堆栈内存溢出
  简体   繁体   English

密文未转换为纯文本,也未收到警告

[英]Ciphertext is not converting to plain text and is not being alerted

 原文  2016-06-13 12:10:32       javascript/ encryption/ cryptojs

问题描述

I am not able to decrypt a ciphertext. 我无法解密密文。 I have to test that my decryption is working properly or not. 我必须测试我的解密是否正常工作。 So, I created a simple html file which take cipher text and than convert it into plain text. 因此,我创建了一个简单的html文件,该文件接受密文,然后将其转换为纯文本。

I just here hardcoding the value and than converting ciphertext into plain text. 我只是在这里对值进行硬编码,然后将密文转换为纯文本。

When I tried it it was not working at all. 当我尝试时,它根本无法工作。 I don't understand what is the issue. 我不明白这是什么问题。

This is my code 这是我的代码 

<!DOCTYPE html>
<html>
<head>
    <script src="tripledes.js"></script>
    <script src="mode-ecb.js"></script>
    <style type="text/css">
<script type="text/javascript">

        function decryptByDES(aHJHDJSHJhjsak=, highishjdhsjhjs) {
            var keyHex = CryptoJS.enc.Utf8.parse(highishjdhsjhjs);

            var decrypted = CryptoJS.DES.decrypt({
                ciphertext: CryptoJS.enc.Base64.parse(aHJHDJSHJhjsak=)
            }, keyHex, {
                mode: CryptoJS.mode.ECB,
                padding: CryptoJS.pad.Pkcs7
            });

            return decrypted.toString(CryptoJS.enc.Utf8);
            alert ( decrypted);
        }


    </script>
</head>
<body>

    <div class="maindiv">
        <div>
            <label for="name">Message:</label>
            <input type="text" id="msg" name="msg" />
        </div>
        <div>
            <label for="mail">Key:</label>
            <input type="text" id="key" name="key" />
        </div>

        <div class="button">
            <button onclick="decryptByDES()">View</button>
        </div>
    </div>
</body>
</html>

and my mode-ecb.js file is 而我的mode-ecb.js文件是 

/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
/**
 * Electronic Codebook block mode.
 */
CryptoJS.mode.ECB = (function () {
    var ECB = CryptoJS.lib.BlockCipherMode.extend();

    ECB.Encryptor = ECB.extend({
        processBlock: function (words, offset) {
            this._cipher.encryptBlock(words, offset);
        }
    });

    ECB.Decryptor = ECB.extend({
        processBlock: function (words, offset) {
            this._cipher.decryptBlock(words, offset);
        }
    });

    return ECB;
}());

I need to show my decrypted text in an alert. 我需要在警报中显示我的解密文本。 But nothing is happening. 但是什么也没发生。

2 个解决方案

解决方案1
 1 已采纳  2016-06-13 12:26:18

I'm not familiar with CryptoJS, but... It looks like you need to move the alert before the return decrypted.toString(CryptoJS.enc.Utf8); 我对CryptoJS并不熟悉,但是...看来您需要在return decrypted.toString(CryptoJS.enc.Utf8);之前移动警报return decrypted.toString(CryptoJS.enc.Utf8); line, as the alert won't get called once the function returns. 行,因为一旦函数返回,警报将不会被调用。

Also, it would be better practice to make your key and cipher text variable strings, then call it from the button passing in those variables (although you may want to store your key in the javascript, and only pass in the cipherTextString). 另外,最好使密钥和密文字符串成为字符串,然后从传递这些变量的按钮中调用它(尽管您可能希望将密钥存储在javascript中,并且仅传递cipherTextString)。 

<script type="text/javascript">
    function decryptByDES(cipherTextString, keyString) {
        var keyHex = CryptoJS.enc.Utf8.parse(keyString);

        var decrypted = CryptoJS.DES.decrypt({
            ciphertext: CryptoJS.enc.Base64.parse(cipherTextString)
        }, keyHex, {
            mode: CryptoJS.mode.ECB,
            padding: CryptoJS.pad.Pkcs7
        });

        var decryptedStringified = decrypted.toString(CryptoJS.enc.Utf8);

        alert(decryptedStringified);

        return decryptedStringified;
    }
</script>

And then call it from your button, passing in the correct variables: 然后从您的按钮中调用它,并传入正确的变量: 

<button onclick="decryptByDES('aHJHDJSHJhjsak=', 'highishjdhsjhjs');">View</button>

解决方案2
 1  2016-06-13 16:52:59

In addition to Jem's answer... 除了杰姆的答案...

If you want to hardcode a key, then you can do many things, but all of them should involve some kind of code obfuscation, because a client might just open the developer tools and read the key. 如果要对密钥进行硬编码,则可以执行许多操作,但是所有这些操作都应涉及某种代码混淆,因为客户端可能只是打开开发人员工具并读取密钥。

Ways to hardcode the key, here are two simple ways that don't leak the key to the global object ... 硬编码密钥的方法,这是两种不将密钥泄漏到全局对象的简单方法...

  1. In the local scope of the function that does the encryption/decryption 在执行加密/解密的功能的本地范围内 

     function decryptByDES(cipherTextString) { var keyHex = CryptoJS.enc.Utf8.parse("mykeystring12345"); var decrypted = CryptoJS.DES.decrypt({ //... }

  2. In an wrapper scope (here used in an IIFE), but not in global scope 在包装器范围(在IIFE中使用)中,但不在全局范围中 

     (function(){ var keyHex = CryptoJS.enc.Utf8.parse("mykeystring12345"); function decryptByDES(cipherTextString) { var decrypted = CryptoJS.DES.decrypt({ //... } })();

A few things to note: 注意事项:

  • If you hardcode the key, then this doesn't provide any real security if the file the key is in is transmitted insecurely. 如果您对密钥进行硬编码,那么如果密钥所在的文件传输不安全,那么这将无法提供任何真正的安全性。 You definitely need HTTPS, but if you have HTTPS you likely don't need the encryption provided by CryptoJS. 您肯定需要HTTPS,但是如果您具有HTTPS,则可能不需要CryptoJS提供的加密。 ( Ref ) 参考

  • DES supports only one key size of exactly 8 bytes . DES仅支持一个正好为8 个字节的密钥大小。 If you cannot supply keys (which should look like random noise), then you're probably supplying a password, which does not need to have this specific length requirements. 如果您不能提供密钥(看起来像是随机噪声),则可能是您提供了密码,不需要此特定长度要求。 Since passwords cannot be used as keys, you will need to derive a key from that password. 由于密码不能用作密钥,因此您需要从该密码派生密钥。 CryptoJS supports PBKDF2 for that. 为此,CryptoJS支持PBKDF2。 If you're supplying a key that does not have the required size, then you will get strange results, but don't expect an error from CryptoJS. 如果您提供的密钥不具有所需的大小,那么您会得到奇怪的结果,但是不要指望CryptoJS会出错。

  • Don't use DES nowadays. 现在不要使用DES。 It only provides 56 bit of security. 它仅提供56位安全性。 AES would be a much better, because it's more secure with the lowest key size of 128 bit. AES会更好,因为它的最低密钥大小为128位更加安全。 There is also a practical limit on the maximum ciphertext size with DES. 使用DES的最大密文大小也有实际限制。 See Security comparison of 3DES and AES . 请参阅3DES和AES的安全性比较

  • Never use ECB mode . 切勿使用ECB模式 It's deterministic and therefore not semantically secure. 它是确定性的,因此在语义上并不安全。 You should at the very least use a randomized mode like CBC or CTR . 您至少应使用CBCCTR之类的随机模式。 It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. 最好对您的密文进行身份验证,这样就不可能进行像填充oracle攻击之类的攻击 This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme. 这可以通过GCM或EAX之类的经过身份验证的模式来完成,也可以通过先加密后MAC方案来完成。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将表单转换为纯文本 - converting form to plain text 将纯文本转换为json - converting plain text into json 在 javascript 中将纯文本转换为超链接 - Converting plain text to hyperlink in javascript 将纯文本数据转换为 json - Converting plain text data to json 将纯文本文件转换为 JSON - Converting plain text file to JSON BIRT 在脚本中将 HTML 文本转换为纯文本 - BIRT converting HTML text to plain text in scripts 将输入类型文本转换为纯文本 - converting input type text to plain text 没有使用 $(this) 提醒第二个 div 的内容 - Content for second div is not being alerted using $(this) 使用javascript将嵌套列表转换为缩进的纯文本 - Converting nested list into indented plain text with javascript 使用 jQuery 将锚标记转换为纯文本 - Converting an anchor tag to plain text with jQuery
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM