需要javascript中的AES解密

Question

I have the following code for decryption in java, I want that to be implemented in angular4.

public synchronized InputStream getInputStream(String src) {
    KeyEntry entry = keysMap.get(src);
    try {
        String destPath = rootFolder + "/" + entry.destination;
        FileInputStream is = new FileInputStream(destPath);
        if (entry.key.isEmpty()) return is;
        byte[] encKey = Base64.decode(entry.key, Base64.DEFAULT);
        SecretKeySpec secretKeySpec = new SecretKeySpec(encKey, AES_ALGORITHM);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(encKey);
        Cipher cipher = Cipher.getInstance(AES_TRANSFORMATION);
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
        return new CipherInputStream(is, cipher);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

currently doing it, something like below, not working

decryptContent(ciphertext, base64Key) {
    const key = CryptoJS.enc.Base64.parse(base64Key);

    const decryptedData = CryptoJS.AES.decrypt( ciphertext, key, {
        iv: CryptoJS.lib.WordArray.random(128 / 8),
        mode: CryptoJS.mode.ECB,
        padding: CryptoJS.pad.NoPadding
    });

    const decryptedText = decryptedData.toString( CryptoJS.enc.Utf8 );    
}

Answer 1

AES_TRANSFORMATION = "AES/CFB8/NoPadding";

Then you need to use CFB mode as well for decryption

 mode: CryptoJS.mode.CFB

I don't understand how to get the IV in javascript as in java, that is where I am majorly struck

IvParameterSpec ivParameterSpec = new IvParameterSpec(encKey);

In Java the encryption key is used as IV as well. To decrypt the data you should use the key as IV too.

Please note using key as IV is bad practice and it may create security weakness. IV allows reusing the same key for multiple encryptions without creating an opening for the "two-time pad attack". If the key is reused for multiple encryptions, IV needs to be unique for each encryption for the same key.