1

my code:

function AesDecrypt(word, keyIn) {
  let decrypt = CryptoJS.AES.decrypt(word, keyIn, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
  });
  return decrypt.toString(CryptoJS.enc.Utf8);
}

function AesEncrypt(word, keyIn) {
  let encrypted = CryptoJS.AES.encrypt(word, keyIn, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
  });
  return encrypted.toString();
}

when using:

let msg = {
  'OS': 'iOS'
}
msg = JSON.stringify(msg)
let key = 'FE7A45426AFF5D14E52897E134F5CC33'
const aes_msg = AesEncrypt(msg, key)
 # U2FsdGVkX1/QZRpRuRajXR7UdoXxxYR/lcyoYItxTrI=
const msg_d = AesDecrypt(aes_msg, key)
 # {"OS":"iOS"}

as above, problem solved but it conflicts with online-AES. i do ont know how and where it goes wrong.

light
  • 11
  • 3
  • The posted code uses the built-in key derivation, which applies AES-256 _by default_. Maybe the use of the key derivation is not intended, and the key should be used _directly_ instead. In this case the key is to be passed as `WordArray` and not as string. If the key is used directly, the key size determines the AES variant (e.g. a 32 bytes key means AES-256). – Topaco Feb 19 '22 at 09:12
  • @Topaco Thanks for your perfect answer! I tried using WordArray and got result equals to aes-128, since my key is 32 hex num which is 16 bytes. But when i use string the encryption and decryption went wrong: the encrypt result is random and decrypt result is null. So it still confused for me to get aes-256 result using my key. Could you please give me some advice? : ) – light Feb 19 '22 at 10:04
  • The random encryption is intentional (and results as a consequence of a random salt for each encryption). The other side determines the applied key using the password and the salt with the key derivation and can use it to perform the decryption. To do this, of course, the other side must _implement this logic_. Therefore, to answer why decryption fails, you need to edit your question and post the relevant details of your decryption, i.e. most helpfully the decryption code. – Topaco Feb 19 '22 at 10:36
  • @Topaco The question has been edited. Sincerely thank you for your patience!!! – light Feb 19 '22 at 11:11
  • (1) You must call `AesEncrypt()` and not `CryptoJS.AesEncrypt()`. The same is true for `AesDecrypt()`. (2) In `AESEncrypt()`, `encrypted.toString()` must be returned. (3) In `AesDecrypt()`, `word` must be used instead of `srcs` in the `decrypt()` call (i.e. `encryptedHexStr` and `srcs` can be removed). (4) Note that the built-in key derivation of CryptoJS is insecure, as is ECB mode. – Topaco Feb 19 '22 at 11:41
  • @Topaco i've updated my code in question by your friendly advice (2) and (3). Since the 2 codes are in different files and my inaccurate description in question, advice(1) problem is non-exist in fact. Now i can correctly encrypt and decrypt my data by using the 2 functions. But the encrypt result can not be decrypted by online-AES-decryption and my decrypt function also can not decrypt online-AES-encryption, whether 128, 192, or 256. Is something wrong?TT – light Feb 19 '22 at 12:17
  • You didn't specify the online site, but it almost certainly doesn't use the CryptoJS key derivation. This derivation is not standard, but rather a proprietary OpenSSL function (`EVP_BytesToKey()`) adopted by CryptoJS for OpenSSL compatibility. Why do you use that key derivation at all if you work with tools that apply the key _directly_? – Topaco Feb 19 '22 at 12:33
  • @Topaco my original intention is finding aes-ecb-256 encryption and decryption using JavaScript. Then i found CryptoJs by npm, but i got aes-128 result by using my key( `WordArray` ) which composed of 32 hex num. So i go here for help. ; ) – light Feb 19 '22 at 12:51
  • Before you implement a code, you need to clarify two things. (1) Is FE...33 a key or a password? (2) If it is a key, should it be hex decoded (resulting in a 16 bytes key and thus AES-128) or UTF-8 encoded (resulting in a 32 bytes key and thus AES-256)? The implementation depends on the answer to these questions. – Topaco Feb 19 '22 at 12:58
  • @Topaco Sincerely thank you for giving advice for my stupid question, wish you happiness!!: ) – light Feb 19 '22 at 13:10

0 Answers0