0

I'm trying to decrypt passwords from membership framework in a node.js app.

They are able to be decrypted as I get get the plaintext version from the membership framework User.GetPassword().

I've tried the following, but this doesn't work:

let encryptedPassword = 'LqOz9My...';
let passwordSalt = 'JQ2...';
let validationKey = '0123456789ABCEF';
let decryptionKey = '0123456789ABCEF';
var algorithm = 'aes128';

var decipher = crypto.createDecipher(algorithm, decryptionKey);
var decryptedPassword = decipher.update(encryptedPassword, 'utf8', 'utf8') + decipher.final('utf8');
Improve this question
3
  • you're only encrypting passwords? >< Commented Nov 16, 2016 at 18:03
  • and what do you mean by "it doesn't work?" meaning you're taking the encrypted password in your membership tables, running it through the decryption, then comparing that to User.GetPassword()? Commented Nov 16, 2016 at 18:05
  • @Kritner - exactly. I know what the plain-text version of the password should be. I think need to use the salt somehow. I've tried crypto.createDecipheriv, but my salt length seems to be invalid Commented Nov 16, 2016 at 18:17

1 Answer 1

Reset to default
1

Here's the solution:

let salt = '<my base64 salt>';
let saltBuffer = Buffer.from(salt, 'base64'); // 16 bytes
let decryptionKey = '<my hex decryption key>';
let decryptionKeyBuffer = Buffer.from(decryptionKey, 'hex');  // 24 bytes
var algorithm = 'aes192';
let encryptedPassword = '<my base64 encoded, encrypted string>';

var decipher = crypto.createDecipheriv(algorithm, decryptionKeyBuffer, saltBuffer);
decipher.setAutoPadding(false);
var dec = decipher.update(encryptedPassword, 'base64', 'utf8');
dec += decipher.final('utf8');
console.log(dec);

The problem was that I was using the wrong encoding and wrong encryption. Here's how I figured it out.

Encryption

You can easily determine the encryption algorithm type via the length of your decryption key. In my case, once I converted the key to a Buffer, the length was 24, and because 24 * 8 = 192, my algo was aes192;

Encoding

In my original example, I had the encoding of the encrypted password as utf8. The encoding actually was base64. Not sure how to determine this other than trying the various accepted params.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.