Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Decrypt .Net cookie in nodejs

Tags:

.net

node.js

cryptography

aes

I've created an encrypted cookie in .Net and I'm trying to decrypt it's content in nodejs. But nodejs keeps throwing the exception "TypeError: DecipherFinal fail"

In .Net I'm using the AES encryption method with the key

932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC.

My web.config file has the following row

<machineKey validationKey="A5326FFC9D3B74527AECE124D0B7BE5D85D58AFB12AAB3D76319B27EE57608A5A7BCAB5E34C7F1305ECE5AC78DB1FFEC0A9435C316884AB4C83D2008B533CFD9" 
decryptionKey="932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC" 
validation="SHA1" decryption="AES"  />

And the code that generates my cookie in .Net looks like this:

var ticket = new FormsAuthenticationTicket(0, "test", DateTime.Now, DateTime.Now.AddYears(1), true, "test");
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(cookieName, encryptedTicket));

The nodejs code that decrypts the cookie is

var crypto = require('crypto');
var logger = require('winston');
var deckey = "932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC";

function hex2a(hex) {
  var str = '';
  for (var i = 0; i < hex.length; i += 2)
    str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
  return str;
}

function decrypt(cookie) {          
  var ivc = cookie, iv, cipherText, ivSize = 16, res;

  ivc = new Buffer(ivc, 'hex');
  iv = new Buffer(ivSize);

  cipherText = new Buffer(ivc.length - ivSize);
  ivc.copy(iv, 0, 0, ivSize);
  ivc.copy(cipherText, 0, ivSize);

  iv = new Buffer(Array(16));
  c = crypto.createDecipheriv('aes-256-cbc', hex2a(deckey), iv.toString());
  res = c.update(cipherText, 'binary');
  res += c.final('binary'); //<-- throws TypeError: DecipherFinal fail
  return res;
 }

I'm kind of lost and I would appreciate tips or ideas on what could be the issue.

like image 632
Daniel Avatar asked Nov 12 '22 15:11

Daniel

1 Answers

You can see the source code of Encryp and Decrypt here with all the different possibilities (Framework20SP1, Framework20SP2, etc)

https://github.com/Microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs

It took me hours to read that code, but once you got it, it's possible to write a simple code just for your specific encryption settings.

like image 96
david.sansay Avatar answered Nov 15 '22 05:11

david.sansay
Sign in to Comment

Related questions

Extended protection is not supported or not enabled on this platform issue logged in server WCF trace logs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!