AES-CTR encryption in Go and decryption in CryptoJS
I'm having trouble decrypting text encrypted in Go lang using CryptoJS.
Here is the Go code : https://play.golang.org/p/xCbl48T_iN
package main
import (
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"fmt"
)
func main() {
key := []byte("1234567890123456")
plaintext := []byte("text can be a random lenght")
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
// The IV needs to be unique, but not secure. Therefore it's common to
// include it at the beginning of the ciphertext.
// BTW (only for test purpose) I don't include it
ciphertext := make([]byte, len(plaintext))
iv := []byte{'\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f','\x0f'}
stream := cipher.NewCTR(block, iv)
stream.XORKeyStream(ciphertext, plaintext)
// CTR mode is the same for both encryption and decryption, so we can
// also decrypt that ciphertext with NewCTR.
base := base64.StdEncoding.EncodeToString(ciphertext)
fmt.Printf("encodedHEX: %x\n", ciphertext)
fmt.Printf("encodedBASE: %s\n", base)
plaintext2 := make([]byte, len(plaintext))
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(plaintext2, ciphertext)
fmt.Printf("decoded: %s\n", plaintext2)
}
Here is the JS code : http://jsfiddle.net/Ltkxm64n/
var key = CryptoJS.enc.Hex.parse('31323334353637383930313233343536');
var iv = CryptoJS.enc.Hex.parse('0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f');
var encrypted = CryptoJS.AES.encrypt("text can be a random lenght", key, {
mode: CryptoJS.mode.CTR,
iv: iv
});
console.log(encrypted.ciphertext.toString());
console.log(encrypted.toString());
var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
mode: CryptoJS.mode.CTR,
iv: iv
});
console.log(decrypted.toString(CryptoJS.enc.Utf8));
// text can be a random lenght
Both encrypt and decrypt fine, but when I copy the base64 ciphertext from GO to JS (and vice versa) it doesn't work. I also noticed that the first part of the js output is the same as the Go output, but there are more bytes in the js output than in Go.
My purpose is to encrypt some text in GO and then send the Base64 ciphertext to JS which can decrypt it.
thanks
OK, here's your problem:
Add no-padding js to your sources list:
http://crypto-js.googlecode.com/svn/tags/3.1/build/components/pad-nopadding.js
When encrypting/decrypting, please specify parameters:
padding: CryptoJS.pad.NoPadding
CTR mode does not require padding of plain text before encryption.
The keystream generated from multiple AES blocks is trimmed to match the plaintext length before XORing.
It looks like CryptoJS generates a keystream for xor
it using the plaintext , but doesn't trim it, because the ciphertext that CryptoJS doesn't generate is padding: CryptoJS.pad.NoPadding
always a multiple of 16 bytes long (which happens to be the AES block size).
var key = CryptoJS.enc.Hex.parse('31323334353637383930313233343536');
var iv = CryptoJS.enc.Hex.parse('0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f');
var encrypted = CryptoJS.AES.encrypt("text can be a random lenght", key, {
mode: CryptoJS.mode.CTR,
iv: iv,
padding: CryptoJS.pad.NoPadding
});
document.getElementById("id").innerHTML = encrypted.ciphertext.toString();
document.getElementById("id2").innerHTML = encrypted.toString();
var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
mode: CryptoJS.mode.CTR,
iv: iv,
padding: CryptoJS.pad.NoPadding
});
document.getElementById("decrypt").innerHTML = decrypted.toString(CryptoJS.enc.Utf8); // text can be a random lenght
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ctr.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1/build/components/pad-nopadding.js"></script>
<p> Ciphertext in HEX: </p>
<p id="id"> </p>
<p> Ciphertext in BASE64: </p>
<p id="id2"> </p>
<p> PlainText: </p>
<p id="decrypt"></p>