AES encryption/decryption in javascript using CryptoJS

Anthracene

I am trying to send AES encrypted messages between javascript and php using a shared secret. In Javascript, I am using the CryptoJS library. In php, I am using mycrypt. I am trying to construct an encrypted message in javascript and then decrypt it in php using a shared key. I can encrypt and decrypt messages with Javascript. I can encrypt and decrypt the same message in php - but the encryption is not the same between the two.

Javascript

var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase");
alert(encrypted);

give

U2FsdGVkX18 + k3pba4l4MbGZfmDjMc1yQ6uj1fg + BGo =

in PHP

<?php
$Pass = "Secret Passphrase";
$Clear = "Message";

$crypted = fnEncrypt($Clear, $Pass);
echo "Encrypted: ".$crypted."</br>";

$newClear = fnDecrypt($crypted, $Pass);
echo "Decrypted: ".$newClear."</br>";

function fnEncrypt($sValue, $sSecretKey) {
return rtrim(
        base64_encode(
                mcrypt_encrypt(
                        MCRYPT_RIJNDAEL_256,
                        $sSecretKey, $sValue,
                        MCRYPT_MODE_ECB,
                        mcrypt_create_iv(
                                mcrypt_get_iv_size(
                                        MCRYPT_RIJNDAEL_256,
                                        MCRYPT_MODE_ECB
                                ),
                                MCRYPT_RAND
                        )
                )
        ),"\0"
);
}

function fnDecrypt($sValue, $sSecretKey) {
return rtrim(
        mcrypt_decrypt(
                MCRYPT_RIJNDAEL_256,
                $sSecretKey,
                base64_decode($sValue),
                MCRYPT_MODE_ECB,
                mcrypt_create_iv(
                        mcrypt_get_iv_size(
                                MCRYPT_RIJNDAEL_256,
                                MCRYPT_MODE_ECB
                        ),
                        MCRYPT_RAND
                )
        ),"\0"
);
}

the output is

Encryption: iqJ0R5ahRP7GpWKtW7 + OBSCGnudDr99VbJC36OQlmgE =

decrypt: message

My question is, why are these different?

Chris

If they were the same, it would be a cryogenic freezing earthquake.

But: with your PHP encryption method (using EBC mode) you will always get the same result. You can check out the characteristics of the tuxedo at http://en.wikipedia.org/wiki/Cipher_block_chaining#Electronic_codebook_.28ECB.29 to see why this is a problem.

CryptoJS seems to use CBC as the default block cipher mode (at least they say so in https://code.google.com/p/crypto-js/#Block_Modes_and_Padding ), which has a random initial vector. This is better than CBC.

The result should be the same, if you use the same cipher, same block cipher mode (e.g. CBC), and same key and IV (and of course the same plaintext), the comments suggest that there may be a unicode issue as well.

Also, MCRYPT_RIJNDAEL_256 is not AES. AES has a BLOCK size of 16 bytes - AES-128 has a KEY size of 16 bytes and AES-256 has a KEY size of 32 bytes. MCRYPT_RIJNDAEL_256 has a BLOCK size of 32 bytes - a big difference.

One final note: Encrypting data is not enough! You also have to authenticate it by using HMAC or using an authenticated block cipher mode (eg GCM) - if you don't, you may at least be vulnerable to a padding oracle attack : http://en.wikipedia.org/wiki /Padding_oracle_attack

Related

AES encryption/decryption in javascript using CryptoJS

Anthracene I am trying to send AES encrypted messages between javascript and php using a shared key. In Javascript, I am using the CryptoJS library. In php, I am using mycrypt. I am trying to construct an encrypted message in javascript and then decrypt it in

AES encryption/decryption in javascript using CryptoJS

Anthracene I am trying to send AES encrypted messages between javascript and php using a shared secret. In Javascript, I am using the CryptoJS library. In php, I am using mycrypt. I am trying to construct an encrypted message in javascript and then decrypt it

AES encryption/decryption in javascript using CryptoJS

Anthracene I am trying to send AES encrypted messages between javascript and php using a shared secret. In Javascript, I am using the CryptoJS library. In php, I am using mycrypt. I am trying to construct an encrypted message in javascript and then decrypt it

AES encryption using CryptoJS

Sergio David Romero I need to implement AES encryption using JavaScript. Use AES/CBC/NoPadding mode, and created a way to do it in 16-length blocks. I have solved it using Java. look like: public static String encrypt(byte[] key, byte[] initVector, String valu

AES encryption using CryptoJS

Sergio David Romero I need to implement AES encryption using JavaScript. Use AES/CBC/NoPadding mode, and created a way to do it in 16-length blocks. I have solved it using Java. looks like: public static String encrypt(byte[] key, byte[] initVector, String val

How to decrypt with CryptoJS using AES?

User 3197788 With the desired options (AES, ECB mode and PKCS7), as the question suggests, I can't seem to get the decrypted value right. I am encrypting like this: var ENC_KEY = "bXlrZXk="; //"mykey" var encrypted = CryptoJS.AES.encrypt("hello", Crypto

How to decrypt with CryptoJS using AES?

User 3197788 With the desired options (AES, ECB mode and PKCS7), as the question suggests, I can't seem to get the decrypted value right. I am encrypting like this: var ENC_KEY = "bXlrZXk="; //"mykey" var encrypted = CryptoJS.AES.encrypt("hello", Crypto

AES CBC: JavaScript/CryptoJS encryption -> Golang decryption

DjH Note: This is for personal use and learning only, I don't plan to use my encryption for public use. I need to AES256 encrypt the string, but my current attempt ends up with something like the server side string Salted__Vέ��|��l��ʼ8XCQlYwhen hex decoded . W

AES CBC: JavaScript/CryptoJS encryption -> Golang decryption

DjH Note: This is for personal use and learning only, I don't plan to use my encryption for public use. I need to AES256 encrypt the string, but my current attempt ends up with something like the server side string Salted__Vέ��|��l��ʼ8XCQlYwhen hex decoded . W

AES CBC: JavaScript/CryptoJS encryption -> Golang decryption

DjH Note: This is for personal use and learning only, I don't plan to use my encryption for public use. I need to AES256 encrypt the string, but Salted__Vέ��|��l��ʼ8XCQlYwhen hex decodes it , my current attempt ends up with something like the string on the ser

Interoperability of C-tiny-aes-c and Javascript CryptoJS

Shlomi Schwartz Use tiny-aes-c . Consider the following C code: int main(int argc, char const *argv[]) { uint8_t key[6] = { 's','e','c','r','e','t' }; uint8_t iv[16] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xf

Interoperability of C-tiny-aes-c and Javascript CryptoJS

Shlomi Schwartz Use tiny-aes-c . Consider the following C code: int main(int argc, char const *argv[]) { uint8_t key[6] = { 's','e','c','r','e','t' }; uint8_t iv[16] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xf

Interoperability of C-tiny-aes-c and Javascript CryptoJS

Shlomi Schwartz Use tiny-aes-c . Consider the following C code: int main(int argc, char const *argv[]) { uint8_t key[6] = { 's','e','c','r','e','t' }; uint8_t iv[16] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xf

AES decryption with cipher using CryptoJS returns a blank value

stubborn situation I have the following code: <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <div id="decrypted">Please wait...</div> Insert new note:<input type="text" id="new_note"><input type="button" id="enc_but

How to properly encrypt AES256 method using CryptoJs

encourage Hi I'm new to React Native, I can encrypt data with PHP but not with React Native using Crypto JS. (results that lead to JS are always different, the correct one is from PHP) Here is an example in PHP: <?php $data = 'my1234567'; $iv = 'yourivare1234

AES decryption with cipher using CryptoJS returns a blank value

stubborn situation I have the following code: <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <div id="decrypted">Please wait...</div> Insert new note:<input type="text" id="new_note"><input type="button" id="enc_but

How to properly encrypt AES256 method using CryptoJs

encourage Hi I'm new to React Native, I can encrypt data with PHP but not with React Native using Crypto JS. (results that lead to JS are always different, the correct one is from PHP) Here is an example in PHP: <?php $data = 'my1234567'; $iv = 'yourivare1234

How to properly encrypt AES256 method using CryptoJs

encourage Hi I'm new to React Native, I can encrypt data with PHP but not with React Native using Crypto JS. (results that lead to JS are always different, the correct one is from PHP) Here is an example in PHP: <?php $data = 'my1234567'; $iv = 'yourivare1234

AES decryption with cipher using CryptoJS returns a blank value

stubborn situation I have the following code: <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <div id="decrypted">Please wait...</div> Insert new note:<input type="text" id="new_note"><input type="button" id="enc_but

How to properly encrypt AES256 method using CryptoJs

encourage Hi I'm new to React Native, I can encrypt data with PHP but not with React Native using Crypto JS. (results that lead to JS are always different, the correct one is from PHP) Here is an example in PHP: <?php $data = 'my1234567'; $iv = 'yourivare1234