I'm merging a nodeJS app with a ColdFusion application. I have a encryption being done in ColdFusion using the method below where key is a encrypt key string
key = 'nQw7y6QejwGFh/SNrul20Q=='
encrypt(value, key, "AES/CBC/PKCS5Padding", "HEX");
Then, in NodeJS, I am trying to decrypt it using crypto
const crypto = require('crypto');
const key = "nQw7y6QejwGFh/SNrul20Q==";
const binaryEncryptionKey = new Buffer( key, "base64" );
decrypt = (value) => {
try {
var decipher = crypto.createDecipheriv( "AES-128-CBC", binaryEncryptionKey );
var value = (
decipher.update( value, "base64", "utf8" ) +
decipher.final( "utf8" )
);
return value;
} catch (err) {
console.log(err);
}
}
It first return a warning for the buffer:
DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
Then, I got the error:
TypeError [ERR_INVALID_ARG_TYPE]: The "iv" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received undefined
I don't have an "iv" because the ColdFusion side did not use it to encrypt. Is it possible to decrypt it in NodeJS?
TypeError [ERR_INVALID_ARG_TYPE]: The "size" argument must be of type number. Received type string ('nQw7y6QejwGFh/SNrul20Q==..)
For example, I have the following encrypted string: FB391CAAE5CD8FF47C55211ED8636D213C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B
Thank you
The ColdFusion encrypt function is described here. The 16 bytes IV required for AES/CBC can be specified explicitly. If no IV is given, it is automatically generated and placed in front of the ciphertext (s. also Michael Fehr's comment). The decryption in NodeJS can be done as follows:
const crypto = require('crypto');
const key = Buffer.from('nQw7y6QejwGFh/SNrul20Q==', 'base64');
const ivCiphertext = Buffer.from('FB391CAAE5CD8FF47C55211ED8636D213C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B', 'hex');
const iv = ivCiphertext.slice(0, 16);
const ciphertext = ivCiphertext.slice(16);
var decrypt = (value) => {
try {
var decipher = crypto.createDecipheriv('AES-128-CBC', key, iv);
var value =
decipher.update(value, '', 'utf8') +
decipher.final('utf8');
return value;
} catch (err) {
console.log(err);
}
}
console.log(decrypt(ciphertext)); // 4388576099656673
With the result 4388576099656673, consistent with the corresponding ColdFusion script, which can be executed e.g. here, s. Examples:
<cfscript>
key = 'nQw7y6QejwGFh/SNrul20Q==';
iv = BinaryDecode('FB391CAAE5CD8FF47C55211ED8636D21', 'HEX');
ciphertext = '3C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B';
plaintext = decrypt(ciphertext, key, 'AES/CBC/PKCS5Padding', 'HEX', iv);
writeOutput(plaintext);
</cfscript>
Note that new Buffer() is deprecated. A description of Buffer.alloc() can be found here.