Java Encryption and Javascript Decryption

Question

I am trying to encrypt a data in java and decrypt the same in javascript. There is already a similar question in SO but it does not work for me.

My question is - Encrypted Text given by Java code is not getting decrypted by Javascript. I have hardcoded the the encrypted text and key in my JS below.

P.S. I know decryption on the UI is of no use as Key will be visible and any user can decode the code. But my requirement of doing so is to bypass a Penetration Testing tool. So please suggest how it can be done

Java code -

import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class Crypt {
    private static final String ALGO = "AES";
    private static final byte[] keyValue = 
    new byte[] { 'A', 'b', 'c', 'd', 'e', 'f', 'g',
    'h', 'i', 'j', 'k','l', 'm', 'n', 'o', 'p'};

public static String encrypt(String Data) throws Exception {
    Key key = generateKey();
    String keyForJS = Base64.encodeBase64String(keyValue);
    System.out.println("Key2 = " + keyForJS);
    Cipher c = Cipher.getInstance(ALGO);
    c.init(Cipher.ENCRYPT_MODE, key);
    byte[] encVal = c.doFinal(Data.getBytes());
    String encryptedValue = Base64.encodeBase64(encVal).toString();
    return encryptedValue;
}

private static Key generateKey() throws Exception {
    Key key = new SecretKeySpec(keyValue, ALGO);
    return key;
}

public static void main(String a[]) throws Exception
{
  System.out.println("Encryption = " + Crypt.encrypt("Test"));

}
}

execution of the above code in eclipse generate the following output -

Key2 = [B@670b5064

Encryption = [B@3c8b22e5

Now i will use this data for my JS Code

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script>

var base64Key = "[B@670b5064"; // This is the output key from Java
var key = CryptoJS.enc.Base64.parse(base64Key);


var decryptedData = CryptoJS.AES.decrypt( "[B@3c8b22e5", key, { // This is the Output text from Java
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
} );
var decryptedText = decryptedData.toString( CryptoJS.enc.Utf8 );
console.log( "decryptedText = " + decryptedText );

Output of JS code -

decryptedText - (Its blank, nothing appears). Please find JS Fiddle - http://jsfiddle.net/achyut/pKNzV/11/

Please read this: http://matasano.com/articles/javascript-cryptography/ — ntoskrnl, Oct 11 '14 at 15:11
@ntoskrnl - I have already done my research. I very well know the fact that decryption on javascript is of no good. But it is my requirement and that is why i have been doing research on finding out how to and so is the question here posted. I need to by pass a penetration testing tool. — Achyut, Oct 11 '14 at 20:39
A problem I can immediately spot is that you've called `toString()` on a byte array and then put the resulting strings in the JS code. byte[] doesn't override `toString()` so you just get the default method from Object. — ntoskrnl, Oct 11 '14 at 20:47
@ntoskrnl - I am not very good in Java, can you help me understand what do exactly mean by byte[] doesn't override toString(). — Achyut, Oct 11 '14 at 21:11
@SaniHuttunen - Now can you please remove the -1 from my question so that i get a quick answer to my question — Achyut, Oct 12 '14 at 13:26
I dont have enough reputation to know who did it. ok can you help me with the question — Achyut, Oct 12 '14 at 21:13
@Achyut: in short, `Base64.encodeBase64(...)` returns a byte[]. You are calling the toString() method on that byte[]. This doesn't make any sense. Perhaps it would be better if you called `Base64.encodeBase64String(...)` instead. — President James K. Polk, Oct 13 '14 at 12:11
@GregS - SO you want me to change this line - String keyForJS = Base64.encodeBase64(keyValue).toString(); to byte[] keyForJS = Base64.encodeBase64(keyValue); Done that still it does not works. — Achyut, Oct 13 '14 at 12:37
@Achyut: Works for me. Maybe you should post your corrected code. — President James K. Polk, Oct 13 '14 at 12:58
@GregS - Updated my the question with the updated Java Code, the output i got and also a JS Fiddle link — Achyut, Oct 13 '14 at 13:08
ok, now you're not even trying. This is not a "give me teh codez" website. — President James K. Polk, Oct 13 '14 at 13:11
i have written the complete Java and Javascript code. Even created fiddle. Still my code is not working, that is why i have posted the question. If there is something wrong in my code than please point it. I asked no one to give me complete code. — Achyut, Oct 13 '14 at 13:19
I think you should re-read the comment from GregS, the Java output is still not OK. — Maarten Bodewes, Oct 13 '14 at 21:57
@owlstead Thanks for highlighting. I did not read that part properly in a hurry. But still even that does NOT works. Inputting the Java output to javascript code prints nothing in console. — Achyut, Oct 14 '14 at 09:02
Can someone who actually knows both the part i.e. Java side and Javascript side help (definition - help me with a working code) rather than people with only knowledge on Java. — Achyut, Oct 14 '14 at 09:05
The problem is that we are not here to rewrite code for you nor to lead you through all steps. Questions on SO should be well defined. — Maarten Bodewes, Oct 14 '14 at 09:36
@owlstead Just one Java type cast issue you ALL have highlighted and now you are behaving as if you wrote the entire code for me. My Question in SO is WELL DEFINED as i have given both my JAVA code as well as JAVASCRIPT code with Jsfiddle which "I" wrote. Not a single person here has even attempted to ANSWER the question as can be seen here. And yes, please only comment on a question of which you have any knowledge or idea or can provide a WORKING Solution. — Achyut, Oct 15 '14 at 23:35
SO represents the Open Source Community where people help each other voluntarily. If you can't help someone then you don't need to. Some one else will. Nobody is asking YOU in particular. — Achyut, Oct 15 '14 at 23:41

score 1 · Answer 1 · edited May 23 '17 at 12:22

1

You didn't listen to the comments of GregS, so I'll do all the work for you:

HTML of Fiddle:

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script>
<body>
<pre id="output"></pre>
</body>

and the JavaScript that solves the issue, basically just the comment of GregS and an output function.

function out() {
    var args = Array.prototype.slice.call(arguments, 0);
    document.getElementById('output').innerHTML += args.join("") + "\n";
}

out("decrypted text: ");
var base64Key = "QWJjZGVmZ2hpamtsbW5vcA==";
var key = CryptoJS.enc.Base64.parse(base64Key);

var decryptedData = CryptoJS.AES.decrypt("lxbdRfoav/6UW/yZtuQM9X1qaI7qZLyuPWgmwPkti/Ayl4CpiPEAMklpaq74BU/U/MxxLgDz4CMs/jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on/fdkkLLRMkIFYyBXRTLb/Q1Y85jzbRTOpTG50EjOxMZFlQ=", key, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
});
var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8);
out("decryptedText = " + decryptedText);

You can run the fiddle here and you can find the hints with regards to the output here.

edited May 23 '17 at 12:22

Community

1
1

answered Oct 20 '14 at 21:31

Maarten Bodewes

90,524
13
150
263

Few things : 1st YOU ARE STILL NOT READING THE QUESTION. 2nd- Your friend GregS never said anything about the JS Code. He only commented about the Java code so before commenting you should READ his comments. 3rd thing whatever Javascript code you have written is just another version of MY code. If i give the same base64Key and encrypted Text which you have used as input to the JS code which i have shared above in the QUESTION i get the same output which your fiddle is giving. So what DIFFERENT did you wrote. Can you please confirm if you actually understood the question. – Achyut Oct 22 '14 at 18:53
Let me put the question in short for you since you spent some time writing that answer above which is nothing but COPY PASTE of my code + 1 out function. So don't even think of taking the pride that you did "all the work for me".So the Question is - Java should encrypt some TEXT and pass on the key and encrypted text to Javascript which will use the key and decrypt the encrypted text. I have written a Java Code which does encryption and a a javascript code which does decryption. There is something which i am missing between the 2 hence my decryption is failing. I hope this would make it clear. – Achyut Oct 22 '14 at 18:59
I am shocked to see someone up voted his answer which does the same thing as the code in the question. Stack Overflow is seriously losing its charm. Some body has down voted the question. Can the person JUSTIFY the down vote or he just did because he has the power to do it. Do we have any moderators in stack overflow or even we have lost them. – Achyut Oct 22 '14 at 19:02
Yeah, yeah whatever. In the mean time both the Java and JavaScript is running fine on my system. And you still haven't grasped Greg's comment. – Maarten Bodewes Oct 22 '14 at 19:52
O Mr Genius i think you aren't following things here. Yes i haven't understood what Mr Greg has written because i am not a Java developer and That is the reason the question is posted here. If i would have known things i wouldn't have been wasting my time here with a arrogant noob like you here. – Achyut Oct 23 '14 at 06:56
You can replace one method with another method, can't you? After it has been explicitly pointed out to you? – Maarten Bodewes Oct 23 '14 at 07:59

Java Encryption and Javascript Decryption

1 Answers1

Linked