Match PHPs openssl_encrypt with blank IV in JavaScript -


how can match output of openssl_encrypt in javascript, when no iv declared in php , non-compliant key length used?

php

php -r '$value = openssl_encrypt("test", "aes-128-cbc", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); echo $value;'  /u+5lb/vwbmx9u1yy4cncq==

javascript

iv  = cryptojs.enc.utf8.parse(""); var encrypted = cryptojs.aes.encrypt("test", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {iv: iv, mode: cryptojs.mode.cbc, padding: cryptojs.pad.pkcs7}); console.log(encrypted.tostring());  u2fsdgvkx19cn1f6x8c/rjdfwzszk5m5wwcurr4z3u4=  console.log(cryptojs.enc.base64.stringify(encrypted.ciphertext));  l1/doxmtmblzyjsthjpdtg==

i can modify javascript code , need way encrypt string can decrypted php's openssl_decrypt. works fine if string it's encrypted php.

i understand not declaring iv renders code less secure, in particular case it's not big issue.

i've read in other topics php defaults padding pkcs7, why added js method.

my current theory either default iv of php issue or output of js function needs further processed. can see tried base64.stringify method, results still different.

the sample key i'm using here of same length of actual key.

i'm using https://github.com/sytelus/cryptojs/blob/master/rollups/aes.js (whatever use in js, needs distributed standalone file, relatively small footprint)

there issues code:

  • if want use existing key, need provide wordarray object cryptojs.<cipher>.encrypt. means has parsed in way. if provide string "key", cryptojs assume password, generate random salt , use evp_bytestokey derive key , iv password , salt.
  • your "key" 29 characters long. aes supports 3 key sizes: 16, 24 , 32 bytes. since you've used aes-128 in php, need provide 16 byte key in cryptojs aes-128 automatically selected. remember: key supposed randomly chosen , indistinguishable random noise has kind of security. if must print key in way, use hex or base64 encoding.

full example:

var iv  = cryptojs.enc.utf8.parse("");  var key = cryptojs.enc.utf8.parse("aaaaaaaaaaaaaaaa");  var encrypted = cryptojs.aes.encrypt("test", key, {      iv: iv,       mode: cryptojs.mode.cbc,       padding: cryptojs.pad.pkcs7  });    console.log(cryptojs.enc.base64.stringify(encrypted.ciphertext));
<script src="https://cdn.rawgit.com/cryptostore/crypto-js/3.1.2/build/rollups/aes.js"></script>


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer
Read more

jquery - Responsive Navbar with Sub Navbar -

good day, forgive me nav vocabulary not best. if question confusing apologize. i'm working on navigation bar needs centered on page @ 768px , above. items in nav open (or perhaps toggle) subnav lives directly below. these nav should appear centered on page. i have been able work through responsive portion of nav bar, having main items align vertically , sub nav menu of each item roll out below, , gave them indent separation. working well. however, issue not responsive side, behavior @ width greater 768px. happens toggling menu's sub navigation pushes other main items down page below sub nav. here's code: $(document).ready(function () { //stick in fixed 100% height behind navbar don't wrap $('#slide-nav.navbar-inverse').after($('<div class="inverse" id="navbar-height-col"></div>')); $('#slide-nav.navbar-default').after($('<div id="navbar-height-col"></d
Read more