securitybites/crypto-js

AES Decryption not working

GoogleCodeExporter opened this issue · 6 comments

GoogleCodeExporter commented 
Below is my javascript code

var key64 = "avIPFtMr6mYhQ2OD3vyHrg=="; // Base64 encoded key generated via 
aes.random_key ruby

var data = "xE1E9BKoUM00zxcjns8eBQ=="; //actual data : SOME DATA

var decrypted = CryptoJS.AES.decrypt({
    ciphertext: CryptoJS.enc.Base64.parse(data)
}, CryptoJS.enc.Base64.parse(key64));
console.log('Text: ', CryptoJS.enc.Latin1.stringify(decrypted));

Expected output is "SOME DATA"

I m using latest aes build

This key and data decrypts in PHP but for some reason not working in javascript 
console. Is their something wrong that i m doing here.

Original issue reported on code.google.com by poojari....@gmail.com on 7 Aug 2013 at 6:00

GoogleCodeExporter commented 
Where's the IV? What mode were you expecting to use? CryptoJS's default is CBC. 
What padding scheme were you expecting to use? CryptoJS's default is PKCS7.

Original comment by Jeff.Mott.OR on 7 Aug 2013 at 6:15

GoogleCodeExporter commented 
Thanks for quick reply

Frankly i m quite naive. Below is the ruby code used to generate those

def getkey

  aes = OpenSSL::Cipher::Cipher.new('AES-128-CBC') 
  aes.encrypt
  key = aes.random_key

  session[:key] = key

  render :json => {:mkey => Base64.encode64(key).gsub(/\n/, '')}
end

def getdata
    js = "SOME DATA"

    aes = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
    aes.encrypt
    aes.key = session[:key]
    encrypted = aes.update(js) + aes.final

    encrypted = Base64.encode64(encrypted).gsub(/\n/, '')

    render :json => {:data => encrypted}
end

getkey generates key and getdata encrypts data

By default im using CBC mode and 128 bit

Original comment by poojari....@gmail.com on 7 Aug 2013 at 6:19

GoogleCodeExporter commented 
I think ruby OpenSSL::Cipher applies PKCS#5 padding by default.

Original comment by poojari....@gmail.com on 7 Aug 2013 at 6:41

GoogleCodeExporter commented 
The Ruby documentation seems to indicate that when an IV isn't provided, then 
it uses an all-zero IV. That's probably not the behavior you want, but 
nonetheless if you wanted to replicate it in JS...

var decrypted = CryptoJS.AES.decrypt({
    ciphertext: CryptoJS.enc.Base64.parse(data)
}, CryptoJS.enc.Base64.parse(key64),
{ iv: CryptoJS.enc.Hex.parse('00000000000000000000000000000000') });

Original comment by Jeff.Mott.OR on 7 Aug 2013 at 7:16

GoogleCodeExporter commented 
Thank you for helping me out, it worked.

Greatly appreciated, where you could have easily disregarded this as not 
cryptojs bug you helped me sort it.

Original comment by poojari....@gmail.com on 8 Aug 2013 at 2:42

GoogleCodeExporter commented

Original comment by Jeff.Mott.OR on 13 Aug 2013 at 6:49

  • Changed state: Invalid