Node.js Crypto class returning different results with updated version

Question

The following code produces HTML output for a single-sign-on button that gets added to a page. In node version 0.5.x the key is accepted by the server on button click, but after upgrading to 0.10.x it does not work and produces a different output. No errors. Has the crypto class changed? Note, the key, url, and iv have been changed slightly to avoid posting secure information, but are the correct length.

var util = require('util');
var crypto = require('crypto');
var fs = require('fs');
var dateFormat = require('dateformat');


var AESCrypt = {};


AESCrypt.encrypt = function(cryptkey, iv, cleardata) {

    var encipher = crypto.createCipheriv('aes-256-cbc', cryptkey, iv),
        encryptdata  = encipher.update(cleardata);


    encryptdata += encipher.final('binary');

    encode_encryptdata = new Buffer(encryptdata, 'binary').toString('hex');
    return encode_encryptdata;
}


function getKey(email){
  var now = new Date();
  var key = new Buffer("F4553ECE8E0039675E8DA176D23BD82D455BB6272B574FDD6185296432CE1AD9",'hex'),
    iv  = new Buffer("D95897EA52A8A0C8DF231C8F2DBE59A7",'hex'),
    key_bin = key.toString('binary'),
    iv_bin = iv.toString('binary'),
    text = new Buffer('mystring','ascii'),
    text_bin = text.toString('binary');

  var enc  = AESCrypt.encrypt(key_bin, iv_bin, text_bin);

  var page = '<form method="POST" action="https://somedomain.com/AES.aspx"><input type="hidden" name="key" value="'+enc+'"/><input type="hidden" name="ouid" value="1"/><input type="submit" value="Log ine"/></form>';

  return page;
}

if(process.argv[2]) {
    email = process.argv[2];
    console.log(getKey(email));
}
else{
    console.log('Something may be wrong with your email address>')
}

Have you tried `Buffer.concat` instead of +=? I answered another question where `+=` did not work correctly. — Maarten Bodewes, Nov 28 '13 at 01:32

score 3 · Accepted Answer · answered Dec 10 '13 at 02:05

3

It seems that - at least for later versions of NodeJS - that Buffer.concat() is required instead of the += operator.

answered Dec 10 '13 at 02:05

Maarten Bodewes

90,524
13
150
263

score 3 · Answer 2 · answered Dec 13 '13 at 01:33

Woking code:

var crypto = require('crypto');
var ecr = function(str)
{
    var cipher = crypto.createCipher('aes-256-cbc', 'passphase');
    var cryptedBuffers = [cipher.update(new Buffer(str))];
    cryptedBuffers.push(cipher.final());
    var crypted = Buffer.concat(cryptedBuffers);
    return crypted;
};
var dcr = function(str)
{
    var dcipher = crypto.createDecipher('aes-256-cbc', 'passphase');

    var dcryptedBuffers = [dcipher.update(new Buffer(str))];
    dcryptedBuffers.push(dcipher.final());
    var dcrypted = Buffer.concat(dcryptedBuffers)
        .toString('utf8');
    return dcrypted;
};

console.log(dcr(ecr('hello test')));

Node.js Crypto class returning different results with updated version

2 Answers2

Linked