2

I have a code in Asp.net that encrypts a string with TripleDES algorithm in EBC mode and other settings. and uses a key which is encrypted using Base64. I have to write this code in meteor (javascript). Therefore I used the CryptoJs library but the results are not the same. Here is the Asp.net code:

var str;
var key;

var dataBytes = Encoding.UTF8.GetBytes(str);
var symmetric = SymmetricAlgorithm.Create(“TripleDes”);
symmetric.Mode = CipherMode.ECB;
symmetric.Padding = PaddingMode.PKCS7;

var encryptor = symmetric.CreateEncryptor(Convert.FromBase64String(key), new byte[8]);

enc = Convert.ToBase64String(encryptor.TransformFinalBlock(dataBytes, 0, dataBytes.Length));

and its my code:

var key = "helloooooooooooooooooooooooooooo";
var str = "24000615;251985;1000" ;
var dataBytes = CryptoJS.enc.Utf8.parse(str);

var key = CryptoJS.enc.Base64.parse(key);

var encrypted = CryptoJS.DES.encrypt(dataBytes, key , {
 mode: CryptoJS.mode.ECB,
 padding: CryptoJS.pad.Pkcs7,
});
var enc = encrypted.ciphertext.toString(CryptoJS.enc.Base64);

in the first code if I set the variables as bellow:

key = "helloooooooooooooooooooooooooooo" and str = "24000615;251985;1000".

the encrypted text value will be: enc = ORwbhqYfUAngc0KZf63XXO3NLToIHXXk

but in my code the encrypted value will be: enc= "inalvFtdhxelvdwnUxILMZhQwZahVsO4" which are not the same. I do not know why this happens.

goli
  • 21
  • 2
  • Where does `Key` come from (second line of your code, in `.parse(Key)` )? Since it's written with uppercase K, I suppose it is another variable. Is that correct? – Jankapunkt Sep 09 '18 at 06:35
  • it's just a mistake when I copy the code here. Key has the value ="helloooooooooooooooooooooooooooo". in face the key is encrypted by base64 that i must decode it and then use it to encrypt the string. but here just as an example i set its value "helloooooooooooooooooooooooooooo". – goli Sep 11 '18 at 05:46
  • Insecure algorithm in an insecure mode. Be very wary of CryptoJS: you will see lots of people all over StackOverflow who have trouble making it interoperating with other libraries. The API blurs the definition between key and password, and it uses an insecure algorithm to convert passwords to keys. – TheGreatContini Sep 11 '18 at 09:09
  • Excuse me. Do you mean that I test another library instead of Cryptojs? – goli Sep 11 '18 at 10:27

0 Answers0