1

I have encrypted the response from the server using Laravel encrypter.

I'm using Laravel 5.8

use Illuminate\Encryption\Encrypter;
....
$key = "ls1KlnDpyl2ZJT0vdNX1tNygAftBlgah";
$value = "secret";
$encrypter = new Encrypter($key, 'AES-256-CBC');
$encrypt = $encrypter->encryptString($value);
return response()->json([
           'payload' => $encrypt
       ], 200);

My question is, how to decrypt it in javascript client ? or how to encrypt decrypt in javascript if i want to use Laravel encrypter for read it.

Improve this question
4
  • 2
    I don't think that's going to be possible. You should make a new function or file, and use Ajax to make a request and retrieve the unencrypted content. Or why do you need to encrypt in laravel and decrypt in JS? Commented Jul 10, 2019 at 4:52
  • 1
    To decrypt, you also need to place the secret key on the client. This would destroy the security and the purpose of the encryption. Commented Jul 10, 2019 at 5:41
  • @odan Not unless you have the user enter the secret key client side & it never goes over the wire. Not ideal but not a major flaw. Commented Jul 10, 2019 at 7:01
  • Thank you for commented, for decrypt i've successfully. I can't encrypt in JavaScript with the standard Laravel encrypter Commented Jul 10, 2019 at 9:32

2 Answers 2

Reset to default
1

I have found a way to decrypt it. But without validation

Example code :


<script src="https://cdn.jsdelivr.net/npm/[email protected]/base64.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>

<script>

function decrypt(){

  // key set on the server when encrypt using Laravel encrypter
  var key = "ls1KlnDpyl2ZJT0vdNX1tNygAftBlgah";

  // response from server
  var encrypted = "eyJpdiI6IjN2UmswOFVOd0lncHh4cCszbThnc1E9PSIsInZhbHVlIjoiMllmZ0dHTCtmejg0VFV1dVlFZVNhQT09IiwibWFjIjoiYzliODBkYTUzMDlmODEwMjJlY2Y2ZDhmN2UwM2NkN2FjYTc3OThjOTA3NTAyYTIxMDM3MjE5NDY2NTlhY2RjMSJ9";

  var encrypted_json  = JSON.parse(Base64.decode(encrypted));

  // {"iv":"3vRk08UNwIgpxxp+3m8gsQ==","value":"2YfgGGL+fz84TUuuYEeSaA==","mac":"c9b80da5309f81022ecf6d8f7e03cd7aca7798c907502a2103721946659acdc1"}

  var decrypted = CryptoJS.AES.decrypt(encrypted_json.value, CryptoJS.enc.Base64.parse(Base64.encode(key)),{
                     iv: CryptoJS.enc.Base64.parse(encrypted_json.iv),
                     mode: CryptoJS.mode.CBC
                  });
  console.log('decripted : ' + decrypted.toString(CryptoJS.enc.Utf8));

}


</script>

And now, how to encrypt in javascript and i can read it in server with Laravel encrypter ?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If you have a new question, please post it as a new question. Don't hide questions in your answer
1

You should not use Laravel APP_KEY(var key in your case) on the frontend side. NEVER! Laravel uses APP_KEY to encrypt everything including cookies (Session cookie and csrf cookie).

Your application could be hacked if it's in your HTML code! To answer your question a bit: use Crypt::decrypt($encrypted) on the server-side of your application (within Laravel).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.