Search code examples
phpnode.jsaesphpseclibcryptojs

AES CryptoJS encryption and phpseclib decryption

I have a next problem
On Node.js I have a next code

var iv = CryptoJS.enc.Hex.parse('00000000000000000000000000000000'); //it's for tests, later it will be dynamically generated
var key256Bits = 'A5178B6A965AACF3CD60B07A15061719';

var cipher = CryptoJS.AES.encrypt(
    'Some text', 
    key256Bits, 
    {
        iv: iv,
        padding:CryptoJS.pad.ZeroPadding
    }
).toString();

Then when I try to decode it with phpseclib

$key = 'A5178B6A965AACF3CD60B07A15061719';
$data = /*text encrypted by JS*/;
$cipher = new AES();
$cipher->setKeyLength(256);
$cipher->setKey($key);
$res = $cipher->decrypt($data);

And then $res becomes an empty string
What do I do wrong?

Solution

  • If you pass in a string to CryptoJS.<cipher>.encrypt as a key, CryptoJS treats it as a password and will derive the actual key from that using OpenSSL's EVP_BytesToKey with a random salt and one iteration of MD5.

    phpseclib doesn't have an implementation of that, so you could just pass in the actual key:

    var key256Bits = CryptoJS.enc.Utf8.parse('A5178B6A965AACF3CD60B07A15061719');

    Since this key is only 32 hexits long, it only has 128 bit of entropy, but still uses AES-256. You need 64 hexits which you can decode before use to get 32 bytes for a secure key size.

    Also, phpseclib implements PKCS#7 padding, so you need to use 

    padding: CryptoJS.pad.Pkcs7

    in CryptoJS.

    Example JavaScript code:

    var iv = CryptoJS.enc.Hex.parse('00000000000000000000000000000000'); //it's for tests, later it will be dynamically generated
var key256Bits = CryptoJS.enc.Utf8.parse('A5178B6A965AACF3CD60B07A15061719');

var cipher = CryptoJS.AES.encrypt(
    'Some text', 
    key256Bits, 
    {
        iv: iv,
        padding: CryptoJS.pad.Pkcs7
    }
).toString();
console.log(cipher)
    <script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/aes.js"></script>

    In PHP, you need to make sure to decode the ciphertext before use:

    $data = base64_decode("IWkBG3A46rNrxwWN2JD7xQ==");

$key = 'A5178B6A965AACF3CD60B07A15061719';
$cipher = new AES();
$cipher->setKeyLength(256);
$cipher->setKey($key);
$res = $cipher->decrypt($data);
var_dump($res);

    Security consideration:

    If you're using only symmetric encryption you need the exact same key at the server and the client. If you send the encryption key from the server to the client or the other way around you need to encrypt your symmetric encryption key. The easiest way to do this would be to use TLS. If you use TLS, then the data as well as key are encrypted, so you don't need to encrypt it yourself. This doesn't provide any security, just a little bit of obfuscation. You should read: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/