AES-256-CBC Bad Decrypt

Question

Step 1: Create key with pbkdf2

var key = crypto.pbkdf2Sync('prancypoodle', 'sherylcrowe', 10000, 32, 'sha512');

Creating a key with the password, prancy poodle, salt it with sherylcrowe, iterate 10,000 times, out put a 32 byte long key (AES-256-CBC needs that length).

Step 2: Encrypt something

var cipher = crypto.createCipheriv('aes-256-cbc', key, 'dogsarefun'.toString("binary"));

var crypted = cipher.update('wherearemysocks?');
crypted = Buffer.concat([crypted, cipher.final()]);

Step 3: Decrypt & Fail

var decipher = crypto.createDecipheriv('aes-256-cbc', key, 'dogsarefun'.toString('binary'));

var decrypted = decipher.update(crypted);
decrypted = Buffer.concat([decrypted, decipher.final()]);
Error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
    at Error (native)
    at Decipher.Cipher.final (crypto.js:150:26)
    at repl:1:48
    at REPLServer.defaultEval (repl.js:272:27)
    at bound (domain.js:280:14)
    at REPLServer.runBound [as eval] (domain.js:293:12)
    at REPLServer.<anonymous> (repl.js:441:10)
    at emitOne (events.js:101:20)
    at REPLServer.emit (events.js:188:7)
    at REPLServer.Interface._onLine (readline.js:219:10)

What am I doing wrong? It seems so right, but is so wrong.

Answer 1

You need to supply an IV for CBC mode and it needs to be block size (16-bytes for AES). 'dogsarefun' is only 10-bytes so the remaining bytes are unspecified and may (probably are) garbage.

Since PKCS padding is the default and CBC mode is used an incorrect IV will result in incorrect padding on decryption probably with the error: routines:EVP_DecryptFinal_ex:bad decrypt.

P.S. Beware: This is the Internet which is pwned by cats. 👿