Java encryption -> javascript decryption

I'm trying to use tripleDES on a string in Java and decrypt it on javascript using crypto-js (I know there is a similar question but it's the other way around and cannot see the solution there)

As you may see the key is the 24 bytes 123.... (not final value of course)

java code

String dtGson = gson.toJson(dt); byte[] encryptKey = "123456789012345678901234".getBytes(); DESedeKeySpec spec = null; spec = new DESedeKeySpec(encryptKey); SecretKeyFactory keyFactory = null; keyFactory = SecretKeyFactory.getInstance("DESede"); SecretKey theKey = null; theKey = keyFactory.generateSecret(spec); Cipher c = null; c = Cipher.getInstance("DESede"); c.init(Cipher.ENCRYPT_MODE, theKey); return new String(c.doFinal(dtGson.getBytes("utf-8")), "utf-8");

and in Javascript

function criptoSend(texto){ var dec=CryptoJS.TripleDES.decrypt(texto,"123456789012345678901234"); alert("texto:"+texto+"/ndec:"+dec.toString(CryptoJS.enc.Utf8)); }

Any minimal lead that tells me what i'm doing wrong (surely in javascript)

This step is wrong:

new String(..., "utf-8")

Encrypted data is binary data, you can't treat it as if it were text. If you need to transfer it as a string, use base-64 to convert it to ASCII.

Already done that, but "javascript dec.toString" returns nothing.

Changed the last java line to:

BASE64Encoder encoder = new BASE64Encoder(); byte[] doFinal = c.doFinal(dtGson.getBytes("utf-8")); return encoder.encode(doFinal);

So in the JavaScript, "texto" has the correct, base-64 encoded value, but "dec" is assigned the empty string?

BTW, I don't know what "decrypt" returns, but assuming that it's the cleartext as a string, the "toString" should be unnecessary. (But then, -considering doing cryptography in JavaScript not such a good idea- I have no idea how that library works.)

Using Javascript with symmetric encryption always seems silly to me but what the heck. You need to look a the CryptoJC source to see exactly what it does because
keyFactory = SecretKeyFactory.getInstance("DESede");
uses block mode ECB with PKCS5 padding.

You should note that if you are using ECB then your code is not very secure since ECB allows forgery of ciphertext by splicing.

Richard Tookey wrote:Using Javascript with symmetric encryption always seems silly to me but what the heck. You need to look a the CryptoJC source to see exactly what it does because
keyFactory = SecretKeyFactory.getInstance("DESede");
uses block mode ECB with PKCS5 padding.

You should note that if you are using ECB then your code is not very secure since ECB allows forgery of ciphertext by splicing.

Also, Java's version of triple DES does encrypt, decrypt, and encrypt (EDE), with three different DES keys. Interestingly, this is not the most common mode. I believe the most common is EDE with two DES keys.

So... you need to ensure that these match too -- in addition to what Richard and Ulf stated.

Henry

It seems cryptoJS uses CBC and Pkcs7 as defaults, going to see if i can change it and I inform all of you.

Alex Armenteros wrote:It seems cryptoJS uses CBC and Pkcs7 as defaults, going to see if i can change it and I inform all of you.

Note - PKCS7 when used like this is the same as PKCS5 and yhy would you want to change from secure CBC mode to insecure ECB mode. Change your Java code to use CBC. You will still need to look at the Javascipt source to see how the CBC IV is specified and then match this in your Java.

After some tries with lots of changes, and still without results

I configured the cipher in a MUCH simpler way like this... (I'm not aiming for security right now, I'm aiming for functionality)



byte[] encryptKey2 = new byte[16]; //this way i'm supposed to generate a 128-bit key that all bytes are "1" for (int k = 0; k < 16; k++) { encryptKey2[k] = 1; } SecretKeySpec spec2 = new SecretKeySpec(encryptKey2, "AES"); SecretKey theKey2 = null; theKey2 = spec2; Cipher c2 = null; //ECB to avoid the use of IV and get avoid all problems of hidden parameters c2 = Cipher.getInstance("AES/ECB/ISO10126PADDING"); c2.init(Cipher.ENCRYPT_MODE, theKey2); BASE64Encoder encoder = new BASE64Encoder(); byte[] doFinal = c2.doFinal(dtGson.getBytes("UTF-8")); return encoder.encode(doFinal);

and in JS
var key = CryptoJS.enc.Hex.parse('01010101010101010101010101010101'); var dec=CryptoJS.AES.decrypt(CryptoJS.enc.Base64.parse(texto),key,{mode:CryptoJS.mode.ECB, padding: CryptoJS.pad.Iso10126});

Tried decrypting in java and no problem.

Tried decrypting in JS and nothing on the output.

I'll try other places to look for an answer as it seems a problem with cryptoJS library. Thanks for your answers

PS: Used an online tool (dunno if links are allowed in this forum) to test the ciphertext (now I'm using Hex text, instead of base64) and the key and it decrypts perfectly (except the final padding ofc)

PS2: Finally i got it to work... And my final conclusion is that the documentation in crypto-js website is not useful. In decrypt function the ciphertext must be passed like this. "CryptoJS.lib.CipherParams.create({ciphertext: CryptoJS.enc.Hex.parse(texto)})" [Using Hex ciphertext]

The basic problem with the Javascript is that the key one specifies is not a simple AES key. It is in some way derived from the key string by some algorithm that must be specified somewhere but I don't know where! Running the AES example on their website of
<!DOCTYPE HTML> <html> <head> <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script> <script> var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase"); alert(encrypted.key); // 74eb593087a982e2a6f5dded54ecd96d1fd0f3d44a58728cdcd40c55227522223 alert(encrypted.iv); // 7781157e2629b094f0e3dd48c4d786115 alert(encrypted.salt); // 7a25f9132ec6a8b34 alert(encrypted.ciphertext); // 73e54154a15d1beeb509d9e12f1e462a0 alert(encrypted); // U2FsdGVkX1+iX5Ey7GqLND5UFUoV0b7rUJ2eEvHkYqA= </script> </head> <body> </body> </html>
and taking the values for the key, IV and ciphertext from the alerts I can decrypt using
HexDecoder hexDecoder = new HexDecoder(); byte[] keyBytes = hexDecoder.decode("b6d309ad12c34bacc23b99496c652d4c32c409b4a1996a41c0547232b7be76b3"); byte[] ivBytes = hexDecoder.decode("9e67397c3fe6f759627665c5d073caf6"); SecretKeySpec key = new SecretKeySpec(keyBytes, "AES"); Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); IvParameterSpec IV = new IvParameterSpec(ivBytes); c2.init(Cipher.DECRYPT_MODE, key, IV); byte[] ciphertext =hexDecoder.decode("0750114b6a3bb148286e0838ae6b26a9"); //byte[] ciphertext = new Base64Decoder().decode("U2FsdGVkX1+4hHmLHh7SwCpFLo9UXu6RkXt97eyLxng="); byte[] recoveredCleartext = c2.doFinal(ciphertext); HexEncoder encoder = new HexEncoder(); System.out.println(encoder.encodeAsString(recoveredCleartext)); System.out.println(new String(recoveredCleartext));

Since one gets a different key each time one runs the Javascript there is obviously some random salt and you will need to duplicate the key generation algorithm in your Java code. I will leave you the task of working out the algorithm but I would guess that the algorithm is one of the standard PBE algorithms but which one?

Note the Base64 encode 'encrypted' must contain the salt and IV or one could not decrypt and it should be easy to deduce the format.

Java Encryption:

Encoder encoder = Base64.getEncoder(); final String ALGO = "AES"; String password = "1234567890123456"; String plain = "fskajhdfosjksaiodsajdoendklnassao"; Key key = new SecretKeySpec(password.getBytes(), ALGO); String keyForJS = encoder.encodeToString(password.getBytes()); Cipher c = Cipher.getInstance(ALGO); c.init(Cipher.ENCRYPT_MODE, key); byte[] encVal = c.doFinal(plain.getBytes()); String encryptedValue = encoder.encodeToString(encVal);
Java Script Decryption:

include- rollups/aes.js, components/mode-ecb-min.js

var key = CryptoJS.enc.Base64.parse(keyForJS); var decryptedData = CryptoJS.AES.decrypt(encryptedValue, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8); alert(decryptedText);

Working Fine for Me.

In case of Triple DES:

Java Code:

Encoder encoder = Base64.getEncoder(); final String ALGO = "DESede"; String password = "123456789012345678901234"; String plain = "fdsafdsafasdfasfasdsadsasafa"; DESedeKeySpec spec = new DESedeKeySpec(password.getBytes()); SecretKeyFactory keyFactory = null; keyFactory = SecretKeyFactory.getInstance(ALGO); SecretKey theKey = keyFactory.generateSecret(spec); Cipher cipher = Cipher.getInstance(ALGO); cipher.init(Cipher.ENCRYPT_MODE, theKey); byte[] encVal = cipher.doFinal(plain.getBytes()); String encryptedValue = encoder.encodeToString(encVal); String keyForJS = encoder.encodeToString(password.getBytes()); System.out.println("Key2 = " + keyForJS); System.out.println("Val = " + encryptedValue);

Java Script:

include- rollups/tripledes.js, components/mode-ecb-min.js

var base64Key = keyForJS; var key = CryptoJS.enc.Base64.parse(base64Key); var decryptedData = CryptoJS.TripleDES.decrypt(encryptedValue, key, { mode: CryptoJS.mode.ECB }); var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8); alert(decryptedText);

Do NOT use that code verbatim. There are a couple of big issues:

Passwords and plain texts handled as Strings.

Key material derived directly from raw password bytes. NEVER DO THIS. Use a password based key derivation factory, such as PBKDF2 or bcrypt.

Raw password is being sent to client. BIG NO NO.

Also, you shouldn't perform encryption without authentication, but I'm not sure if JavaScript has a library that supports AEAD.