Decrypting with crypto-js
Question
I receive data from a third party at an API that contains encrypted data. They provided me with a Passphrase do decrypt the content of the Json file, but I do not get any result; so they provided me with the code they generate the encryption which is written in VB.NET:
Public Shared Function EncryptString(ByVal Message As String, ByVal Passphrase As String) As String
Dim Results As Byte()
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding()
Dim HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey As Byte() = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase))
Dim TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
TDESAlgorithm.Key = TDESKey
TDESAlgorithm.Mode = CipherMode.ECB
TDESAlgorithm.Padding = PaddingMode.PKCS7
Dim DataToEncrypt As Byte() = UTF8.GetBytes(Message)
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor()
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Return Convert.ToBase64String(Results)
End Function
I tried to decrypt with:
let key = CryptoJS.enc.Utf8.parse(Passphrase);
let decryptedData = CryptoJS.AES.decrypt(Message, key, {
iv: key
});
alert(decryptedData.toString( CryptoJS.enc.Utf8 ));
But I get an empty string and this console error: Error: Malformed UTF-8 data
If I do
const passworddes = CryptoJS.DES.decrypt(message, key, {
mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7
}).toString();
I get an empty string only
Am I missing something on the decryption?
Thank you all.
UPDATE:
The supplier provided me with the function they utilize to decrypt. At the above Typescript code Im setting the mode and the padding as they don on their .NET code, but still getting nothing.
Here is the function they utilize:
Public Shared Function DecryptString(ByVal Message As String, ByVal Passphrase As String) As String
Dim Results As Byte()
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding()
Dim HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey As Byte() = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase))
Dim TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
TDESAlgorithm.Key = TDESKey
TDESAlgorithm.Mode = CipherMode.ECB
TDESAlgorithm.Padding = PaddingMode.PKCS7
Dim DataToDecrypt As Byte() = Convert.FromBase64String(Message)
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor()
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Return UTF8.GetString(Results)
End Function
1 answers
solution1
1 ACCPTED 2021-06-11 06:19:21
The VB code derives the key from the passhprase with MD5. TripleDES (aka 3DES) with a 16 bytes key (2TDEA) is used as the algorithm. ECB is applied as the mode. A possible decryption with CryptoJS is:
var key = CryptoJS.MD5('my passphrase'); var message = 'vg0m/29RO6Y9o5SATGFj4H3p612sIIk6/Ny1wtr8HLomM3gI5WYYNKy//pAjq/ZJ' const decrypted = CryptoJS.TripleDES.decrypt( message, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 } ).toString(CryptoJS.enc.Utf8); console.log(decrypted)
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
In the above example the ciphertext was created with the VB code.
Note that the code is very insecure:
- MD5 is broken, better: SHA256.
- The key derivation from a digest is also insecure (even if the digest is secure), better: a reliable key derivation function like Argon2 or PBKDF2.
- ECB is insecure, better: CBC or even better: GCM.
- TripleDES is deprecated and slow, better: AES.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.