我无法解密在cryptojs中加密的消息，其加密是在xycrypto中完成的，会出现什么问题？

Question

I am doing an exercise where I must encrypt with 3DES with OFB with some python library, in my case use xycrypto ( https://pypi.org/project/xycrypto/ ):

import base64
from xycrypto.ciphers import TripleDES_OFB

key = b'2ndl38aj2nk3l47d'
iv = b'pwler1o2'
plaintext = b'SupErCaliFRAGIlisTICOESpirALiDOso'
cipher = TripleDES_OFB(key, iv=iv)
msg = cipher.encrypt(plaintext)

dex = cipher.decrypt(base64.b64decode('HOQOSp3XKCe85sS6/5VMVuyM8lae5lmpqkMYlVm1Gxg/'))
print(dex)
msgF = '"'+base64.b64encode(msg).decode('utf-8')+'"'
keyF = '"'+key.decode('utf-8')+'"'
ivF = '"'+iv.decode('utf-8')+'"'
print(msgF)
html = open('../index.html','w')
mensaje = """<!DOCTYPE html>
<html lang="es" style="background-color: black; color: white;">
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
            <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Tarea 3 Criptografia y seguridad en redes</title>
    </head>
    <body>
        <p>Este sitio contiene un mensaje secreto</p>
        <div class="algorithm" id="""+msgF+"""></div>
        <div class="iv" id="""+ivF+"""></div>
        <div class="key" id="""+keyF+"""></div>
    </body>
</html>
"""
html.write(mensaje)
html.close()

Create an HTML whose tags contain the encrypted text, the key and the iv, finally, as required by the exercise, I must take the values with JS and tampermonkey, the plugin code is as follows:

(function decryptTripleDES() {
    'use strict'
    var html = document.getElementsByClassName("algorithm");
    var html2 = document.getElementsByClassName("iv");
    var html3 = document.getElementsByClassName("key");
    var ciphertext = html[0].id
    var key = html3[0].id;
    var iv = html2[0].id;
    var hexK = CryptoJS.enc.Hex.parse(key);
    var hexI = CryptoJS.enc.Hex.parse(iv);
    var decrypted = CryptoJS.TripleDES.decrypt(ciphertext, hexK, {
      iv: hexI,
      mode: CryptoJS.mode.OFB
    });
    alert(decrypted.toString(CryptoJS.enc.Utf8))
})();

The plugin imports the cryptojs library, calling the decrypt function of 3DES and OFB, I import the html parameters and try to decrypt the content and try to display it with alert, but it returns empty. Am I doing something wrong? It occurs to me that in JS I don't do the base changes correctly with the input parameters but I'm not sure.

PD: I also tried changing the python library to PyCryptodome but got the same results.

Answer 1

Key and IV are ASCII (or UTF-8) encoded in the Python code, so the appropriate encoder must be used in the CryptoJS code ( Latin1 or Utf8 ).

Moreover, CryptoJS applies PKCS7 padding by default , even for stream cipher modes like OFB . Therefore, padding must be explicitly disabled:

 var ciphertext = "BbUxBiVklN80imgxk/xaonLjwV+BKfEBciTJRF+lGItI"; var key = "2ndl38aj2nk3l47d"; var iv = "pwler1o2"; var hexK = CryptoJS.enc.Latin1.parse(key); // ASCII (or Utf8) encode var hexI = CryptoJS.enc.Latin1.parse(iv); // ASCII (or Utf8) encode var decrypted = CryptoJS.TripleDES.decrypt(ciphertext, hexK, { iv: hexI, mode: CryptoJS.mode.OFB, padding: CryptoJS.pad.NoPadding // disable PKCS7 padding }); console.log(decrypted.toString(CryptoJS.enc.Utf8));

 <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>

The above code snippet uses the values from the Python code for ciphertext, key and IV and successfully decrypts the ciphertext with them.

Provided your values for ciphertext, key and iv in the CryptoJS code are correctly derived from the HTML, your code should also successfully decrypt the ciphertext after these fixes.