I inherited a database that has the passwords utilizing the following functions to encrypt/decrypt in VB.NET
Public Shared Function EncryptString(ByVal Message As String, ByVal Passphrase As String) As String
Dim Results As Byte()
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding()
Dim HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey As Byte() = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase))
Dim TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
TDESAlgorithm.Key = TDESKey
TDESAlgorithm.Mode = CipherMode.ECB
TDESAlgorithm.Padding = PaddingMode.PKCS7
Dim DataToEncrypt As Byte() = UTF8.GetBytes(Message)
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor()
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Return Convert.ToBase64String(Results)
End Function
Public Shared Function DecryptString(ByVal Message As String, ByVal Passphrase As String) As String
Dim Results As Byte()
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding()
Dim HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey As Byte() = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase))
Dim TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
TDESAlgorithm.Key = TDESKey
TDESAlgorithm.Mode = CipherMode.ECB
TDESAlgorithm.Padding = PaddingMode.PKCS7
Dim DataToDecrypt As Byte() = Convert.FromBase64String(Message)
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor()
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Return UTF8.GetString(Results)
End Function
I am having a hard time encrypting the data to query the SQL server.
When using EncryptString with the following parameters:
Message = stack-overflow
Passphrase = Danielle
I get:
1c2wL+guV34oyVS0vkxwVA==
I need to do this encryption and decryption with node.js
I tried this but it did not work:
var crypto = require('crypto');
encrypt(text, paraphrase) {
const key =text;
const secret =paraphrase;
// Encryption
const cipher = crypto.createCipheriv("aes-192-ecb", Buffer.from(key, "base64"), null);
const encryptedSecret = cipher.update(secret, "utf8", "base64") + cipher.final("base64");
return(encryptedSecret);
};
I also tried installing MD5 by npm but I had no luck either.
Any help to encrypt and decrypt will be appreciated. Thank you all.
For the NodeJS code to be compatible with the VB code, TripleDES must be used instead of AES. The key must be derived with MD5. Since MD5 provides a 16 bytes key, TripleDES is applied in the double-length key variant (2TDEA), which combines two DES keys K1 and K2 to a TripleDES key K1|K2|K1. One possible implementation is:
var key16 = crypto.createHash('md5').update(passphrase).digest();
var cipher = crypto.createCipheriv("des-ede-ecb", key16, null);
var ciphertext = cipher.update(data, "utf8", "base64") + cipher.final("base64");
If des-ede-ecb is not supported, des-ede3-ecb can be used as an alternative. This implements TripleDES in the triple-length key variant (3TDEA), which combines three DES keys K1, K2 and K3 to a TripleDES key K1|K2|K3. For K3 = K1 this is equivalent to 2TDEA:
var key16 = crypto.createHash('md5').update(passphrase).digest();
var key24 = Buffer.concat([key16, key16.slice(0, 8)]);
var cipher = crypto.createCipheriv("des-ede3-ecb", key24, null);
Note that ECB is insecure (better a mode with an IV like GCM), as is key derivation via a cryptographic hash function (better a reliable key derivation function like PBKDF2) and the broken MD5 as such (better SHA256). TripleDES is deprecated and slow (better AES).
var key16 = crypto.createHash('md5').update(passphrase).digest();
var decipher = crypto.createDecipheriv("des-ede-ecb", key16, null);
var decrypted = decipher.update(ciphertext, "base64", "utf8") + decipher.final("utf8");