7

I am trying to encrypt in Javascript with CryptoJS and decrypt in PHP. The JS code is:

var salt = CryptoJS.lib.WordArray.random(128/8); 
var key256Bits500Iterations = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 256/32, iterations: 500 });
var iv  = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f'); // just chosen for an example, usually random as well

encrypted = CryptoJS.AES.encrypt("Message", key512Bits1000Iterations, { iv: iv });  
var data_base64 = crypted.ciphertext.toString(CryptoJS.enc.Base64);
var iv_base64   = crypted.iv.toString(CryptoJS.enc.Base64);
var key_base64  = crypted.key.toString(CryptoJS.enc.Base64);

And the PHP is as follows:

$encrypted = base64_decode($data_base64);
$iv = base64_decode($iv_base64);
$key = base64_decode($key_base64); 

    $plaintext = mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $encrypted, MCRYPT_MODE_CBC, $iv);
echo ($plaintext);

This does not return the correct answer.

I am unsure where things are going poorly! I need to do my own IV, but if I do just say:

CryptoJS.AES.Encrypt("Message", "Secret Passphrase");
var data_base64 = crypted.ciphertext.toString(CryptoJS.enc.Base64);
var iv_base64   = crypted.iv.toString(CryptoJS.enc.Base64);
var key_base64  = crypted.key.toString(CryptoJS.enc.Base64);

It DOES successfully work in the PHP code -- only the key_base64 isn't something that can be changed, it has to be what the user remembers... And then it gives me a salt to get a key from the passphrase entered and IDK how it managed to get that using CryptoJS

Paul
  • 375
  • 1
  • 5
  • 17

1 Answers1

15

Your code WILL work if you just fix a few typos there

JS

    <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
    <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/pbkdf2.js"></script>
    <script>
        var salt = CryptoJS.lib.WordArray.random(128/8); 
        var key256Bits500Iterations = CryptoJS.PBKDF2("Secret Passphrase", salt, { keySize: 256/32, iterations: 500 });
        var iv  = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f'); // just chosen for an example, usually random as well

        var encrypted = CryptoJS.AES.encrypt("Message", key256Bits500Iterations, { iv: iv });  
        var data_base64 = encrypted.ciphertext.toString(CryptoJS.enc.Base64); 
        var iv_base64   = encrypted.iv.toString(CryptoJS.enc.Base64);       
        var key_base64  = encrypted.key.toString(CryptoJS.enc.Base64);
    </script>

PHP

    <?php
        $encrypted = base64_decode("data_base64"); // data_base64 from JS
        $iv        = base64_decode("iv_base64");   // iv_base64 from JS
        $key       = base64_decode("key_base64");  // key_base64 from JS

        $plaintext = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $key, $encrypted, MCRYPT_MODE_CBC, $iv ), "\t\0 " );
xzag
  • 594
  • 3
  • 12
  • This made me so mad =[ – Paul Jan 20 '14 at 12:07
  • Works, although I added `\r\n` to the list of characters to trim PHP-side – Benjamin Intal Nov 04 '14 at 14:39
  • @Shuric I have a project use cryptoJS. it is client server mobile app with cordova. i use cryptoJS for encryption and decryption just in client side before because i just need the sqlite data can't be read. but i need to encrypt the data in server side to make it unreadable while it transfer via internet. so i think it the opposite of your answer. so can you help me to solved it. honestly i still dont understand with aes encryption i just use passphrase in encrypt and decrypt with cryptoJS. i dont know what iv and salt is. thanks in advance. – Mahfud Muhammad Jul 31 '15 at 00:58