I have an application that encrypts and decrypts a field in C# using Rfc2898DeriveBytes
. I have been trying to work out a cross platform solution using CryptoJS PBKDF2 to write a decrypt method in JavaScript. However, I have not been able to figure out the following 2 issues:
Key generation
Generating the key in C# (unfortunately I don't have much control over this as it supports a lot of legacy systems)
private readonly RijndaelManaged _alg = new RijndaelManaged();
public EncryptionManager()
{
var secret = 'D2s1d_5$_t0t3||y_4c3$0m3!1!1!!';
var salt = 'o6805542kcM7c5';
var saltBytes = Encoding.ASCII.GetBytes(salt);
using (var keyDeriver = new Rfc2898DeriveBytes(secret, saltBytes))
{
_alg.Key = keyDeriver.GetBytes(_alg.KeySize / 8); // _alg.KeySize = 256
}
}
The JS code I have for the key generation is:
const secret = CryptoJS.enc.Utf8.parse('D2s1d_5$_t0t3||y_4c3$0m3!1!1!!');
// Encoding the Salt in from UTF8 to byte array
const salt = CryptoJS.enc.Utf8.parse('o6805542kcM7c5');
// Creating the key in PBKDF2 format to be used during the decryption
const key = CryptoJS.PBKDF2(secret.toString(CryptoJS.enc.Utf8), salt, {
keySize: 128 / 32,
iterations: 1000,
});
This should ideally work according to my research but the keys generated in both the codes are never the same. I have burnt a lot of midnight oil scratching my head over what I am doing wrong but I don't see why.
Decryption
The decryption method in C# is as follows:
public string Decrypt(string ciphertext)
{
var cipherTextBytes = Convert.FromBase64String(ciphertext);
var ivSize = BitConverter.ToInt32(cipherTextBytes, 0);
var iv = new byte[ivSize];
var offset = sizeof(int);
Array.Copy(cipherTextBytes, offset, iv, 0, ivSize);
offset += ivSize;
using (var msDecrypt = new MemoryStream(cipherTextBytes, offset, cipherTextBytes.Length - offset))
{
lock (_syncLock)
{
using (var decryptor = _alg.CreateDecryptor(_alg.Key, iv))
using (var decryptStream = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
using (var reader = new StreamReader(decryptStream))
{
return reader.ReadToEnd();
}
}
}
}
My solution for the decryption in JS is:
const decrypt = (encryptedData: string): string => {
// Enclosing the test to be decrypted in a CipherParams object as supported by the CryptoJS libarary
const cipherParams = CryptoJS.lib.CipherParams.create({
ciphertext: CryptoJS.enc.Base64.parse(encryptedData),
});
// What should be the IV be here?
const iv = CryptoJS.enc.Hex.parse(encryptedData);
// Decrypting the string contained in cipherParams using the PBKDF2 key
const decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
mode: CryptoJS.mode.CBC,
// iv,
padding: CryptoJS.pad.Pkcs7,
});
decryptedText = decrypted.toString(CryptoJS.enc.Utf8);
return decryptedText;
}
I am assuming if I could get the correct key and IV, I could solve this. I have looked around a lot for compatible solutions but I'm at a loss as to what I am doing wrong.
Any assistance would be greatly appreciated.
As already mentioned in my comment, the C# code returns the following 32 bytes key with the posted salt and passphrase (hex encoded):
e3912cec5e9d1ec5a756cf95991c08f8ce174ee2ddad61c13ff7ece89c0e83e1
The CryptoJS code generates only a 16 bytes key. If the key size is adjusted with keySize: 256 / 32
, the CryptoJS code returns the same 32 bytes key.
The following Base64 encoded ciphertext can be decrypted with the C# code using the posted passphrase and salt:
EAAAACMtkB64He4p/MSI+yF2A2rJWhxpssG6b48Z01JrfbErvQ1r6Gi0esgCmdrBaFxOPFF1+AUsyrUUl5FQ4Nk0dSU=
If the ciphertext is hex encoded, the result is:
10000000 232d901eb81dee29fcc488fb2176036a c95a1c69b2c1ba6f8f19d3526b7db12bbd0d6be868b47ac80299dac1685c4e3c5175f8052ccab514979150e0d9347525
The first 4 bytes contain the information about the IV length. Since the length of the IV is known (16 bytes for AES), it would not really be necessary to store this information, as already mentioned in Robert's comment. The following 16 bytes correspond to the IV, the remaining bytes to the actual ciphertext. These data have to be separated. After that the decryption can be done:
// Key derivation
var secret = CryptoJS.enc.Utf8.parse('D2s1d_5$_t0t3||y_4c3$0m3!1!1!!');
var salt = CryptoJS.enc.Utf8.parse('o6805542kcM7c5');
var key = CryptoJS.PBKDF2(secret, salt, {
keySize: 256 / 32,
iterations: 1000,
});
// Separation of iv size, iv and ciphertext
var encryptedDataB64 = "EAAAACMtkB64He4p/MSI+yF2A2rJWhxpssG6b48Z01JrfbErvQ1r6Gi0esgCmdrBaFxOPFF1+AUsyrUUl5FQ4Nk0dSU=";
var encryptedData = CryptoJS.enc.Base64.parse(encryptedDataB64);
var ivSize = CryptoJS.lib.WordArray.create(encryptedData.words.slice(0, 1));
var iv = CryptoJS.lib.WordArray.create(encryptedData.words.slice(1, 1 + 4));
var ciphertext = CryptoJS.lib.WordArray.create(encryptedData.words.slice(1 + 4));
// Decryption
var cipherParams = CryptoJS.lib.CipherParams.create({
ciphertext: ciphertext
});
var decrypted = CryptoJS.AES.decrypt(cipherParams, key, {
mode: CryptoJS.mode.CBC,
iv: iv,
padding: CryptoJS.pad.Pkcs7,
});
var decryptedText = decrypted.toString(CryptoJS.enc.Utf8);
// Output
console.log(decryptedText);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>