Geek Answers Handbook

Java encryption and Javascript decryption

I am trying to encrypt data in java and decrypt it in javascript. There is already a similar question in SO, but for me this does not work.

My question is - The ciphertext given by the Java code is not decrypted by Javascript. I hardcoded the ciphertext and key in my JS below.

PS I know that decryption in the user interface is useless, since the Key will be visible, and any user can decode the code. But my requirement to do this is to bypass the penetration testing tool. Therefore, please suggest how this can be done.

Java code is

import java.security.Key; import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; public class Crypt { private static final String ALGO = "AES"; private static final byte[] keyValue = new byte[] { 'A', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k','l', 'm', 'n', 'o', 'p'}; public static String encrypt(String Data) throws Exception { Key key = generateKey(); String keyForJS = Base64.encodeBase64String(keyValue); System.out.println("Key2 = " + keyForJS); Cipher c = Cipher.getInstance(ALGO); c.init(Cipher.ENCRYPT_MODE, key); byte[] encVal = c.doFinal(Data.getBytes()); String encryptedValue = Base64.encodeBase64(encVal).toString(); return encryptedValue; } private static Key generateKey() throws Exception { Key key = new SecretKeySpec(keyValue, ALGO); return key; } public static void main(String a[]) throws Exception { System.out.println("Encryption = " + Crypt.encrypt("Test")); } }

executing the above code in eclipse generates the following output -

Key2 = [B @ 670b5064

Encryption = [B @ 3c8b22e5

Now I will use this data for my JS code

 <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script> var base64Key = "[ B@670b5064 "; // This is the output key from Java var key = CryptoJS.enc.Base64.parse(base64Key); var decryptedData = CryptoJS.AES.decrypt( "[ B@3c8b22e5 ", key, { // This is the Output text from Java mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 } ); var decryptedText = decryptedData.toString( CryptoJS.enc.Utf8 ); console.log( "decryptedText = " + decryptedText );

JS code output -

decryptedText - (empty, nothing is displayed). Please find JS Fiddle - http://jsfiddle.net/achyut/pKNzV/11/

+1
javascript cryptography aes cryptojs
source share
1 answer

You have not listened to GregS comments, so I will do all the work for you:

HTML script:

 <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script> <body> <pre id="output"></pre> </body>

and JavaScript, which solves the problem, is basically just a GregS comment and an output function.

 function out() { var args = Array.prototype.slice.call(arguments, 0); document.getElementById('output').innerHTML += args.join("") + "\n"; } out("decrypted text: "); var base64Key = "QWJjZGVmZ2hpamtsbW5vcA=="; var key = CryptoJS.enc.Base64.parse(base64Key); var decryptedData = CryptoJS.AES.decrypt("lxbdRfoav/6UW/yZtuQM9X1qaI7qZLyuPWgmwPkti/Ayl4CpiPEAMklpaq74BU/U/MxxLgDz4CMs/jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on/fdkkLLRMkIFYyBXRTLb/Q1Y85jzbRTOpTG50EjOxMZFlQ=", key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8); out("decryptedText = " + decryptedText); 6UW / yZtuQM9X1qaI7qZLyuPWgmwPkti / Ayl4CpiPEAMklpaq74BU / U / MxxLgDz4CMs / jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on / fdkkLLRMkIFYyBXRTLb / Q1Y85jzbRTOpTG50EjOxMZFlQ =", key, { function out() { var args = Array.prototype.slice.call(arguments, 0); document.getElementById('output').innerHTML += args.join("") + "\n"; } out("decrypted text: "); var base64Key = "QWJjZGVmZ2hpamtsbW5vcA=="; var key = CryptoJS.enc.Base64.parse(base64Key); var decryptedData = CryptoJS.AES.decrypt("lxbdRfoav/6UW/yZtuQM9X1qaI7qZLyuPWgmwPkti/Ayl4CpiPEAMklpaq74BU/U/MxxLgDz4CMs/jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on/fdkkLLRMkIFYyBXRTLb/Q1Y85jzbRTOpTG50EjOxMZFlQ=", key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8); out("decryptedText = " + decryptedText);

You can run the script here , and you can find hints regarding the exit here .

+1
source share

More articles:


All Articles