RIJNDAEL 256 Encryption?
1,024 views
Skip to first unread message
Sam Millman
Jul 11, 2010, 5:15:11 AM7/11/10
to nodejs
Hi everyone,
Does anyone know of a node.js module which can give me the php's
method of RIJNDAEL 256 Encryption?
Thanks,
Does anyone know of a node.js module which can give me the php's
method of RIJNDAEL 256 Encryption?
Thanks,
Sam Millman
Jul 11, 2010, 5:26:24 AM7/11/10
to nodejs
Or any encryption module really?
Micheil Smith
Jul 11, 2010, 5:33:37 AM7/11/10
to nod...@googlegroups.com
Try the crypto module that's built into node. I'm not sure exactly what it
can actually do though.
can actually do though.
-- Micheil
BrandedCode.com
> --
> You received this message because you are subscribed to the Google Groups "nodejs" group.
> To post to this group, send email to nod...@googlegroups.com.
> To unsubscribe from this group, send email to nodejs+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/nodejs?hl=en.
>
Sam Millman
Jul 11, 2010, 5:48:59 AM7/11/10
to nodejs
Yea that seems to get me somewhere, hmm need to find some
documentation on it now
documentation on it now
Sam Millman
Jul 11, 2010, 5:59:46 AM7/11/10
to nodejs
You see what confuses me about crypto is that it goes on about openssl
whihc makes me think it only works over ssl?
Thats why I'm confused by it
whihc makes me think it only works over ssl?
Thats why I'm confused by it
Sam Millman
Jul 11, 2010, 6:01:13 AM7/11/10
to nodejs
Or you need some kind of openssl module installed
Micheil Smith
Jul 11, 2010, 6:36:26 AM7/11/10
to nod...@googlegroups.com
You do need libssl, libssl-dev and openssl install for that module to work, but that's only
because openssl already has the encryption methods built in.
because openssl already has the encryption methods built in.
If you look at the modules page on the wiki, then there's a few others under a
Crypto & Security heading, iirc.
Yours
Micheil Smith
--
BrandedCode.com
r...@tinyclouds.org
Jul 12, 2010, 4:43:17 PM7/12/10
to nod...@googlegroups.com
Node doesn't have bindings to that yet.
Panagiotis Astithas
Jul 13, 2010, 5:06:50 AM7/13/10
to nod...@googlegroups.com
There's a pure JavaScript implementation here:
http://www.movable-type.co.uk/scripts/aes.html
--
Panagiotis Astithas
http://www.linkedin.com/in/astithas
Sam Millman
Jul 13, 2010, 10:52:09 AM7/13/10
to nodejs
Yea that looks sexy...hmm too bad it isnt compatible with PHP :(. I
might have to settle for sha1......god don't really wanna
On Jul 13, 10:06 am, Panagiotis Astithas <past...@gmail.com> wrote:
> On Mon, Jul 12, 2010 at 11:43 PM, <r...@tinyclouds.org> wrote:
might have to settle for sha1......god don't really wanna
On Jul 13, 10:06 am, Panagiotis Astithas <past...@gmail.com> wrote:
> On Mon, Jul 12, 2010 at 11:43 PM, <r...@tinyclouds.org> wrote:
Tim Becker
Jul 13, 2010, 11:59:03 AM7/13/10
to nodejs
On Jul 13, 4:52 pm, Sam Millman <sam.mill...@gmail.com> wrote:
> Yea that looks sexy...hmm too bad it isnt compatible with PHP :(. I
> might have to settle for sha1......god don't really wanna
be compatible to any other rijndael implementation regardless of
whether it's written in javascript, php, c, lisp or brainfuck.
SHA1 is something else entirely.
Sam Millman
Jul 13, 2010, 1:11:44 PM7/13/10
to nodejs
I am making a session handler that works over the top of my php
sessions. You see I am expanding my site with node.js so produce a
more complete user experience and one of the things I wish to
implement is a facebook type user session handler (of course theirs
pings their web server, I want to make a node.js only one)
And no mcrypt uses different symbols (in fact none of my strings come
out with letters in) which probably means they use a different version
of the encryption
SHA1 is appropiate for my site but it's not the safest thats why I am
trying to avoid it.
sessions. You see I am expanding my site with node.js so produce a
more complete user experience and one of the things I wish to
implement is a facebook type user session handler (of course theirs
pings their web server, I want to make a node.js only one)
And no mcrypt uses different symbols (in fact none of my strings come
out with letters in) which probably means they use a different version
of the encryption
SHA1 is appropiate for my site but it's not the safest thats why I am
trying to avoid it.
Sam Millman
Jul 13, 2010, 1:14:48 PM7/13/10
to nodejs
Taken from the javascript version:
In other languages: I’ve developed a PHP version which directly
mirrors this JavaScript version; it differs in that PHP has Base64
encoding and UTF-8 encoding built-in, and has no unsigned-right-shift
operator(!), but is otherwise a straightforward port. In other
languages, be sure to use 64-bit integers/longs, either unsigned or
with unsigned right-shift operators; you may need to take into
consideration the way different languages handle bitwise ops, and of
course standard issues such as array handling and strict typing. I’m
not aware of any other issues.
The author has had to develop a php version of his particular method,
this reinforces the idea that it is not the exact same as
php....however it does show that the two are compatible....hmmm it
would not be too hard to change the pw encryption for certain
passwords created after a certain date
In other languages: I’ve developed a PHP version which directly
mirrors this JavaScript version; it differs in that PHP has Base64
encoding and UTF-8 encoding built-in, and has no unsigned-right-shift
operator(!), but is otherwise a straightforward port. In other
languages, be sure to use 64-bit integers/longs, either unsigned or
with unsigned right-shift operators; you may need to take into
consideration the way different languages handle bitwise ops, and of
course standard issues such as array handling and strict typing. I’m
not aware of any other issues.
The author has had to develop a php version of his particular method,
this reinforces the idea that it is not the exact same as
php....however it does show that the two are compatible....hmmm it
would not be too hard to change the pw encryption for certain
passwords created after a certain date
Sam Millman
Jul 13, 2010, 1:17:10 PM7/13/10
to nodejs
I have also found a way I can run a php script within node without
having to contact my webserver...so I might be able to keep my
encryption after all
having to contact my webserver...so I might be able to keep my
encryption after all
Chris Winberry
Jul 13, 2010, 2:32:10 PM7/13/10
to nod...@googlegroups.com
AES is implementation independent. If your PHP encrypted data can't be decrypted in the JS version or vice versa, then one or both implementations are wrong.
Panagiotis Astithas
Jul 13, 2010, 7:23:08 PM7/13/10
to nod...@googlegroups.com
About a year ago I had to make a variation of this library in order to
interoperate with a Java server, and also use the token hash as both
the key and IV. Since your server uses PHP you'd be better off with
the original version, though.
interoperate with a Java server, and also use the token hash as both
the key and IV. Since your server uses PHP you'd be better off with
the original version, though.
> --
> You received this message because you are subscribed to the Google Groups "nodejs" group.
> To post to this group, send email to nod...@googlegroups.com.
> To unsubscribe from this group, send email to nodejs+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/nodejs?hl=en.
>
>
--
Panagiotis Astithas
http://www.linkedin.com/in/astithas
Sam Millman
Jul 14, 2010, 3:10:54 AM7/14/10
to nodejs
Yea I thought that, I'm gonna try the pure js implementation but as
you said I would prolly be better off with PHP's own. The only problem
is the hack to get php to run in node.js is "evil" but if needs must.
you said I would prolly be better off with PHP's own. The only problem
is the hack to get php to run in node.js is "evil" but if needs must.
Sam Millman
Jul 14, 2010, 5:18:08 AM7/14/10
to nodejs
I just read somewhere that PHP is strange with encryption that does
not always do 256 even if you tell it to, so I made a little test
using this code in php:
<?php
$key = "sam";
?>
==========================================<br/>
The key being used is: <?php echo($key) ?><br/>
==========================================<br/>
<?php
$pw = encrypt_string("cheese", $key);
decrypt_string($pw, $key);
function decrypt_string($enpass, $key = null) {
/*
* Decrypts any string given to it
*/
echo("<h1>Now Decrypting Password</h1>");
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo("<p>This is the size of the iv: ".$iv_size."</p>");
echo("<p>This is the iv: ".$iv."</p>");
if($key == null){
$decryptedpass = mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $this->key,
$enpass, MCRYPT_MODE_ECB, $iv);
}else{
$decryptedpass = mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key,
$enpass, MCRYPT_MODE_ECB, $iv);
}
echo("<p>This is the plain text password: ".rtrim($decryptedpass)."</
p>");
return rtrim($decryptedpass);
}
function encrypt_string($pass, $key = null) {
/*
* Encrypts any string given to it
*/
echo("<h1>Now Encrypting Password</h1>");
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo("<p>This is the size of the iv: ".$iv_size."</p>");
echo("<p>this is the iv: ".$iv."</p>");
if($key == null){
$cryptedpass = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $this->key,
$pass, MCRYPT_MODE_ECB, $iv);
}else{
$cryptedpass = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $pass,
MCRYPT_MODE_ECB, $iv);
}
echo("<p>This is the pw: ".$cryptedpass."</p>");
return $cryptedpass;
}
And it returned:
==========================================
The key being used is: sam
==========================================
Now Encrypting Password
This is the size of the iv: 32
this is the iv: @_zÎYÇöœF +î*Ž¦‰g ׸KÛE:=‹ Î4 q
This is the pw: [ £€(,Í “â ÂÍþ @[ nÁˆ.(sÔ[ ø ›±,
Now Decrypting Password
This is the size of the iv: 32
This is the iv: Ì)y7ç » ¿ó"#¬ ö½ßg Uþý}F± vct`”
This is the plain text password: cheese
Which is very weird. It's saying the size is 32bit......WTF??
not always do 256 even if you tell it to, so I made a little test
using this code in php:
<?php
$key = "sam";
?>
==========================================<br/>
The key being used is: <?php echo($key) ?><br/>
==========================================<br/>
<?php
$pw = encrypt_string("cheese", $key);
decrypt_string($pw, $key);
function decrypt_string($enpass, $key = null) {
/*
* Decrypts any string given to it
*/
echo("<h1>Now Decrypting Password</h1>");
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo("<p>This is the size of the iv: ".$iv_size."</p>");
echo("<p>This is the iv: ".$iv."</p>");
if($key == null){
$decryptedpass = mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $this->key,
$enpass, MCRYPT_MODE_ECB, $iv);
}else{
$decryptedpass = mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key,
$enpass, MCRYPT_MODE_ECB, $iv);
}
echo("<p>This is the plain text password: ".rtrim($decryptedpass)."</
p>");
return rtrim($decryptedpass);
}
function encrypt_string($pass, $key = null) {
/*
* Encrypts any string given to it
*/
echo("<h1>Now Encrypting Password</h1>");
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo("<p>This is the size of the iv: ".$iv_size."</p>");
echo("<p>this is the iv: ".$iv."</p>");
if($key == null){
$cryptedpass = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $this->key,
$pass, MCRYPT_MODE_ECB, $iv);
}else{
$cryptedpass = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $pass,
MCRYPT_MODE_ECB, $iv);
}
echo("<p>This is the pw: ".$cryptedpass."</p>");
return $cryptedpass;
}
And it returned:
==========================================
The key being used is: sam
==========================================
Now Encrypting Password
This is the size of the iv: 32
this is the iv: @_zÎYÇöœF +î*Ž¦‰g ׸KÛE:=‹ Î4 q
This is the pw: [ £€(,Í “â ÂÍþ @[ nÁˆ.(sÔ[ ø ›±,
Now Decrypting Password
This is the size of the iv: 32
This is the iv: Ì)y7ç » ¿ó"#¬ ö½ßg Uþý}F± vct`”
This is the plain text password: cheese
Which is very weird. It's saying the size is 32bit......WTF??
Sam Millman
Jul 14, 2010, 5:22:59 AM7/14/10
to nodejs
Oh I is read iv size, it's multiple of 32bits lol..
Sam Millman
Jul 14, 2010, 5:56:45 AM7/14/10
to nodejs
Ah the two look different cos in php you also need to do:
base64_encode(utf8_encode($pass))
in order to get the result you see in the js version
base64_encode(utf8_encode($pass))
in order to get the result you see in the js version
Sam Millman
Jul 14, 2010, 6:11:17 AM7/14/10
to nodejs
Nope tried all three variants, 128, 192 and 256 bit but cant get that
js link to match up with php's built in mcrypt
js link to match up with php's built in mcrypt
Sam Millman
Jul 14, 2010, 6:55:56 AM7/14/10
to nodejs
Ok I actually worked it out, first he encode the plain text and
password and then he does a counter format...only problem is I cant
find a mcrypt function for counter mode...anyone know the answer?
password and then he does a counter format...only problem is I cant
find a mcrypt function for counter mode...anyone know the answer?
Chris Winberry
Jul 14, 2010, 9:13:01 AM7/14/10
to nod...@googlegroups.com
Counter? Do you mean cyclical, as in cyclical block cypher (CBC)?
That 32 length init vector probably means 32 bytes (32 x 8 = 256 bits), btw.
Sam Millman
Jul 14, 2010, 10:03:26 AM7/14/10
to nodejs
Not sure I used CBC but it didn't work and I've reading around and
some say you can access it with:
mcrypt_module_open('rijndael-256', '', 'ctr', '')
It seems to be a pretty hidden thing really.
Tbh this guys version seems pretty steady and authoritative
implementation I might just replace mcrypt with his version.
But yea this is what he says:
mode of operation; here the Counter (ctr) mode of operation – both
simple to implement, and very secure
On Jul 14, 2:13 pm, Chris Winberry <cpt.obvi...@gmail.com> wrote:
> Counter? Do you mean cyclical, as in cyclical block cypher (CBC)?
>
> That 32 length init vector probably means 32 bytes (32 x 8 = 256 bits), btw.
>
> nodejs+un...@googlegroups.com <nodejs%2Bunsu...@googlegroups.com>.>> > > > > > > For more options, visit this group athttp://
>
> groups.google.com/group/nodejs?hl=en.
>
>
> http://groups.google.com/group/nodejs?hl=en.
>
>
>
>
some say you can access it with:
mcrypt_module_open('rijndael-256', '', 'ctr', '')
It seems to be a pretty hidden thing really.
Tbh this guys version seems pretty steady and authoritative
implementation I might just replace mcrypt with his version.
But yea this is what he says:
mode of operation; here the Counter (ctr) mode of operation – both
simple to implement, and very secure
On Jul 14, 2:13 pm, Chris Winberry <cpt.obvi...@gmail.com> wrote:
> Counter? Do you mean cyclical, as in cyclical block cypher (CBC)?
>
> That 32 length init vector probably means 32 bytes (32 x 8 = 256 bits), btw.
>
>
> groups.google.com/group/nodejs?hl=en.
>
> >> > > > > > --
> >> > > > > > Panagiotis Astithashttp://www.linkedin.com/in/astithas
>
> > --
> > You received this message because you are subscribed to the Google Groups
> "nodejs" group.
> > To post to this group, send email to nod...@googlegroups.com.
> > To unsubscribe from this group, send email to
>
> nodejs+un...@googlegroups.com <nodejs%2Bunsu...@googlegroups.com>.> For more options, visit this group at
> >> > > > > > Panagiotis Astithashttp://www.linkedin.com/in/astithas
>
> > --
> > You received this message because you are subscribed to the Google Groups
> "nodejs" group.
> > To post to this group, send email to nod...@googlegroups.com.
> > To unsubscribe from this group, send email to
>
>
> http://groups.google.com/group/nodejs?hl=en.
>
>
>
>
Reply all
Reply to author
Forward
0 new messages