2

I have encrypted in flutter using dart library encrypt. Below is the code sample:

  import 'package:encrypt/encrypt.dart' as enc;
  final key = enc.Key.fromUtf8('Thisisasamplekeythatamusinginmyc'); //32 chars
  final iv = enc.IV.fromUtf8('thisismysampleiv');//16 chars

  String encryptMyData(String text) {
  final e = enc.Encrypter(enc.AES(key));
  final encrypted_data = e.encrypt(text, iv: iv);
  return encrypted_data.base64;
  }

I am able to encrypt but the issue arises when I try to decrypt the code using this code in JavaScript, using Crypto-JS:

const cryptkey = CryptoJS.enc.Utf8.parse('Thisisasamplekeythatamusinginmyc');
const crypted = CryptoJS.enc.Base64.parse("fdsUYHdv/5PoJSoZGwWppw==");

var decrypt = CryptoJS.AES.decrypt({ciphertext: crypted}, cryptkey, {
    iv: CryptoJS.enc.Hex.parse('thisismysampleiv'),
    mode: CryptoJS.mode.CBC,
    padding: CryptoJS.pad.Pkcs7
});

console.log(decrypt.toString(CryptoJS.enc.Utf8));

The problem is that it always returns an empty string, even using the AES.js library.

I have looked at this answer but same issue exists.

Improve this question
6
  • The plaintext to your sample data is missing. Commented Feb 14, 2022 at 21:44
  • That can be anything, any text you use. the function is encryptMyData("Sample Text") Commented Feb 14, 2022 at 21:46
  • The posted Dart code does not return the ciphertext Ck4F8zbx79xebKbsdPKtsg== for the plaintext Sample Text when using the key Thisisasamplekeythatamusinginmyc and the IV thisismysampleiv. Check this again. Commented Feb 14, 2022 at 22:08
  • No this is just text sample data. Whatever it returns, how do i decrypt it in javascript that is my question. Thank you @Topaco Commented Feb 14, 2022 at 22:28
  • 1
    You make it unnecessarily difficult to answer the question. How is the reader supposed to know that the test data is inconsistent? Please post valid and complete test data! Commented Feb 14, 2022 at 22:38

1 Answer 1

Reset to default
4

The CryptoJS code is incomaptible because the IV is decoded incorrectly. Instead of the Hex encoder, the Utf8 encoder must be used.
Also, the encrypt library applies the CTR mode by default. Therefore, in the CryptoJS code the CTR mode must be used instead of the CBC mode:

const cryptkey = CryptoJS.enc.Utf8.parse('Thisisasamplekeythatamusinginmyc');
const cryptiv = CryptoJS.enc.Utf8.parse('thisismysampleiv')

// Decryption 
const crypted = CryptoJS.enc.Base64.parse("fdsUYHdv/5PoJSoZGwWppw==");
var decrypt = CryptoJS.AES.decrypt({ciphertext: crypted}, cryptkey, {
    iv: cryptiv,
    mode: CryptoJS.mode.CTR
});
console.log(decrypt.toString(CryptoJS.enc.Utf8));

// Encryption
var encrypt = CryptoJS.AES.encrypt("Sample Text", cryptkey, {
    iv: cryptiv,
    mode: CryptoJS.mode.CTR
});
console.log(encrypt.toString())
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>

Usually no padding is used for a stream cipher mode like CTR. Note that both libraries apply PKCS#7 padding by default and do not automatically disable it for a stream cipher mode. Therefore, the padding should be explicitly disabled on both sides (with padding: null on the Dart side and padding: CryptoJS.pad.NoPadding on the CryptoJS side).
Alternatively, a block cipher mode like CBC can be used on both sides. Then, padding must be applied (e.g. PKCS#7).

If a static IV is used beyond testing and a password for the key: Then, for security reasons, a key derivation function such as PBKDF2 should be applied. Also, for each encryption, a random IV should be generated, which is passed to the other side along with the ciphertext (typically concatenated).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Wish i could upvote twice. Thanx @Tapaco. Any chance you could add how to encrypt sample using the same keys. Thank You once again
@vinshaba - Sure. I have added the encryption.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.