I have encrypted JPG file in Java with AES256, but have no idea to decrypt the JPG file in javascript. Anyone has better idea? I'm struggling with it for 4days.
byte[] ivBytes = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
String key = "1234567890123456789012345678901d";
AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes);
SecretKeySpec newKey = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(mode, newKey, ivSpec);
InputStream input = null;
OutputStream output = null;
try {
input = new BufferedInputStream(new FileInputStream(new File("/home/java/test/aaa.JPG")));
output = new BufferedOutputStream(new FileOutputStream(new File("/home/java/test/bbb.JPG")));
byte[] buffer = new byte[1024];
int read = -1;
while((read = input.read(buffer)) != -1){
output.write(cipher.update(buffer, 0, read));
}
output.write(cipher.doFinal());
}
finally {
if(output != null){
try {
output.close();
} catch(IOException ie){
logger.info(ie.getMessage());
}
}
if(input != null){
try {
input.close();
} catch(IOException ie){
logger.info(ie.getMessage());
}
}
}
Here is the code I have tried so far. I have used CryptoJS and Decrypt does not return anything.
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript" src="./CryptoJS v3.1.2/rollups/aes.js"></script>
<script type="text/javascript" src="jquery-3.2.1.min.js"></script>
<meta charset=utf-8 />
<title>JS Bin</title>
<style>
article, aside, figure, footer, header, hgroup,
menu, nav, section { display: block; }
</style>
</head>
<body>
<input type='file' onchange="readURL(this);" />
<img id="blah" src="#" alt="your image" />
<a class="download" href="">Download</a>
<script>
var a = $('.download');
var key = CryptoJS.enc.Hex.parse("1234567890123456789012345678901d");
var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");
function readURL(input) {
if (input.files && input.files[0]) {
var reader = new FileReader();
reader.onload = function (e) {
/////////
var decrypted = CryptoJS.AES.decrypt(e.target.result, key,
{
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
).toString(CryptoJS.enc.Latin1);
if(!/^data:/.test(decrypted)){
alert("Invalid pass phrase or file! Please try again.");
return false;
}
a.attr('href', decrypted);
a.attr('download', input.files[0].name.replace('.enc',''));
};
//reader.readAsDataURL(input.files[0]);
reader.readAsText(input.files[0]);
}
}
</script>
</body>
</html>
Your key is wrong, Java (incorrectly) uses the ASCII representation of the key:
String key = "1234567890123456789012345678901d";
...
SecretKeySpec newKey = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
which results in a 32 byte key for AES-256. But your JavaScript uses the Hex decoding of the key:
var key = CryptoJS.enc.Hex.parse("1234567890123456789012345678901d");
which results in a 16 byte key for AES-128.
With wrong keys you will obviously not get the right results.
So you'd either have to encode your key as you did your IV in Java or use a hex decoder (not present in Java by default) or you should "fix" your JavaScript to do the same as in Java and use the ASCII encoding of the key string.
Keys, in general, should not be strings.