1

I am integrating a payment gateway for my node.js project. They have integration kit in python and i don't have much experience in it. I ported their change from python to javascript. Is this correct ?

Python code:

def encrypt(plainText,workingKey):
        iv = 'hello'
        encDigest = md5.new ()
        encDigest.update(workingKey)
        enc_cipher = AES.new(encDigest.digest(), AES.MODE_CBC, iv)
        encryptedText = enc_cipher.encrypt(plainText).encode('hex')
        return encryptedText

Ported Code (Node.js):

function encrypt(plainText, workingKey){
    var iv = 'hello';
    var encDigest   = crypto.createHash('md5');
    encDigest.update(workingKey);
    var enc_cipher = crypto.createCipheriv('aes-256-cbc', encDigest, iv);
    var encryptedText = enc_cipher.encrypt(plainText).encode('hex');
    return encryptedText;

}
Improve this question
3
  • It looks identical but some concerns: md5 shouldn't be used in security applications IMO. And I'm not sure whether the iv should not be a static value... like, payment is something very sensitive; Commented May 9, 2014 at 8:46
  • 1
    IV should NEVER be static, actually should be as random as possible and should change for each encryption. Of course to decrypt, you should use the same IV used for encryption. After encryption it can be made public, without impacting security. Usually it is prefixed to the ciphertext. Commented May 9, 2014 at 8:55
  • Have you tried random testing to see if you get identical ciphertext output from the python and js versions? Commented May 9, 2014 at 8:58

1 Answer 1

Reset to default
1

Is it not working? The only possible issue I can see is async vs sync. For example the var encDigest = crypto.createHash('md5'); may not be resolved when encDigest.update(workingKey); gets fired.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.