在nodejs中解密.Net cookie
[英]Decrypt .Net cookie in nodejs
问题描述
I've created an encrypted cookie in .Net and I'm trying to decrypt it's content in nodejs. 
我在.Net中创建了一个加密的cookie,我试图在nodejs中解密它的内容。 But nodejs keeps throwing the exception "TypeError: DecipherFinal fail" 但是nodejs不断抛出异常“TypeError:DecipherFinal fail”
In .Net I'm using the AES encryption method with the key 在.Net中,我使用密钥的AES加密方法
932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC.
My web.config file has the following row 我的web.config文件包含以下行
<machineKey validationKey="A5326FFC9D3B74527AECE124D0B7BE5D85D58AFB12AAB3D76319B27EE57608A5A7BCAB5E34C7F1305ECE5AC78DB1FFEC0A9435C316884AB4C83D2008B533CFD9"
decryptionKey="932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC"
validation="SHA1" decryption="AES" />
And the code that generates my cookie in .Net looks like this: 在.Net中生成我的cookie的代码如下所示:
var ticket = new FormsAuthenticationTicket(0, "test", DateTime.Now, DateTime.Now.AddYears(1), true, "test");
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(cookieName, encryptedTicket));
The nodejs code that decrypts the cookie is 解密cookie的nodejs代码是
var crypto = require('crypto');
var logger = require('winston');
var deckey = "932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC";
function hex2a(hex) {
var str = '';
for (var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
}
function decrypt(cookie) {
var ivc = cookie, iv, cipherText, ivSize = 16, res;
ivc = new Buffer(ivc, 'hex');
iv = new Buffer(ivSize);
cipherText = new Buffer(ivc.length - ivSize);
ivc.copy(iv, 0, 0, ivSize);
ivc.copy(cipherText, 0, ivSize);
iv = new Buffer(Array(16));
c = crypto.createDecipheriv('aes-256-cbc', hex2a(deckey), iv.toString());
res = c.update(cipherText, 'binary');
res += c.final('binary'); //<-- throws TypeError: DecipherFinal fail
return res;
}
I'm kind of lost and I would appreciate tips or ideas on what could be the issue. 我有点迷茫,我会很感激有关问题的提示或想法。
3 个解决方案
解决方案1
1 2016-01-27 17:48:39
You can see the source code of Encryp and Decrypt here with all the different possibilities (Framework20SP1, Framework20SP2, etc) 您可以在此处查看Encryp和Decrypt的源代码,其中包含所有不同的可能性(Framework20SP1,Framework20SP2等)
https://github.com/Microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs https://github.com/Microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs
It took me hours to read that code, but once you got it, it's possible to write a simple code just for your specific encryption settings. 我花了几个小时来阅读该代码,但是一旦你得到它,就可以为你的特定加密设置编写一个简单的代码。
解决方案2
0 2012-12-16 16:15:25
A key is not a String, take a look at the method fromCharCode() : 一个键不是String,看一下fromCharCode()的方法:
The
fromCharCode()method converts Unicode values into characters.fromCharCode()方法将Unicode值转换为字符。
This means that any hexadecimal is converted to a textual character, while createDecipheriv() method specifies that: 这意味着任何十六进制都转换为文本字符,而createDecipheriv()方法指定:
key and iv must be 'binary' encoded strings or buffers.
Note that this is just one of the issues that may be present, I haven't had time to run the code (yet). 请注意,这只是可能存在的问题之一,我还没来得及运行代码。
解决方案3
0 2014-11-12 11:01:07
Your problem is probably a failure in automatic padding, turned on by default. 您的问题可能是自动填充失败,默认情况下处于启用状态。 You want to turn this off, by adding: 你想通过添加以下内容来关闭它:
c.setAutoPadding(false);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.