I have two difference html page, in the first one there is a form that on submit call a Javascript function to encrypt two different parameter after that these two parameter are sent in get to the second page, following the code of the first html page:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test Encrypt</title>
<script type="text/javascript">
Function to encrypt in AES tex
function encText(plainText){
var salt = CryptoJS.enc.Utf8.parse("12345678");
var password = "test";
var keyBits = CryptoJS.PBKDF2(password, salt, {
hasher: CryptoJS.algo.SHA1,
keySize: 8,
iterations: 2048
var iv = CryptoJS.enc.Base64.parse("dGVzdGFhYTAxMjM1Njc4OQ==");
var encrypted = CryptoJS.AES.encrypt(plainText, keyBits, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
//var decrypted = CryptoJS.AES.decrypt(encrypted, key).toString(CryptoJS.enc.Utf8);
//var decrypted = encrypted.toString(CryptoJS.enc.Utf8)
//var decrypted = CryptoJS.enc.Utf8.stringify(encrypted);
return encrypted.toString();
function formEncrypt(){
var name = document.getElementById("name").value;
var surname = document.getElementById("surname").value;
var encName = encText(name);
var encSurname = encText(surname);
document.getElementById("name").value = encName;
document.getElementById("surname").value = encSurname;
<form action="/decrypt.php" method="get" name="myForm">
name: <input type="text" name="name" id="name"><br>
surname: <input type="text" name="surname" id="surname"><br>
<input type="submit" value="Submit" onclick="formEncrypt()">
In the second page using a JavaScript function I try to decipher the two parameters values, following the code of the second page:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
echo '<script type="text/javascript">';
echo 'var encName = \'' . base64_encode ( $_GET['name'] ). '\';';
echo 'var encSurname = \'' . base64_encode ( $_GET['surname'] ) . '\';';
echo '</script>';
<script type="text/javascript">
function decText(encryptedText){
//var message = CryptoJS.enc.Base64.parse(encryptedText);
var salt = CryptoJS.enc.Utf8.parse("12345678");
var password = "test";
var keyBits = CryptoJS.PBKDF2(password, salt, {
hasher: CryptoJS.algo.SHA1,
keySize: 8,
iterations: 2048
var iv = CryptoJS.enc.Base64.parse("dGVzdGFhYTAxMjM1Njc4OQ==");
var result = CryptoJS.AES.decrypt(CryptoJS.enc.Base64.parse(encryptedText), keyBits, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
return result.toString(CryptoJS.enc.Utf8)
function yoo(){
var name = decText(encName);
var surname = decText(encSurname);
//document.getElementById("pName").value += name;
//document.getElementById("pSurname").value += surname;
<p id="pName"> </p>
<p id="pSurname"> </p>
<button onclick="yoo()">clearText</button>
But the result is always a blank string, I think there is a mistake but I don't find where.
To decode a base64 string, pass the parsed object containing the word array to the stringify function for the Utf8 encoder. i.e. CryptoJS.enc.Utf8.stringify(parsedObjectContainingWordArray)
const encName = '<?php echo base64_encode($_POST["surname"]); ?>';
const encSurname = '<?php echo base64_encode($_POST["name"]); ?>';
function decText(encryptedText) {
const salt = CryptoJS.enc.Utf8.parse("12345678");
const password = "test";
const keyBits = CryptoJS.PBKDF2(password, salt, {
hasher: CryptoJS.algo.SHA1,
keySize: 8,
iterations: 2048
const iv = CryptoJS.enc.Base64.parse("dGVzdGFhYTAxMjM1Njc4OQ==");
const result = CryptoJS.AES.decrypt(
// This here is where the action is. If the wrong value gets passed,
// result turns out to be empty string.
keyBits, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
return result.toString(CryptoJS.enc.Utf8)
function yoo() {
const nameNode = document.getElementById("pName");
const surnameNode = document.getElementById("pSurname");
nameNode.textContent = decText(encName);
surnameNode.textContent = decText(encSurname);