I have a code in Java in which encryption has been done as follows:
String encrypted = "mPgzvJKbSFgP6nRRHNlTufscZiChL2KUYaNeSF27+Dg=";
String key = "9d6ea4d3e6f8c4f8";
String salt = "1c5dd32d7ba54bdd";
String transform = "AES/CBC/ISO10126PADDING";
IvParameterSpec ivspec = new IvParameterSpec(salt.getBytes());
SecretKey secretKey = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance(transform);
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivspec);
byte[] encryptedBytes = DatatypeConverter.parseBase64Binary(encrypted); // hash to byte[]
byte[] data = cipher.doFinal(encryptedBytes);
System.out.println(new String(data));
Now, I need to decrypt it in javascript. The code I wrote is:
var key = '9d6ea4d3e6f8c4f8';
var iv = '1c5dd32d7ba54bdd';
var options = {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Iso10126};
alert("key + " + key);
alert("iv + " + iv);
var encrypted = 'mPgzvJKbSFgP6nRRHNlTufscZiChL2KUYaNeSF27+Dg=';
alert("encrypted + " + encrypted);
alert("encrypted.toString() = " + encrypted.toString());
var decrypyted = CryptoJS.AES.decrypt(encrypted.toString(), key, options );//error in this line.
alert(decrypyted);
alert(decrypyted.toString(CryptoJS.enc.Utf8));
The encryption is working properly and when I try decrypting the encrypted string using javascript, I am getting an error. The JS stops working once I execute the decrypt function. Any idea what am I doing wrong?
Related
I have this code in java
String data = "private-key";
System.out.println("data: " + data);
//create Cipher
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
//generate key
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(256);
SecretKey skey = keyGenerator.generateKey();
System.out.println("skey: " + new String(Base64.getEncoder().encode(skey.getEncoded())));
//generate iv
byte[] biv = new byte[12];
SecureRandom random = new SecureRandom();
random.nextBytes(biv);
System.out.println("biv: " + new String(Base64.getEncoder().encode(biv)));
//init
GCMParameterSpec spec = new GCMParameterSpec(128, biv);
cipher.init(Cipher.ENCRYPT_MODE, skey, spec);
//encrypt
byte[] encryption = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8));
byte[] be = Base64.getEncoder().encode(encryption);
System.out.println("encryption: " + new String(be, StandardCharsets.UTF_8));
//decrypt
cipher.init(Cipher.DECRYPT_MODE, skey, spec);
byte[] decryption = cipher.doFinal(encryption);
System.out.println("origin: " + new String(decryption, StandardCharsets.UTF_8));
And I want to translate this code in PHP(I want to share infos between java app and php app).
In PHP I managed this:
$data = "private-key";
$skey = random_bytes(32);
$biv = random_bytes(12);
//encrypt
$encryption = openssl_encrypt($data, 'aes-128-gcm', $skey, OPENSSL_NO_PADDING, $biv);
echo "encryption: " . base64_encode($encryption) . "<br>";
//decrypt
$origin = openssl_decrypt($encryption, "aes-128-gcm", $skey, OPENSSL_NO_PADDING, $biv);
echo "origin: " . $origin;
But I get error in PHP at openssl_encrypt:
Warning: openssl_encrypt(): A tag should be provided when using AEAD mode and I have no idea how to fix it.
Encryption done in java using AES and wanted to decrypt in Python, but the result is empty in python (no errors).
See the code before marking as duplicate. I want to detect problem in my code.
java encryption code:
public static String encrypt(String plainText) throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
SecretKey secretKey = keyGenerator.generateKey();
String keyStr = Base64.encodeToString(secretKey.getEncoded(), Base64.NO_WRAP);
byte[] initVector = new byte[16];
(new Random()).nextBytes(initVector);
IvParameterSpec iv = new IvParameterSpec(initVector);
SecretKeySpec skeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] plainTextByte = plainText.getBytes();
byte[] encryptedByte = cipher.doFinal(plainTextByte);
byte[] messagebytes = new byte[initVector.length + encryptedByte.length];
System.arraycopy(initVector, 0, messagebytes, 0, 16);
System.arraycopy(encryptedByte, 0, messagebytes, 16, encryptedByte.length);
return Base64.encodeToString(messagebytes, Base64.NO_WRAP);
}
Python code
def decrypt(key, message):
"""
Input encrypted bytes, return decrypted bytes, using iv and key
"""
byte_array = message.encode("UTF-8")
iv = byte_array[0:16] # extract the 16-byte initialization vector
messagebytes = byte_array[16:] # encrypted message is the bit after the iv
cipher = AES.new(key.encode("UTF-8"), AES.MODE_CBC, iv)
decrypted_padded = cipher.decrypt(messagebytes)
decrypted = unpad(decrypted_padded)
return decrypted.decode("UTF-8");
I see that the Java is explicitly encoding the string as Base 64 at return Base64.encodeToString(messagebytes, Base64.NO_WRAP);
But i see that you are again encoding in python byte_array = message.encode("UTF-8") where in you will have to decode the encrypted message
# Standard Base64 Decoding
decodedBytes = base64.b64decode(encodedStr)
decodedStr = str(decodedBytes, "utf-8")
And only then Decrypt the decoded message.
I have encrypt the file using node.js and decrypt in JAVA. Decryption is done in JAVA using "AES/GCM/Nopadding" algorithm and it is third party app hence I cannot see the JAVA code.
I am encrypting the payload in node.js using "aes-128-gcm" algorithm.
for this, I am try mimicking a working java encryption code
I have tried with crypto and node-forge.
iam getting the output but am getting an error "Bad encryption - payload is not encrypted properly" when submitting payload.
pleas help me to find what I did wrong in this code.
working code in java
public void encrypt(#NonNull final byte[] payload, #NonNull final byte[] key) throws GeneralSecurityException
{
SecretKeySpec codingKey = new SecretKeySpec(key, AES);
Cipher cipher = AEC_GCM_THREAD_CIPHER.get();
byte[] iv = new byte[cipher.getBlockSize()];
RANDOM.nextBytes(iv);
cipher.init(Cipher.ENCRYPT_MODE, codingKey, new IvParameterSpec(iv));
final byte[] encryptedPayload = cipher.doFinal(payload);
byte[] encryptMerchantKey = encryptMerchantKey(key);
String payloadFinal = encodeToUrlString(encryptedPayload); // final payload
String ivFinal = encodeToUrlString(iv); // final iv
String keyFinal = encodeToUrlString(encryptMerchantKey); // final key
System.out.println("Payload");
System.out.println(payloadFinal);
System.out.println("iv");
System.out.println(ivFinal);
System.out.println("key");
System.out.println(keyFinal);
}
code iam tried in node js
function encrypt(payload) {
let key = forge.random.getBytesSync(16);
let iv = forge.random.getBytesSync(16);
let cipher = forge.cipher.createCipher("AES-GCM", key);
cipher.start({ iv: iv});
cipher.update(forge.util.createBuffer(payload));
cipher.finish();
let encrypted = forge.util.encode64(cipher.output.getBytes());
let tag = forge.util.encode64(cipher.mode.tag.getBytes());
let iv64 = forge.util.encode64(iv);
let encryptedPayload = encrypted+tag;
//RSA Encryption
encryptedkey = RSAencrypt(forge.util.encode64(key));
return {
"payload" : base64url.fromBase64(encryptedPayload) ,
"iv" : base64url.fromBase64(iv64).length,
"key" : base64url.fromBase64(encryptedkey)
};
}
Rsa description is working fine abling to decrypt the key.
some problem with aes encryption. as see the code, I added auth tag and encrypted data together but no use.
I have complete example of encryption and decryption in angular and java you can take this example as it is and make changes according to you.
Install node-forge with command "npm install node-forge".
encrypt(msg, pass) {
const key = CryptoJS.lib.WordArray.random(8).toString();
const iv = CryptoJS.lib.WordArray.random(8).toString();
// encrypt some bytes using GCM mode
const cipher = forge.cipher.createCipher('AES-GCM', key);
cipher.start({
iv: iv,
additionalData: 'nvn', // optional
tagLength: 128 // optional, defaults to 128 bits
});
cipher.update(forge.util.createBuffer(msg));
cipher.finish();
const encrypted = cipher.output;
const encodedB64 = forge.util.encode64(encrypted.data);
const tag = cipher.mode.tag;
const tagB64 = forge.util.encode64(tag.data);
// outputs encrypted hex
const trasmitmsg = key+iv+tagB64+encodedB64;
return trasmitmsg
}
I have used CryptoJS to generate random string because random of node-forge giving nontransferable strings.
java code to decrypt this trasmitmsg is
public String getDecrypt(String transmsg) throws Exception {
String keyString = transmsg.substring(0, 16);
String ivString = transmsg.substring(16, 32);
String additionalString = transmsg.substring(32, 56);
String cipherString = transmsg.substring(56);
byte[] keyBytes = keyString.getBytes();
SecretKey key = new SecretKeySpec(keyBytes, "AES");
byte[] ivBytes = ivString.getBytes();
byte[] one = Base64.getDecoder().decode(cipherString);
byte[] two = Base64.getDecoder().decode(additionalString);
byte[] cipherText = ArrayUtils.addAll(one, two);
return decrypt(cipherText, key, ivBytes);
}
public static String decrypt(byte[] cipherText, SecretKey key, byte[] IV) throws Exception {
// Get Cipher Instance
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
// Create SecretKeySpec
SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");
// Create GCMParameterSpec
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH , IV);
// Initialize Cipher for DECRYPT_MODE
cipher.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);
cipher.updateAAD("nvn".getBytes());
byte[] decryptedText = cipher.doFinal(cipherText);
return new String(decryptedText);
}
Cheers!!!
The problem was with forge buffer it need to convert to node buffer
this code is working now. thanks, #Maarten Bodewes for the advice.
function encrypt(payload) {
//initialize forge random buffer
var key = forge.random.getBytesSync(16);
var iv = forge.random.getBytesSync(16);
let cipher = forge.cipher.createCipher("AES-GCM", key);
cipher.start({iv : iv});
cipher.update(forge.util.createBuffer(payload));
cipher.finish();
let encrypted = cipher.output.data;
let tag = cipher.mode.tag.data;
let encryptedLoad = encrypted+tag;
// node buffer and forge buffer differ, so the forge buffer must be converted to node Buffer
iv = Buffer.from(iv, "binary");
encryptedLoad = Buffer.from(encryptedLoad, "binary");
//Calling RSA Encryption
encryptedKey = RSAencrypt(key);
return {
"payload" : base64url(encryptedLoad) ,
"iv" : base64url(iv),
"key" : base64url.fromBase64(encryptedKey)
};
}
I'm currently using AES/GCM/NoPadding to perform cipher operations.
My encryption code:
fun encrypt(plainText: ByteArray, key: Key): ByteArray? {
var resultText: ByteArray? = null
try {
val cipher = Cipher.getInstance(ALGORITHM)
cipher.init(Cipher.ENCRYPT_MODE, key)
val cipherText = cipher.doFinal(plainText)
resultText = ByteBuffer.allocate(1 + cipher.iv.size + cipherText.size)
.put(cipher.iv.size.toByte())
.put(cipher.iv)
.put(cipherText)
.array()
} catch (e : Exception) {
Logger.e(TAG, "Error encrypting plain text", e)
}
return resultText
}
My decryption code:
fun decrypt(cipherTextWithHeaders: ByteArray, key: Key): ByteArray? {
var plainText: ByteArray? = null
try {
val cipher = Cipher.getInstance(ALGORITHM)
val ivSize = cipherTextWithHeaders[0].toInt()
val iv = ByteArray(ivSize)
System.arraycopy(cipherTextWithHeaders, 1, iv, 0, ivSize)
cipher.init(Cipher.DECRYPT_MODE, key, GCMParameterSpec(ivSize * 8, iv))
val headerLen = 1 + ivSize
val cipherText = ByteArray(cipherTextWithHeaders.size - headerLen)
System.arraycopy(cipherTextWithHeaders, headerLen, cipherText, 0, cipherTextWithHeaders.size - headerLen)
plainText = cipher.doFinal(cipherText)
} catch (e : Exception) {
Logger.e(TAG, "Error decrypting cipher text", e)
}
return plainText
}
I get this exception while doing doFinal in decrypt method above:
javax.crypto.IllegalBlockSizeException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:519)
at javax.crypto.Cipher.doFinal(Cipher.java:1736)
I tried the below option during encryption:
val temp = ByteArray(12)
SecureRandom().nextBytes(temp)
cipher.init(Cipher.ENCRYPT_MODE, key, GCMParameterSpec(96, temp))
But this throws the below error:
java.security.InvalidAlgorithmParameterException: Caller-provided IV not permitted
at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:85)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:148)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2659)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2570)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2475)
at javax.crypto.Cipher.chooseProvider(Cipher.java:566)
at javax.crypto.Cipher.init(Cipher.java:973)
at javax.crypto.Cipher.init(Cipher.java:908)
The GCM auth tag length is not related to the IV length. The standard for AES-GCM is actually 12-bytes IV and 128 bits GCM tag, see RFC 5288, Section 3.
Example:
String input = "abcdef";
byte[] key = new byte[16];
(new SecureRandom()).nextBytes(key);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"));
byte[] ciphertext = cipher.doFinal(input.getBytes());
byte[] iv = cipher.getIV();
GCMParameterSpec gcmspec = cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
System.out.println("ciphertext: " + ciphertext.length + ", IV: " + iv.length + ", tLen: " + gcmspec.getTLen());
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new GCMParameterSpec(128, iv));
byte[] plaintext = cipher.doFinal(ciphertext);
System.out.println("plaintext : " + new String(plaintext));
Prints:
ciphertext: 22, IV: 12, tLen: 128
plaintext : abcdef
Try changing GCMParameterSpec(ivSize * 8, iv) to GCMParameterSpec(128, iv).
Though the issue could also be outside, i.e. the ciphertext could be badly encoded or cut off somewhere. Check cipherText.length.
java.security.InvalidAlgorithmParameterException: Caller-provided IV not permitted
That is a limitation of the Android crypto implementation; it wants to generate the IV itself during encryption.
I have an encryption method that works well and passes me an encrypted String.
KeySpec keySpec = new PBEKeySpec(encryptionPassword.toCharArray(), salt, iterations);
SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec);
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterations);
//encryption
Cipher encoder = Cipher.getInstance(key.getAlgorithm());
encoder.init(Cipher.ENCRYPT_MODE, key, paramSpec);
String str_to_encrypt = "Hello";
byte[] enc = encoder.doFinal(str_to_encrypt.getBytes("UTF8"));
System.out.println("encrypted = " + DatatypeConverter.printBase64Binary(enc));
output: encrypted = vjXsSX0cBNc=
However I also wish to Decrypt this String I've recieved, I am having trouble with this however, especially the reverse of getBytes and printBase64Binary.
This is the first time I have attempted to decrypt, so I used a lot of Googling, I found that 'parseBase64Binary' could get bytes from a string, with 'new String(dec, "US-ASCII") then turning the bytes into a string...somewhere something went askew.
//decryption
Cipher encoder = Cipher.getInstance(key.getAlgorithm());
encoder.init(Cipher.DECRYPT_MODE, key, paramSpec);
String str_to_decrypt = "vjXsSX0cBNc=";
byte[] dec = DatatypeConverter.parseBase64Binary(str_to_decrypt);
System.out.println("decrypted = " + new String(dec, "UTF8"));
output: decrypted = ?5?I}?
The only thing I can think of is that I haven't actually decrypted the string properly, as I have not used encoder.doFinal anywhere... somewhat stumped as to where to use it.
EDIT: Answered own question for completeness, all sorted!
Played around a bit more, I was right in saying I hadn't properly decrypted the String as I hadn't used encoder.doFinal... trial and error led me to this:
String str_to_decrypt = "vjXsSX0cBNc=";
byte[] dec = encoder.doFinal(DatatypeConverter.parseBase64Binary(str_to_decrypt));
System.out.println("decrypted = " + new String(dec, "UTF8"));
output: decrypted = Hello