I'm updating my old function to encrypt password since createCipher is deprecated.
Here are my old functions:
encrypt(payload) {
let AES192 = crypto.createCipher('aes192', Buffer.from(config.secret))
let crypted = AES192.update(payload, 'utf8', 'hex')
crypted += AES192.final('hex')
return crypted
},
decrypt(payload) {
let AES192 = crypto.createDecipher('aes192', Buffer.from(config.secret))
let decrypted = AES192.update(payload, 'hex', 'utf8')
decrypted += AES192.final('utf8')
return decrypted
}
Here is what I tried to do:
encrypt(payload) {
const iv = crypto.randomBytes(96)
const cipher = crypto.createCipheriv('aes192', Buffer.from(config.secret, 'hex'), iv)
const encrypted = cipher.update(payload)
encrypted = Buffer.concat([encrypted, cipher.final()])
return iv.toString('hex') + ':' + encrypted.toString('hex')
},
decrypt(payload) {
let textParts = payload.split(':')
let iv = Buffer.from(textParts.shift(), 'hex')
let encryptedText = Buffer.from(textParts.join(':'), 'hex')
let decipher = crypto.createDecipheriv('aes192', Buffer.from(config.secret, 'hex'), iv)
let decrypted = decipher.update(encryptedText)
decrypted = Buffer.concat([decrypted, decipher.final()])
return decrypted.toString()
}
But I got this error when I try to do it:
Error: Invalid IV length
at Cipheriv.createCipherBase (internal/crypto/cipher.js:103:19)
at Cipheriv.createCipherWithIV (internal/crypto/cipher.js:121:20)
at new Cipheriv (internal/crypto/cipher.js:225:22)
at Object.createCipheriv (crypto.js:119:10)
For this line I tried multiple values like 12, 16, 32, 124 etc. But none are working
const iv = crypto.randomBytes(96)
AES-192 (and for that matter AES-128 and AES-256) all use a 128 bit block length, so the IV should also be 128 bits, or 16 bytes. It's weird that you tried 16 as the length; at any rate this code is working for me:
function encrypt(payload) {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes192', Buffer.from(config.secret, 'hex'), iv)
let encrypted = cipher.update(payload)
encrypted = Buffer.concat([encrypted, cipher.final()])
return iv.toString('hex') + ':' + encrypted.toString('hex')
}
I'm assuming config looks like this:
{ secret: 'dc8a453e728fc19398178797e2c39067e1965f2061220257' }
Related
I am trying to encrypt a string with des-ede3-cbc algorithm
My base64 password is sq7HjrUOBfKmC576ILgskD5srU870gJ7, the message I want to encrypt is 06080232580 the result I should have in hexadecimal is a5334014a4f010c8779cef789886c123
First try
const iv = Buffer.alloc(8);
const cipher = crypto.createCipheriv('des-ede3-cbc', Buffer.from('sq7HjrUOBfKmC576ILgskD5srU870gJ7', 'base64'), iv);
let ciph = cipher.update('06080232580', 'utf8', 'hex');
ciph += cipher.final('hex');
console.log(ciph);
The result is a5334014a4f010c8300101ae242354de
An other test
let shortkey = Buffer.from('06080232580', 'utf8');
let key = Buffer.alloc(24);
key.fill('\0');
for (i = 0; i < shortkey.length; i++) {
key[i] = shortkey[i];
}
let IV = Buffer.alloc(8);
const cipher = crypto.createCipheriv('des-ede3-cbc', key, IV);
password = Buffer.from('sq7HjrUOBfKmC576ILgskD5srU870gJ7', 'base64');
let encryptedArr = [cipher.update(password)];
encryptedArr.push(cipher.final());
encrypted = Buffer.concat(encryptedArr);
console.log(encrypted.toString('hex'));
The result is 6f6b59b6c3ea45592bedbd86db4f31cc5da23d85e2ff773940aaa39e2efdc4ae
Y have my old code working in php
<?php
$message = "06080232580";
$key = base64_decode("sq7HjrUOBfKmC576ILgskD5srU870gJ7");
$l = ceil(strlen($message) / 8) * 8;
$message = $message.str_repeat("\0", $l - strlen($message));
$result = substr(openssl_encrypt($message, 'des-ede3-cbc', $key, OPENSSL_RAW_DATA, "\0\0\0\0\0\0\0\0"), 0, $l);
echo implode(unpack("H*", $result));
The result id a5334014a4f010c8779cef789886c123
Found the solution
let shortkey = Buffer.from('06080232580', 'utf8');
let key = Buffer.alloc(16);
key.fill('\0');
for (i = 0; i < shortkey.length; i++) {
key[i] = shortkey[i];
}
let IV = Buffer.alloc(8);
const password = Buffer.from('sq7HjrUOBfKmC576ILgskD5srU870gJ7', 'base64');
const cipher = crypto.createCipheriv('des-ede3-cbc', password, IV);
cipher.setAutoPadding(false)
let encryptedArr = [cipher.update(key)];
encryptedArr.push(cipher.final());
encrypted = Buffer.concat(encryptedArr);
console.log(encrypted.toString('hex'));
I have the following encrypt function in JAVA. I am trying to write the same encryption in Node.js using cipher from crypto. But, the output is not the same. It is using the same key and input.
JAVA
public static String encrypt(String input, String key) {
byte[] crypted = null;
try {
SecretKeySpec skey = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skey);
crypted = cipher.doFinal(input.getBytes());
} catch (Exception e) {
System.out.println(e.toString());
}
String result = new String(Base64.encodeBase64(crypted));
return result.replace("+", "-");
}
Sample output: 0HCkcjWj/PoCZ4ZUFJARs/m4kstigMFk8dQnT0uNhog= (44 characters)
Node.js
encrypt = (input, key) => {
const algorithm = 'aes-128-cbc';
key = crypto.scryptSync(key, 'salt', 16);
const iv = Buffer.alloc(16, 0);
const cipher = crypto.createCipheriv(algorithm, key, iv);
cipher.setAutoPadding(true);
let encrypted = cipher.update(input, 'utf8', 'base64');
encrypted += cipher.final('base64');
return encrypted.replace('+','-');
}
Sample output: ZHtEbAhrIo7vWOjdMNgW6Q== (24 characters)
Thanks in advance.
So that the NodeJS code is functionally identical to the Java code, in the NodeJS code:
ECB mode must be used instead of CBC mode:
const algorithm = 'aes-128-ecb';
...
//const iv = Buffer.alloc(16, 0); // remove
const cipher = crypto.createCipheriv(algorithm, key, null);
Note, however, that ECB doesn't use an IV, is generally insecure and should therefore not be used, [1].
Better alternatives are CBC mode (confidentiality) or GCM mode (confidentiality, authenticity/integrity), [2], [3].
No key derivation function may be applied [4], i.e. the following line must be removed:
key = crypto.scryptSync(key, 'salt', 16);
Assuming this is my encrypt and decrypt function using native crypto from node.js.
var algo = 'aes-256-cbc';
var algoSecret = 'mySecret';
var encrypt = function(secret){
var cipher = require('crypto').createCipher(algo,algoSecret);
var crypted = cipher.update(secret,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
var decrypt = function(text){
var decipher = require('crypto').createDecipher(algo,algoSecret);
var dec = decipher.update(text,'hex','utf8');
dec += decipher.final('utf8');
return dec;
}
I have to encrypt data of length 20. However, the first 8 chars are always the same and known by everyone. Ex: Always starts with api-key=. Does including or removing the 8 first chars affect the security of the system?
Ex: encrypt('api-key=askjdhaskdhaskd') vs 'api-key=' + encrypt('askjdhaskdhaskd')
Does including or removing the 8 first chars affect the security of the system?
Yes, but only slightly.
CBC mode with a static IV is deterministic, which means that an attacker who only observes ciphertexts can determine if the same plaintext prefix was sent before. Since the first 8 bytes are known to be static, the chance for the next 8 bytes of the first block are much more probable to equal another API key, which does not necessarily match in its entirety. Whether this information is useful to the attacker is a completely different question.
It would be better to always generate an unpredictable (read: random) IV for CBC mode instead of relying on the same IV that is derived from a password. An IV is always 16 bytes or 32 hex-encoded characters long for AES regardless of key size.
Some example code:
var crypto = require('crypto');
var algo = 'aes-256-cbc';
var algoSecret = 'mySecret';
var key = crypto.pbkdf2Sync(algoSecret, 'salt', 1000, 256, 'sha256');
// the key can also be stored in Hex in order to prevent PBKDF2 invocation
var encrypt = function(secret){
var iv = crypto.randomBytes(16);
var cipher = crypto.createCipheriv(algo, key, iv);
var crypted = cipher.update(secret,'utf8','hex')
crypted += cipher.final('hex');
return iv.toString('hex') + crypted;
}
var decrypt = function(text){
var iv = new Buffer(text.slice(0, 32), 'hex');
text = text.slice(32);
var decipher = crypto.createDecipheriv(algo, key, iv);
var dec = decipher.update(text,'hex','utf8');
dec += decipher.final('utf8');
return dec;
}
This is still not enough, because this code might be vulnerable to the padding oracle attack depending on your communication architecture. You should authenticate the ciphertexts with a message authentication code (MAC). A popular choice is HMAC-SHA256 for "encrypt-then-MAC".
var crypto = require('crypto');
var algo = 'aes-256-cbc';
var algoSecret = 'mySecret';
var key = crypto.pbkdf2Sync(algoSecret, 'salt', 1000, 512, 'sha512');
var keyMac = key.slice(32);
var keyEnc = key.slice(0, 32);
var encrypt = function(secret){
var iv = crypto.randomBytes(16);
var cipher = crypto.createCipheriv(algo, keyEnc, iv);
var crypted = cipher.update(secret,'utf8','hex')
crypted += cipher.final('hex');
var ct = iv.toString('hex') + crypted;
var hmac = crypto.createHmac('sha256', keyMac);
hmac.update(ct);
return ct + hmac.digest('hex');
}
var decrypt = function(text){
var hmac = crypto.createHmac('sha256', keyMac);
hmac.update(text.slice(0, -64));
if (hmac.digest('hex') !== text.slice(-64)) { // TODO: contant-time comparison
// TODO: do some decoy decryption
return false;
}
var iv = new Buffer(text.slice(0, 32), 'hex');
text = text.slice(32, -64);
var decipher = crypto.createDecipheriv(algo, keyEnc, iv);
var dec = decipher.update(text,'hex','utf8');
dec += decipher.final('utf8');
return dec;
}
Using this Gist I was able to successfully decrypt AES256 in Node.js 0.8.7. Then when I upgraded to Node.js 0.10.24, I now see this error:
TypeError: error:0606506D:digital envelope
routines:EVP_DecryptFinal_ex:wrong final block length
at Decipheriv.Cipher.final (crypto.js:292:27)
Here is the decrypt code from the Gist (shown here for convenience):
var crypto = require('crypto');
var AESCrypt = {};
AESCrypt.decrypt = function(cryptkey, iv, encryptdata) {
encryptdata = new Buffer(encryptdata, 'base64').toString('binary');
var decipher = crypto.createDecipheriv('aes-256-cbc', cryptkey, iv),
decoded = decipher.update(encryptdata);
decoded += decipher.final();
return decoded;
}
AESCrypt.encrypt = function(cryptkey, iv, cleardata) {
var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv),
encryptdata = encipher.update(cleardata);
encryptdata += encipher.final();
encode_encryptdata = new Buffer(encryptdata, 'binary').toString('base64');
return encode_encryptdata;
}
var cryptkey = crypto.createHash('sha256').update('Nixnogen').digest(),
iv = 'a2xhcgAAAAAAAAAA',
buf = "Here is some data for the encrypt", // 32 chars
enc = AESCrypt.encrypt(cryptkey, iv, buf);
var dec = AESCrypt.decrypt(cryptkey, iv, enc);
console.warn("encrypt length: ", enc.length);
console.warn("encrypt in Base64:", enc);
console.warn("decrypt all: " + dec);
Ok, so there was a change to Crypto in the switch from 0.8 to 0.10 Crypto methods return Buffer objects by default, rather than binary-encoded strings
This means the above code needs to specify encodings.
These four lines:
decoded = decipher.update(encryptdata);
decoded += decipher.final();
encryptdata = encipher.update(cleardata);
encryptdata += encipher.final();
Are changed to:
decoded = decipher.update(encryptdata, 'binary', 'utf8');
decoded += decipher.final('utf8');
encryptdata = encipher.update(cleardata, 'utf8', 'binary');
encryptdata += encipher.final('binary');
This worked for me, but I am open to other suggestions.
As your answer states, those functions work with Buffers now unless you specify an encoding. That said, you'd be better off avoiding binary encoded strings entirely and treat everything as Buffers until you strictly need a string for something. This way you can also use your encryption helpers to process non-text content.
var crypto = require('crypto');
var AESCrypt = {};
AESCrypt.decrypt = function(cryptkey, iv, encryptdata) {
var decipher = crypto.createDecipheriv('aes-256-cbc', cryptkey, iv);
return Buffer.concat([
decipher.update(encryptdata),
decipher.final()
]);
}
AESCrypt.encrypt = function(cryptkey, iv, cleardata) {
var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv);
return Buffer.concat([
encipher.update(cleardata),
encipher.final()
]);
}
var cryptkey = crypto.createHash('sha256').update('Nixnogen').digest(),
iv = new Buffer('a2xhcgAAAAAAAAAA'),
buf = new Buffer("Here is some data for the encrypt"), // 32 chars
enc = AESCrypt.encrypt(cryptkey, iv, buf);
var dec = AESCrypt.decrypt(cryptkey, iv, enc);
console.warn("encrypt length: ", enc.length);
console.warn("encrypt in Base64:", enc.toString('base64'));
console.warn("decrypt all: " + dec.toString('utf8'));
My issue was that the string I was passing to my decrypt function was empty. I built in a check for empty strings and I did not receive the message again.
decrypt: function(text){
if(text.length == 0){
return text;
}
return this.decipher.update(text, 'hex', 'utf8') + this.decipher.final('utf8');
}
var cardInfo = "<Card><CVV></CVV><CardNumber></CardNumber><ExpMonth></ExpMonth><ExpYear></ExpYear><Member></Member></Card>"
function genKeyPair(passphrase){
var iv = crypto.createHash('md5').update(passphrase).digest('hex').substring(0, 8)
var key = crypto.createHash('md5').update(passphrase).digest('hex').substring(0, 24)
return {
key: key,
iv: iv
}
}
function encrypt3DES(key, vector, data){
var encryptor = crypto.createCipheriv('des3', key, vector)
var raw = new Buffer(data)
encryptor.update(raw)
var encrypted = encryptor.final()
return encrypted
}
function decrypt3DES(key, vector, data){
var decryptor = crypto.createDecipheriv('des3', key, vector)
decryptor.update(data)
var decrypted = decryptor.final()
return decrypted
}
var key = genKeyPair('test')
var data3DES = encrypt3DES(key.key, key.iv, cardInfo)
var decryptedCard = decrypt3DES(key.key, key.iv, data3DES)
So, I get a "bad decrypt" on decryptor.final() and can't figure out why.
Node expects a buffer when encrypting so you see I provide that in the beginning of the encrypt3DES
I put the raw buffer output from encryption straight into the decrypt method
What am I doing wrong here?
DISCLAIMER
No, this is not going to be used in production. I'm just toying around so please hold with the "you don't know what you're doing so you shouldn't do it" talk
The results of update are thrown away in your code:
Returns the enciphered contents, and can be called many times with new data as it is streamed.
The code also uses 3DES ABC keys that do not contain enough entropy (keys should be binary data, not hexadecimals). At least try to use crypto.createCipher(algorithm, password) or try and find an implementation of PBKDF2 in JavaScript.
here is algorithm related key and iv lengths relations, as
DES-ECB Key: 8; IV: 0
DES-CBC Key: 8; IV: 8
DES-CFB Key: 8; IV: 8
DES-CFB1 Key: 8; IV: 8
DES-CFB8 Key: 8; IV: 8
DES-EDE-CBC Key: 16; IV: 8
DES-EDE-CFB Key: 16; IV: 8
DES-EDE-OFB Key: 16; IV: 8
DES-EDE3-CBC Key: 24; IV: 8
DESX-CBC Key: 24; IV: 8
and, this is a runnable example
const crypto = require('crypto');
const iv = '12345678';
const key = '123456'.padEnd(24,'0');
const ivHex = Buffer.from(iv, 'utf8');
const keyHex = Buffer.from(key, 'utf8');
const decrypt = (text)=>{
const cipher = crypto.createDecipheriv('DES-EDE3-CBC', keyHex,ivHex);
let c = cipher.update(text, 'base64','utf8')
c += cipher.final('utf8');
return c;
}
const encrypt = (text)=>{
const cipher = crypto.createCipheriv('DES-EDE3-CBC', keyHex,ivHex);
let c = cipher.update(text, 'utf8' ,'base64');
c+=cipher.final('base64');
return c;
}
const text = '7LBIMxZKDB0=';
const plaintext = decrypt(text);
console.log(plaintext);//123456
const cipherText = encrypt(plaintext);
console.log(cipherText, text === cipherText);//7LBIMxZKDB0= true
hope it helps.