5

I am trying to encrypt something in JavaScript using the google's https://code.google.com/p/crypto-js/#AES exactly as it is if the example. The problem is that where I am trying to decrypt it in Java the result is way different. The only difference that I can see is the padding (CryptoJs uses Pkcs7 whereas java uses Pkcs5) after reading a bit I realized that Pkcs7 and Pkcs5 are basically the same.

Here is a sample of the code that i do the encryption in Javascript:

var crypto = require('./aes.js');
var login = 'ABCD';
var key = crypto.CryptoJS.enc.Hex.parse('0123456789012345');
var ive  = crypto.CryptoJS.enc.Hex.parse('0123456789012345');

var encrypted = crypto.CryptoJS.AES.encrypt(login, key, {iv: ive});
console.log('encrypted msg = ' + encrypted)

This is the code that I am using in Java to decrypt it:

public String decrypt(byte[] cipherText) throws Exception {

    String psk = "0123456789012345";
    String iv = "0123456789012345";
    try {
        String encryptionKey = psk;
        final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "SunJCE");
        final SecretKeySpec key = new SecretKeySpec(encryptionKey.getBytes(UTF8), "AES");
        cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv.getBytes(UTF8)));
        return new String(cipher.doFinal(cipherText), UTF8);
    } catch (BadPaddingException | IllegalBlockSizeException | UnsupportedEncodingException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | NoSuchProviderException ex) {
        LOG.log(Level.SEVERE, ex.getMessage(), ex);
        throw new Exception(ex.getMessage());
    }
}

Do you have any idea why it fails that bad? Is it a different algorithm or do I fail somewhere else?

Improve this question

2 Answers 2

Reset to default
6

You're not using the same key and IV in CryptoJS and Java. The key and IV in the CryptoJS are too short to be valid, because you're parsing a 16 character string as Hex which results in only 8 bytes, but AES supports only key sizes of 128, 192 and 256 bit.

Use 

var key = crypto.CryptoJS.enc.Utf8.parse('0123456789012345');
var ive  = crypto.CryptoJS.enc.Utf8.parse('0123456789012345');

Other considerations:

  • Always use a random IV. Since it doesn't have to be secret, you can prepend it to the ciphertext or send it along in another way.

  • Authenticate the ciphertexts with HMAC or use and authenticated mode like GCM to prevent some attacks such as padding oracle attack.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

That is a good point there. Still though the problem still exists. I have the java algorithm that encrypts the string ABCD with the same settings as the one that I posted earlier that does the decryption. The strange thing is the the result of Java encryption is the byte array with the following bytes: 534A5782E4AB47B71C4DC7AFB5A64F5C The encrypted string from CryptoJS is U0pXguSrR7ccTcevtaZPXA==
You haven't shown the part of your code where you're parsing the result from CryptoJS. Note that one is hex encoded and the other Base64 encoded. It's quite easy to spot the difference without actually looking at the documentation or source code.
Using enc.Utf8.parse the javascript is genearating "=U0pXguSrR7ccTcevtaZPXA==" but can't make of it a multiple of 16 as required by the java method. Anyone may help ?
ok: You should add how to effectively decrypt the generated code: decrypt(new Base64().decode("U0pXguSrR7ccTcevtaZPXA".getBytes()))) removing leading and trailing "=" since it is not obvious. (apache common base64 is used here)
@user1767316 I don't know how you generated your "=U0pXguSrR7ccTcevtaZPXA==" and what it is supposed to be. You should ask a new question with all the details. Stack Overflow is not a forum.
2

Ok, I found the problem. Instead of passing as a parameter the encrypted I should pass encrypted.ciphertext. I now works perfect.

Improve this answer

1 Comment

how do you pass ciphertext to backend ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.