Search code examples
javascriptflutterdartencryptioncryptojs

Dart "encrypt" library gives unreadable string after encryption

I'm moving from React Native to Flutter/Dart. I have the following code snippet from React Native's typescript:

import CryptoJS from 'crypto-js';

export const decryptSessionKey = (randomKey: string, cipher: string) => {
  const iv = randomKey ? randomKey.slice(0, 16) : '';
  const decrypted = CryptoJS.AES.decrypt(
    cipher,
    CryptoJS.enc.Utf8.parse(randomKey),
    {
      iv: CryptoJS.enc.Utf8.parse(iv),
      mode: CryptoJS.mode.CTR,
      padding: CryptoJS.pad.NoPadding,
    },
  );
  return decrypted.toString(CryptoJS.enc.Utf8);
};

And I moved those code to flutter/dart as:

import 'dart:math';
import 'package:encrypt/encrypt.dart';

String decryptSessionKey(String randomKey, String cipher) {
  final encrypter = Encrypter(AES(Key.fromUtf8(randomKey), mode: AESMode.ctr, padding: null));
  var iv = randomKey.substring(0, 16);
  final decrypted =
      encrypter.decrypt(Encrypted.fromUtf8(cipher), iv: IV.fromUtf8(iv));
  return decrypted.toString();
}

Given the randomKey as 0QaOUmxpugtnRUTZ6yOSxQeZq47Akiqf, and the cipher as piMgUF2ISUl/g7ns2/gZyaWQm6Rdv7x500GD7lMLYxhy14Tg+Bizibvz. I would get the decrypted in Typescript as 54387c3b38150d2a7a1c545167736e701629382648.

However, in Flutter, I got an unreadable string such as ��ʋ�ͻh�0�M��R�Z���YInCXTI*��!�\��-S�f��/�SU��'

Is there something I'm missing? Thank you in advance!

Solution

  • In the Dart code the ciphertext must be Base64 decoded and not UTF8 encoded:

    final decrypted = encrypter.decrypt(Encrypted.from64(cipher), iv: IV.fromUtf8(iv)); // fromBase64() works also

    This is not necessary in the JavaScript code, where CryptoJS.AES.decrypt() implicitly converts the Base64 encoded ciphertext into a CipherParams object.

    If this is fixed, the decryption works!

    Note the following vulnerability: In both codes, the first 16 bytes of the 32 bytes key are also used as IV. If the same key is applied several times, this automatically results in the repetition of key/IV pairs. Especially for CRT this is insecure, see Why must IV/key-pairs not be reused in CTR mode?
    Usually a random IV is generated for each encryption. The IV is not secret and is sent along with the ciphertext (typically concatenated). On the decrypting side, the IV is stripped and used for decryption.