4

I'm quite new to Node and have run into an issue with the encryption object:

var des3_key = new Buffer("redacted", "base64"); // copied from key in chilk
var des3_iv = new Buffer("alsoredacted", "base64"); // copied from iv in chilk
var des3_encryption = crypto.createCipheriv("des3", des3_key, des3_iv);
// encode a string
var string_to_encode = "thisisatest";
var ciphered_string = des3_encryption.update(string_to_encode, "utf8", "base64");
console.log(string_to_encode+" "+ciphered_string);

Both in the Node console and when running on the server, line 6 causes an error node-crypto: Invalid IV length 32 instead of returning an encryption object, as expected.

The key and IV I've removed and their encryption types are copied from another file but for the sake of testing I have tried various strings and encryption types but still get the same error, though with different lengths in the error.

My knowledge of encryption is limited to what I've used previously and not much else unfortunately, and I'm having trouble finding troubleshooting resources for Node in this regard. Any help would be appreciated.

Edit: Experimenting with des and des3 yields the same result.

Frakcool
  • 10,915
  • 9
  • 50
  • 89
Gavin
  • 2,214
  • 2
  • 18
  • 26
  • It may be that your other software is more lenient in what it accepts for key and IV. For 3DES, the keys should be either 128 bit or 192 bits in size (including parity bits), and the IV should be 64 bit. Anything else *should* be rejected. But for instance PHP's mcrypt lib simply adds zero's or cuts off the bits if there are too many. – Maarten Bodewes Jun 24 '14 at 23:56
  • I've tried using: var ivbuf = new Buffer(64) ivbuf.fill(0); ivbuf.write("redacted", 0, 64, "base64"); var des3_encryption = crypto.createCipheriv("des3", keybuf, ivbuf); But now get error `node-crypto : Invalid IV length 64` when trying to create the cipher. The padding might be wrong on the above but the length should be correct. – Gavin Jun 25 '14 at 09:48
  • Instead of adding the solution to your question, you should post it as an answer. [Answering your own question](http://stackoverflow.com/help/self-answer) is encouraged at SO! – Useless Code Jul 15 '15 at 04:22

1 Answers1

3

From OP's edit:

SOLVED:

Working code:

var string_to_decode = "encrypted string";
var des_key = new Buffer("key string", "base64");
var des_iv = new Buffer(0);
var des_decryption = Crypto.createDecipheriv("DES-EDE3", des_key, des_iv);
var deciphered_string = des_decryption.update(string_to_decode, "base64", "utf8");
    console.log("["+string_to_decode+"] => ["+deciphered_string+"]");

I found this by making a script to guess combinations of key and IV lengths, and encryption types and methods, and encoding types until it resulted in the correct string. It was a last resort but it worked.

Frakcool
  • 10,915
  • 9
  • 50
  • 89