Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CryptoJS AES encryption and Java AES decryption

Tags:

I'm only asking this because I have read many posts for 2 days now about crypto AES encryption, and just when I thought I was getting it, I realized I wasn't getting it at all.

This post is the closest one to my issue, I have exactly the same problem but it is unanswered:

CryptoJS AES encryption and JAVA AES decryption value mismatch

I have tried doing it in many ways but I haven't gotten it right.

First Off

I'm getting the already encrypted string (I only got the code to see how they were doing it), so modifying the encryption way is not an option. That's why all the similar questions aren't that useful to me.

Second

I do have access to the secret key and I can modify it (so adjusting length is an option if neccessary).

The encryption is done on CryptoJS and they send the encrypted string as a GET parameter.

GetParamsForAppUrl.prototype.generateUrlParams = function() { const self = this;  return new Promise((resolve, reject) => {    const currentDateInMilliseconds = new Date().getTime();    const secret = tokenSecret.secret;    var encrypted = CryptoJS.AES.encrypt(self.authorization, secret);    encrypted = encrypted.toString();    self.urlParams = {      token: encrypted,      time: currentDateInMilliseconds    };    resolve();  }); }; 

I can easily decrypt this on javascript using CryptoJS with:

var decrypted = CryptoJS.AES.decrypt(encrypted_string, secret);     console.log(decrypted.toString(CryptoJS.enc.Utf8));  

But I don't want to do this on Javascript, for security reasons, so I'm trying to decrypt this on Java:

String secret = "secret"; byte[] cipherText = encrypted_string.getBytes("UTF8"); SecretKey secKey = new SecretKeySpec(secret.getBytes(), "AES"); Cipher aesCipher = Cipher.getInstance("AES"); aesCipher.init(Cipher.DECRYPT_MODE, secKey); byte[] bytePlainText = aesCipher.doFinal(byteCipherText); String myDecryptedText = = new String(bytePlainText); 

Before I had any idea of what I was doing, I tried base64 decoding, adding some IV and a lot of stuff I read, of course none of it worked.

But after I started to understand, kinda, what I was doing, I wrote that simple script above, and got me the same error on the post: Invalid AES key length

I don't know where to go from here. After reading a lot about this, the solution seems to be hashing or padding, but I have no control on the encryption method, so I can't really hash the secret or pad it.

But as I said, I can change the secret key so it can match some specific length, and I have tried changing it, but as I'm shooting in the dark here, I don't really know if this is the solution.

So, my question basically is, If I got the encrypted string (in javascript like the first script) and the secret key, is there a way to decrypt it (in Java)? If so, how to do it?

like image 283
Lauro182 Avatar asked Jan 02 '17 20:01

Lauro182


People also ask

What encryption does CryptoJS use?

CryptoJS supports AES-128, AES-192, and AES-256. It will pick the variant by the size of the key you pass in. If you use a passphrase, then it will generate a 256-bit key. DES is a previously dominant algorithm for encryption, and was published as an official Federal Information Processing Standard (FIPS).

What is CryptoJS?

CryptoJS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface.

Is CryptoJS open source?

crypto-js - Libraries - cdnjs - The #1 free and open source CDN built to make life easier for developers.


1 Answers

Disclaimer: Do not use encryption unless you understand encryption concepts including chaining mode, key derivation functions, IV and block size. And don't roll your own security scheme but stick to an established one. Just throwing in encryption algorithms doesn't mean an application has become any more secure.

CryptoJS implements the same key derivation function as OpenSSL and the same format to put the IV into the encrypted data. So all Java code that deals with OpenSSL encoded data applies.

Given the following Javascript code:

var text = "The quick brown fox jumps over the lazy dog. 👻 👻"; var secret = "René Über"; var encrypted = CryptoJS.AES.encrypt(text, secret); encrypted = encrypted.toString(); console.log("Cipher text: " + encrypted); 

We get the cipher text:

U2FsdGVkX1+tsmZvCEFa/iGeSA0K7gvgs9KXeZKwbCDNCs2zPo+BXjvKYLrJutMK+hxTwl/hyaQLOaD7LLIRo2I5fyeRMPnroo6k8N9uwKk= 

On the Java side, we have

String secret = "René Über"; String cipherText = "U2FsdGVkX1+tsmZvCEFa/iGeSA0K7gvgs9KXeZKwbCDNCs2zPo+BXjvKYLrJutMK+hxTwl/hyaQLOaD7LLIRo2I5fyeRMPnroo6k8N9uwKk=";  byte[] cipherData = Base64.getDecoder().decode(cipherText); byte[] saltData = Arrays.copyOfRange(cipherData, 8, 16);  MessageDigest md5 = MessageDigest.getInstance("MD5"); final byte[][] keyAndIV = GenerateKeyAndIV(32, 16, 1, saltData, secret.getBytes(StandardCharsets.UTF_8), md5); SecretKeySpec key = new SecretKeySpec(keyAndIV[0], "AES"); IvParameterSpec iv = new IvParameterSpec(keyAndIV[1]);  byte[] encrypted = Arrays.copyOfRange(cipherData, 16, cipherData.length); Cipher aesCBC = Cipher.getInstance("AES/CBC/PKCS5Padding"); aesCBC.init(Cipher.DECRYPT_MODE, key, iv); byte[] decryptedData = aesCBC.doFinal(encrypted); String decryptedText = new String(decryptedData, StandardCharsets.UTF_8);  System.out.println(decryptedText); 

The result is:

The quick brown fox jumps over the lazy dog. 👻 👻 

That's the text we started with. And emojis, accents and umlauts work as well.

GenerateKeyAndIV is a helper function that reimplements OpenSSL's key derivation function EVP_BytesToKey (see https://github.com/openssl/openssl/blob/master/crypto/evp/evp_key.c).

/**  * Generates a key and an initialization vector (IV) with the given salt and password.  * <p>  * This method is equivalent to OpenSSL's EVP_BytesToKey function  * (see https://github.com/openssl/openssl/blob/master/crypto/evp/evp_key.c).  * By default, OpenSSL uses a single iteration, MD5 as the algorithm and UTF-8 encoded password data.  * </p>  * @param keyLength the length of the generated key (in bytes)  * @param ivLength the length of the generated IV (in bytes)  * @param iterations the number of digestion rounds   * @param salt the salt data (8 bytes of data or <code>null</code>)  * @param password the password data (optional)  * @param md the message digest algorithm to use  * @return an two-element array with the generated key and IV  */ public static byte[][] GenerateKeyAndIV(int keyLength, int ivLength, int iterations, byte[] salt, byte[] password, MessageDigest md) {      int digestLength = md.getDigestLength();     int requiredLength = (keyLength + ivLength + digestLength - 1) / digestLength * digestLength;     byte[] generatedData = new byte[requiredLength];     int generatedLength = 0;      try {         md.reset();          // Repeat process until sufficient data has been generated         while (generatedLength < keyLength + ivLength) {              // Digest data (last digest if available, password data, salt if available)             if (generatedLength > 0)                 md.update(generatedData, generatedLength - digestLength, digestLength);             md.update(password);             if (salt != null)                 md.update(salt, 0, 8);             md.digest(generatedData, generatedLength, digestLength);              // additional rounds             for (int i = 1; i < iterations; i++) {                 md.update(generatedData, generatedLength, digestLength);                 md.digest(generatedData, generatedLength, digestLength);             }              generatedLength += digestLength;         }          // Copy key and IV into separate byte arrays         byte[][] result = new byte[2][];         result[0] = Arrays.copyOfRange(generatedData, 0, keyLength);         if (ivLength > 0)             result[1] = Arrays.copyOfRange(generatedData, keyLength, keyLength + ivLength);          return result;      } catch (DigestException e) {         throw new RuntimeException(e);      } finally {         // Clean out temporary data         Arrays.fill(generatedData, (byte)0);     } } 

Note that you have to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy. Otherwise, AES with key size of 256 won't work and throw an exception:

java.security.InvalidKeyException: Illegal key size 

Update

I have replaced Ola Bini's Java code of EVP_BytesToKey, which I used in the first version of my answer, with a more idiomatic and easier to understand Java code (see above).

Also see How to decrypt file in Java encrypted with openssl command using AES?.

like image 157
Codo Avatar answered Sep 18 '22 13:09

Codo