Search code examples
javascriptnode.jsencryptionaescryptojs

How to achieve CryptoJS decryption using aes-128-cbc algorithm?

I am getting an encrypted key which is generated using Java. I need to decrypt it in AngularJS app using CryptoJS. I had done similar thing using node but now in Angular I am stuck. This fiddle http://jsfiddle.net/s5g82rqh/ is what I have tried so far but it returns empty.

Below is what I have tried till now

 function decrypt_core_AES_CBC(password, ciphertext) {
   var iv  = CryptoJS.lib.WordArray.random(128/8);
   var message = CryptoJS.AES.decrypt(ciphertext, password, { mode:    CryptoJS.mode.CBC, iv: password });

  console.log("The current iv is: " + iv.toString() );
  return CryptoJS.enc.Utf8.stringify(message);
 }


var data = '6615702f2dd672f643fd57623d6362a510a98faf4b1c068fd468b525a5fa5471809852a0f9cb7936ce3d3892c233b8c48ce2608f16ce6fa66005b2d97689fbb4';
var key = '3426D38AB846B62B9C236D288778D997';
var dec = decrypt_core_AES_CBC(key, data);

console.log(dec);

Below is the node.js code which works for me. I have no success in achieving similar in CryptoJS. As per my understanding crypto comes as built-in library which node has its own wrapper on top of it. 

var crypto = require('crypto');
var defaultAlgorithm= 'aes-128-cbc';
var defaultFormat= 'hex';
var ivLength= 16;
function decode (data, key, algorithm, format) {

    // Make sure the data is a buffer object
    if (data instanceof Buffer) {
        data = data.toString();
    }

    // Get defaults if needed
    algorithm = algorithm || defaultAlgorithm;
    format = format || defaultFormat;

    ivLength = ivLength * 2;

    // Get the initialization vector
    var iv = new Buffer(data.substring(0, ivLength), 'hex');

    // Remove the iv from the data
    data = data.substring(ivLength);
    var decipher = crypto.createDecipheriv(algorithm, new Buffer(key, 'hex'), iv);
    var decrypted = decipher.update(data, format, 'utf8') + decipher.final('utf8');

    return decrypted;
}

var data ='6615702f2dd672f643fd57623d6362a510a98faf4b1c068fd468b525a5fa5471809852a0f9cb7936ce3d3892c233b8c48ce2608f16ce6fa66005b2d97689fbb4';
var key = '3426D38AB846B62B9C236D288778D997';
var dec = decode(data, key, defaultAlgorithm, defaultFormat);

console.log(dec);
Solution

  • You have three issues:

    • CryptoJS supports two types of encryption/decryption: key derived from a password and directly passed key. You want to do this from a key, so you need to parse the hex-encoded key string into CryptoJS' native format before passing it to the decrypt() function:

      key = CryptoJS.enc.Hex.parse(key);

      Also, don't confuse a key with a password.

    • You forgot to slice off the IV from the ciphertext before decrypting.

      var iv = CryptoJS.enc.Hex.parse(ciphertext.slice(0, 32));
ciphertext = CryptoJS.enc.Hex.parse(ciphertext.slice(32));

    • CryptoJS' expects either a CipherParams object or an OpenSSL-formatted string to decrypt from. Since you only have a hex string, you have to parse it before use and use it like this:

      var message = CryptoJS.AES.decrypt({
    ciphertext: ciphertext
}, key, {
    iv: iv
});