dongwo5589
dongwo5589
2016-08-11 07:40

在JavaScript中使用CryptoJS和AES加密进行AES加密的不同输出

已采纳

Here is my solution to PHP, Ruby & Swift.

I faced issues when using CryptoJS on my test.

my code is like this

var data = "Hello World";
var key = "57119C07F45756AF6E81E662BE2CCE62";
var iv = "GsCJsm/uyxG7rBTgBMrSiA==";

var encryptedData = CryptoJS.AES.encrypt(data, 
    CryptoJS.enc.Hex.parse(key), {
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7,
        iv: CryptoJS.enc.Base64.parse(iv) 
    }
);

console.log("encryptedData: " + encryptedData);

// var crypttext = encryptedData.toString();
var crypttext = "k4wX2Q9GHU4eU8Tf9pDu+w==";

var decryptedData = CryptoJS.AES.decrypt({
    ciphertext: CryptoJS.enc.Base64.parse(crypttext) 
}, CryptoJS.enc.Hex.parse(key), {
    mode: CryptoJS.mode.CBC,
    padding: CryptoJS.pad.Pkcs7,
    iv: CryptoJS.enc.Base64.parse(iv) 
});

console.log("decryptedData: " + decryptedData);

console.log result

encryptedData: 97SwKfGtNARERiSYyZxdAQ==

decryptedData:

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dougu3290 dougu3290 5年前

    I've looked at your PHP code. You're using a 32 character key which is obviously Hex-encoded, but instead of decoding it to bytes, you're using the characters directly. Therefore the aes-256-cbc cipher is also wrong.

    If you don't want to change your misleading PHP code, you can simply make the same mistake in CryptoJS: CryptoJS.enc.Utf8.parse(key) instead of CryptoJS.enc.Hex.parse(key).


    Security considerations:

    The IV must be unpredictable (read: random). Don't use a static IV, because that makes the cipher deterministic and therefore not semantically secure. An attacker who observes ciphertexts can determine when the same message prefix was sent before. The IV is not secret, so you can send it along with the ciphertext. Usually, it is simply prepended to the ciphertext and sliced off before decryption.

    It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme.

    点赞 评论 复制链接分享