Search code examples
javascriptnode.jsvb.netcryptojs

Not able to decrypt the encryptedValue using crypto

I am trying to decrypt a value (encrypted in des) coming from VB. When I try to decrypt the encryptedValue using crypto in Javascript the output gives me an empty value. I have attached how the encryption was done in VB.

HOW I AM TRYING TO DECRYPT IN JAVASCRIPT

var CryptoJS       = require("crypto-js");
var key            = "peekaboo";
var encryptedValue = "50AznWWn4fJI19T392wIv/ZysP/Ke3mB";
encryptedValue     = CryptoJS.enc.Base64.parse(encryptedValue);

var data           = CryptoJS.DES.decrypt(encryptedValue, key, { iv: "cbauthiv" });

const email  = data.toString(CryptoJS.enc.Utf8);

console.log(email, "ORIGINAL TEXT");

enter image description here

THE WAY IT IS ENCRYPTED IN VB

Imports System.Security.Cryptography
Imports System.Text
Imports System.IO

Module Module1

    Private Const ENCRYPTIONKEY As String = "peekaboo"

    Sub Main()

       
        Dim s As String = Encrypt("ditzymoose@outlook.com")

        Dim r As String = Decrypt(s)
        Console.ReadLine()


    End Sub


    Private Function Encrypt(stringToEncrypt As String) As String
        Dim rng As New RNGCryptoServiceProvider
        Dim byteArray() As Byte = New Byte(8) {}
        Dim iv_value As String = "cbauthiv"
        Dim key() As Byte = {}
        Dim IV() As Byte = System.Text.Encoding.UTF8.GetBytes(Left(iv_value, 8))

        key = System.Text.Encoding.UTF8.GetBytes(Left(ENCRYPTIONKEY, 8))
        Dim des As New DESCryptoServiceProvider
        rng.GetBytes(byteArray)
        Dim Salt As String = BitConverter.ToString(byteArray)
        Dim SaltedInput As String = Salt & "~" & stringToEncrypt
        Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt)
        Dim ms As New MemoryStream
        Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write)
        cs.Write(inputByteArray, 0, inputByteArray.Length)
        cs.FlushFinalBlock()
        Return Convert.ToBase64String(ms.ToArray())

    End Function
End Module
Solution

  • The key and IV must be passed as WordArray. For the conversion the Utf8-Encoder has to be used, here.

    Also, the ciphertext must be passed as a CipherParams object or alternatively Base64 encoded (which is then implicitly converted to a CipherParams object), here.

    With these changes the ciphertext of the VB code can be successfully decrypted using the CryptoJS code:

    var key            = CryptoJS.enc.Utf8.parse("peekaboo");
var iv             = CryptoJS.enc.Utf8.parse("cbauthiv");
var encryptedValue = "50AznWWn4fJI19T392wIv/ZysP/Ke3mB";

var data           = CryptoJS.DES.decrypt(encryptedValue, key, {iv: iv});
var email          = data.toString(CryptoJS.enc.Utf8);

console.log(email, "ORIGINAL TEXT");
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>

    Please note that DES is insecure (here) and was replaced by AES almost 20 years ago. Also insecure is a static IV. Instead, a random IV should be generated for each encryption.
    Furthermore a password should not be used as key. If a password is to be used, the key should be derived from the password using a reliable key derivation function such as PBKDF2.