AES Decrypt from CryptoJS

Alex Howard

unread,

Apr 28, 2014, 11:11:09 AM4/28/14

to golan...@googlegroups.com

Please help, I thought this would take 1 hour but now its day 2. There are a few different types of AES see...

I have managed to get CryptoJS to use CTR mode, which is what I usually use on my working decrypt func in go programs.

For this example i'm using the key as iv, as I know this is transmitted with integrity to the go server (just trying to make less room for error)

Still it wont decrypt. I have decoded the base 64 that cryptoJS encodes the ciphertext with first before trying...

Any genius(s) around that can help me with where i'm going wrong?

The iv on the JS side is an object l.WordArray.t.extend.init {words: Array[4], sigBytes: 16, init: function, toString: function, concat: function…}

...and mine is a hex string (although they are both created from the key as i said)

Javascript

function AESencrypt(key, input) {

var key = CryptoJS.enc.Hex.parse(key);

var e = CryptoJS.AES.encrypt(input, key, { mode: CryptoJS.mode.CTR, iv: key });

return(btoa(e));

}

Golang

func ivcrypt(key string, ciphertext []byte) string {

block, err := aes.NewCipher([]byte(key))

if err != nil {

return("CIPHER INIT ERROR")

}

if len(ciphertext) < aes.BlockSize {

return("CIPHERTEXT LENGTH TOO SHORT!")

}

text := decodeBase64(string(ciphertext))

iv := []byte(key)[:aes.BlockSize]

text = text[aes.BlockSize:]

cfb := cipher.NewCFBDecrypter(block, iv)

cfb.XORKeyStream(text, text)

return string(decodeBase64(string(text)))

}

Alex Howard

unread,

Apr 28, 2014, 11:49:12 AM4/28/14

to golan...@googlegroups.com

I think there are multiple things wrong with what I am trying to do here, including trying to decrypt the output object rather than the ciphertext element within it

Rob Napier

unread,

Apr 28, 2014, 4:50:57 PM4/28/14

to golan...@googlegroups.com

On Monday, April 28, 2014 11:11:09 AM UTC-4, Alex Howard wrote:

Please help, I thought this would take 1 hour but now its day 2. There are a few different types of AES see...

I have managed to get CryptoJS to use CTR mode, which is what I usually use on my working decrypt func in go programs.

For this example i'm using the key as iv, as I know this is transmitted with integrity to the go server (just trying to make less room for error)

You must never do this. CTR is completely insecure if you ever reuse the same key+nonce on two messages. Nonces act like IVs, but they carry a different meaning and must never be reused. Unlike CBC which is only weakened if you reuse a key+IV pair, CTR is totally broken if you reuse the nonce. I discourage people from using CTR unless they know exactly what they're doing and need what it offers. It's a very easy mode to mess up, and you still need an HMAC for authentication.

In general, you should never use the key as anything else (like an IV or nonce). You can easily wind up with useless encryption.

My experience with CryptoJS is that it's very challenging to port. Its API is very vague and ambiguous, and when you screw things up, you don't get errors; you just get nonsense. The only way to really figure it out is to dig through the source and see what they're doing. If you can use a different library, I strongly recommend sjcl, which is much better designed.

I see you've already found some of your issues. Have you already noted that you're decrypting with CFB mode rather than CTR? They need to match.

-Rob

Alex Howard

unread,

Apr 29, 2014, 3:25:44 PM4/29/14

to golan...@googlegroups.com

This is my latest attempt, this time Go > CryptoJS , fixed most of the errors but not getting decryption even though i have confirmed the key, iv, ciphertext is the same on both ends.

There must be someone who knows, there is no working example anywhere on the net for this...

if a == "test64bytes" {

output = "AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD"

}

// encrypt ajax response

iv := decodeBase64("AAAAAAAAAAAAAAAAAAAAAA==")

ciphertext := []byte(output)

ckey := decodeBase64(string(PLAINkey[0:32]))

c, err := aes.NewCipher(ckey)

cfbdec := cipher.NewCBCDecrypter(c, iv)

plaintext := make([]byte, len(ciphertext))

cfbdec.CryptBlocks(plaintext, ciphertext)

crypt := string(encodeBase64(plaintext))

fmt.Fprintf(res, "%v", crypt)

fmt.Println(encodeBase64(ckey))

fmt.Println(encodeBase64(iv))

fmt.Println(crypt)

///////////////////////////////////////////////////////////////////////////////////////////////////

JavaScript

if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
var enc = {};
enc["key"] = CryptoJS.enc.Base64.parse(keyseed.substring(0,32));
enc["iv"] = CryptoJS.enc.Base64.parse("AAAAAAAAAAAAAAAAAAAAAA==");
enc["ciphertext"] = CryptoJS.enc.Base64.parse(xmlhttp.responseText);
enc["salt"] = "";
console.log("RESPONSE:", xmlhttp.responseText, atob(xmlhttp.responseText));

// check i'm using same data

console.log(CryptoJS.enc.Base64.stringify(enc["key"]));
console.log(CryptoJS.enc.Base64.stringify(enc["iv"]));
console.log(CryptoJS.enc.Base64.stringify(enc["ciphertext"]));
var options = { keySize: 256 / 8, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, iv: enc["iv"] };
de = CryptoJS.AES.decrypt(enc, enc["key"], options);
document.getElementById(target).innerHTML = de.toString();
console.log(de.toString(CryptoJS.enc.Utf8));
console.log("DECRYPTION FINISHED");
}