Encrypt with flutter/dart and decrypt aes with CryptoJS returns empty string
The CryptoJS code is incomaptible because the IV is decoded incorrectly. Instead of the Hex encoder, the Utf8 encoder must be used.
Also, the encrypt library applies the CTR mode by default. Therefore, in the CryptoJS code the CTR mode must be used instead of the CBC mode:
const cryptkey = CryptoJS.enc.Utf8.parse('Thisisasamplekeythatamusinginmyc');
const cryptiv = CryptoJS.enc.Utf8.parse('thisismysampleiv')
// Decryption
const crypted = CryptoJS.enc.Base64.parse("fdsUYHdv/5PoJSoZGwWppw==");
var decrypt = CryptoJS.AES.decrypt({ciphertext: crypted}, cryptkey, {
iv: cryptiv,
mode: CryptoJS.mode.CTR
});
console.log(decrypt.toString(CryptoJS.enc.Utf8));
// Encryption
var encrypt = CryptoJS.AES.encrypt("Sample Text", cryptkey, {
iv: cryptiv,
mode: CryptoJS.mode.CTR
});
console.log(encrypt.toString())
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
Usually no padding is used for a stream cipher mode like CTR. Note that both libraries apply PKCS#7 padding by default and do not automatically disable it for a stream cipher mode. Therefore, the padding should be explicitly disabled on both sides (with padding: null
on the Dart side and padding: CryptoJS.pad.NoPadding
on the CryptoJS side).
Alternatively, a block cipher mode like CBC can be used on both sides. Then, padding must be applied (e.g. PKCS#7).
If a static IV is used beyond testing and a password for the key: Then, for security reasons, a key derivation function such as PBKDF2 should be applied. Also, for each encryption, a random IV should be generated, which is passed to the other side along with the ciphertext (typically concatenated).
vin shaba
Updated on December 19, 2022Comments
-
vin shaba over 1 year
I have encrypted in flutter using dart library encrypt. Below is the code sample:
import 'package:encrypt/encrypt.dart' as enc; final key = enc.Key.fromUtf8('Thisisasamplekeythatamusinginmyc'); //32 chars final iv = enc.IV.fromUtf8('thisismysampleiv');//16 chars String encryptMyData(String text) { final e = enc.Encrypter(enc.AES(key)); final encrypted_data = e.encrypt(text, iv: iv); return encrypted_data.base64; }
I am able to encrypt but the issue arises when I try to decrypt the code using this code in JavaScript, using Crypto-JS:
const cryptkey = CryptoJS.enc.Utf8.parse('Thisisasamplekeythatamusinginmyc'); const crypted = CryptoJS.enc.Base64.parse("fdsUYHdv/5PoJSoZGwWppw=="); var decrypt = CryptoJS.AES.decrypt({ciphertext: crypted}, cryptkey, { iv: CryptoJS.enc.Hex.parse('thisismysampleiv'), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); console.log(decrypt.toString(CryptoJS.enc.Utf8));
The problem is that it always returns an empty string, even using the AES.js library.
I have looked at this answer but same issue exists.
-
Topaco about 2 yearsThe plaintext to your sample data is missing.
-
vin shaba about 2 yearsThat can be anything, any text you use. the function is encryptMyData("Sample Text")
-
Topaco about 2 yearsThe posted Dart code does not return the ciphertext
Ck4F8zbx79xebKbsdPKtsg==
for the plaintextSample Text
when using the keyThisisasamplekeythatamusinginmyc
and the IVthisismysampleiv
. Check this again. -
vin shaba about 2 yearsNo this is just text sample data. Whatever it returns, how do i decrypt it in javascript that is my question. Thank you @Topaco
-
Topaco about 2 yearsYou make it unnecessarily difficult to answer the question. How is the reader supposed to know that the test data is inconsistent? Please post valid and complete test data!
-
vin shaba about 2 yearsI have edited the question with valid cypherText
fdsUYHdv/5PoJSoZGwWppw==
. Thank you
-
-
vin shaba about 2 yearsWish i could upvote twice. Thanx @Tapaco. Any chance you could add how to encrypt sample using the same keys. Thank You once again
-
Topaco about 2 years@vinshaba - Sure. I have added the encryption.