvmw5Wnb09q/BowS14WzoHH6ekaWbh78xlypn/L/M+nIIEX1Ol3TaVOqIxvXZ2sjm86xRz0EdoHFfupSekdBULCqptxpFpBshZFvauUH8Ez7wA7wjL65GVlZ0f74U7MJVu9SwsZdgsLmnsQvr5n2ojNNBEv+qKG2wpUYTmWRaRc5EClUNfhzh8iDdHIsl6edOewORRrNiBay1NCzlfz1cj6VlYYQUM9bDEyqrwO400XQNpoFOxo4fxUdd+AHmCBhHbyCR81/C6LQTG2JQBvjykG4pmoqnYPxDyeiCEG+JFHmP1IL+jggdjWhLWQatslrWxuESEl3PEsrAkMF7gt0dBLgnWsc1cmzntG1rlXVi/Hs2TAU3RxEmMSWDFubSivLWSqZj/XfGWwVpP6fsnsfxpY3d3h/fTxDu7U8GddaFRQhJ+0ZOdx6nRJUW3u6xnhH3mYVRk88EMtpEpKrSIWfXphgDUPZ0f4agRzehkn9vtzCmNjFnQb0/shnqTh4Mo/8oommbsBTUKPYS7/1oQCi12QABjJDt+LyUan+4iwvCi0k0IUIHvk21381vC0ixYDZxzY64+xx/RNID+iplgzq9PDZgjc8L7jMg+2+mrxPS56e71m5E2zufZ4d+nFjIg+dHD/ShNPzVpXizRVUERztLuak8Asah3/yvwOrH1mKEMMGC1/6qfvZUgFLJH5V0Ep0n2K/Fbs0VljENIN8cjkCKdG8aBnefEhITdV7CVjXcivQ6efkbOQCfkfcwWpaBFC8tD/zebXFE+JshW16D4EWXMnSm/9HcGwHvtlAj04rwrZ5tRvAgf1IR83kqqiTvqfENcj7ddCFwtNZrQK7EJhgB5Tr1tBFcb9InPRtS3KYteYHl3HWR9t8E2YGE8IGrS1sQibxaK/C0kKbqIrKpnpwtoOLsZPNbPw6K2jpko9NeZAx7PYFmamR4D50KtzgELQcaEsi5aCztMg7fp1mK6ijyMKIRKwNKIYHagRRVLNgQLg/WTKzGVbWwq6kQaQyArwQCUXo4uRtyzGMaKbTG4dns1OFB1g7NCiPb6s1lv0/lHFAF6HwoYV/FPSL/pirxyDSBb/FRRA3PIfmvGfMUGFVWlyS7+O73l5oIJHxuaJrR4EenzAu4Avpa5d+VuiYbM10aLaVegVPvFn4pCP4U/Nbbw4OTCFX2HKmWEiVBB0O3J9xwXWpxN1Vr5CDi75FqNhxYCjgSJzWOUD34Y1dAfcj57VINmQVEWyc8Tch8vg9MnHGCOfOjRqp0VGyAS15AVD2QS1V6fhRimJSVyT6QuGb8tKRsl2N+a2Xze36vgMhw7XK7zh//jC2H";
var key = "YELLOW SUBMARINE";
const decrypted = CryptoJS.AES.decrypt(message, CryptoJS.enc.Utf8.parse(key), {
mode: CryptoJS.mode.ECB
});
document.getElementById("pt").innerHTML = decrypted.toString(CryptoJS.enc.Utf8);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
<p style="font-family:'Courier New', monospace;" id="pt"></p>
I'm attempting to using CryptoJS to decrypt a string, provided a 64 character string from SiteMinder.
The decrypted string looks like:
8yi6XwyLPZq%2FNjV9fmoyHYtC2UUS48KlpPLMl063gPwDDLJYkLeUFAwC8hTcXrPJkShbjJTShlLUoh2y17kwOA%3D%3D
And the key provided to me is a 64-character Hex string, like so: B55E3CE5E4E335D61E3224B2EAAA79E68AFF43FFAAA85A9D4F2BA07618DF2D67
After the information is decrypted, it should present a string that shows something like:
term1;term2
The JavaScript code I am using to decrypt with CryptoJS looks like:
CryptoJS.AES.decrypt(
encryptedValue,
64CharacterKeyProvidedAbove
).toString();
However, the decrypted value isn't coming back as expected. I've read some information about providing an IV to use a pre-defined key, but I don't have any information, only the key used when SiteMinder encrypts information from the database it is connected to.
Do I need to change the way I'm using CryptoJS?
Assuming you mean encrypted string looks like 8yi6XwyLPZq%2FNjV9fmoyHYtC2UUS48KlpPLMl063gPwDDLJYkLeUFAwC8hTcXrPJkShbjJTShlLUoh2y17kwOA%3D%3D.
And given that encryption is AES256/CBC/PKCS7.
We can make these observations:
The string looks URL-encoded and Base64-encoded (%3D is =, and Base64 often ends with =)
There is no IV which is required for CBC, so it is probably in the first 16 bytes of the encoded string. The remainder of the string is probably the ciphertext
So we can decrypt it with CryptoJS like this:
var encrypted = CryptoJS.enc.Base64.parse(decodeURIComponent(encryptedStr));
var key = CryptoJS.enc.Hex.parse(hexKey);
var iv = CryptoJS.enc.Hex.parse(CryptoJS.enc.Hex.stringify(encrypted).substr(0, 32));
var ciphertext = CryptoJS.enc.Hex.parse(CryptoJS.enc.Hex.stringify(encrypted).substr(32));
var plaintext = CryptoJS.AES.decrypt({ciphertext: ciphertext}, key, {iv: iv});
Here's a working DEMO on jsFiddle.
Result:
SERLOGINNAME=T6ATD1F;password=QWERTY!8;
I'm trying to create a google script that generates a HMAC signature using SHA512 for authentication to an API. Here is the code I'm using:
var SystemTimeMilli = Date.now()
var InputString = ('Some Text' + '\n' + SystemTimeMilli);
var PrivateKey = 'bEDtDJnW0y/Ll4YZitxb+D5sTNnEpQKH67EJRCmQCqN9cvGiB8+IHzB7HjsOs3mSlxLmu4aiPDRpe9anuWzylw==' //sample private key
var signature = Utilities.base64Encode(Utilities.computeHmacSignature(Utilities.MacAlgorithm.HMAC_SHA_512, InputString, PrivateKey, Utilities.Charset.UTF_8));
Logger.log(signature);
This generates a string to the log but when compared to results using web based hash generators the results differ.
However if I use
var InputString = ('Some Text' + SystemTimeMilli);
without the \n the results generated in my Google Script and the web based hash generators match.
So I'm assuming the way Google Script is handling the new line is different to the web base generators but I can't figure out how to get them match or which one is the correct result.
EDIT
To add some further information:
Lets say SystemTimeMilli = 1234567890123
When I enter ('Some Text' + SystemTimeMilli) into my script using
bEDtDJnW0y/Ll4YZitxb+D5sTNnEpQKH67EJRCmQCqN9cvGiB8+IHzB7HjsOs3mSlxLmu4aiPDRpe9anuWzylw== as the PrivateKey
I get
oDVJk38b634G9Ykdqm+hVmSb5C8h6/re5/XG+MjyddTKygWcoZjWu0DfNGY/JWu5Be41zLDKfEZnuFcACrvs7w== returned.
Which is the same if I enter /account/balance1234567890123 into https://quickhash.com using SHA-512 (SHA2) as the Algorithm and Base64 Encoding as the Output Format.
However if I enter ('Some Text' + '\n' + SystemTimeMilli) in my script it returns 3sj1jbx1tQ4nc8XOkk3nW8TvG5zvCam2LN51fQWDXOKU5O/1KBAdzdp+YV+aAdYHWCY2x3jqCfbXKoOmfoD0KA==
But using
/account/balance
1234567890123
in quickhash.com returns something different. I've tried a whole bunch of different combinations but I never get the same result as my script.
I having trouble with getting my script to authenticate to the API so I really want to determine if I'm getting the correct HMAC to begin with.
I have a php function that generates an RC4 encrypted string. I would like to decode that string using Node - ideally using the built in Crypto module. But I am unable to do so - I just get a blank string.
The PHP code is here http://code.google.com/p/rc4crypt/
My JS code is
crypto = require('crypto');
decipher = crypto.createDecipher("rc4", "MY SECRET KEY");
text = "HELLO";
decrypted = decipher.update(text, "utf8", "hex");
decrypted += decipher.final("hex");
console.log(decrypted);
I don't get any output. I have checked that my OpenSSL implementation has RC4 using openssl list-message-digest-algorithms
I am on OSX 10.8, latest node.
I am open to using another module to decrypt - I tried the cryptojs module but did not figure out how to make it work - gave me errors when I tried RC4.
Thanks
Figured it out
First one must use crypto.createDecipheriv otherwise the key is - I believe - md5 hashed instead of used raw.
Secondly the input encoding mut be set to binary.
Third - in my case I was dealing with POST data instead of a hardcoded string and I had to urldecode it - decodeURIComponent() jsut choked - but unescape() with removal of + signs did the trick ex:
var text = unescape((response.post.myvar + '').replace(/\+/g, '%20'))
var crypto = require('crypto');
decipher = crypto.createDecipheriv("rc4", key, '');
decrypted = decipher.update(text, "binary", "utf8");
decrypted += decipher.final("utf8");
console.log(decrypted);