Decrypt AES 256 CBC javascript

Question

I am a newbie angular front end developer and now I need to access to a Java spring REST api of the other developer team.

In order to get api http://apps.api.com/api/user/login , I need to send that request with Headers : Authorization : Bearer b517241b-e81d-430e-afb6-773527989b47 and Content-Type : application/json.

To get the token b517241b-e81d-430e-afb6-773527989b47 , I have to request to another api http://apps.api.com/api/auth/token, then the result that I get from that api is something like :

{ "token": "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0NTQwMzI5MDk2NzYsInN1YiI6InRva2VuIiwidG9rZW4iOiIrbjZEd1NDUGVMbXd0SGpCT2ZzZUhVRlwvS2NOMzBBTDRkXC9sWDlSVlI1UWxnXC9wV2M1VVNNREpCVDVSUnNWNHpadUFtNExWc3BIeDl1SmtESGhvZTI0dWhMcUNzeUFmZklYMTBkalVqVzFnOSt5QTN4eEg4TElQbzBoTDR5V0JhNnplWm9lVFcrZFE0dzd3MVhCazhLZFZwWGFmRmJMZ3RoXC9OdVE5REM1c3QxTllnSDB2aHRWZ0lha3VnZVlhOEFPU1c3eWVsOWFHcXhJN1hHM1FrbVwvYUE9PSIsImlzcyI6Imh0dHBzOlwvXC93d3cud2luZ21vbmV5LmNvbSJ9.uBQYvfTwadTG2QZ76tQN6-ETT1M8X72ltDe7xBCvEhA" }

What I need to do is, decode that token using jwt then decrypt it using AES 256 CBC (I got stuck here).

I got the code of decryption from back-end developer and the code is in java :

private static final String AES_KEY = "HG47YZ3CR8";
public static String decrypt(String orignalText) throws ApplicationException {

    try {
        final MessageDigest md = MessageDigest.getInstance("SHA-256");
        final byte[] digestOfPassword = md.digest(AES_KEY.getBytes("utf-8"));
        final SecretKey key = new SecretKeySpec(digestOfPassword, "AES");

        final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

        cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(new byte[16]));
        final byte[] plainTextBytes = Base64.decodeBase64(orignalText);
        final byte[] encodeTextBytes = cipher.doFinal(plainTextBytes);

        return new String(encodeTextBytes);

    } catch (NoSuchAlgorithmException |
            UnsupportedEncodingException |
            IllegalBlockSizeException |
            InvalidKeyException |
            BadPaddingException |
            NoSuchPaddingException | InvalidAlgorithmParameterException e) {
        throw new ApplicationException(ErrorCode.GENERAL_FAIL, e);
    }
}

I've been trying to search for javascript library to write the decryption same as that java code but I could not find the right one.

I appreciate if any one has any idea about which javascript library that is similar to this java code.

score 0 · Answer 1 · edited May 23 '17 at 10:27

0

I'm not sure I'd really recommend using your front end to decrypt anything since this would require your key to be in the javascript library which would essentially allow EVERYONE to decrypt your token. Which would beg the question why are you encrypting to begin with. But if you really need to do this in javascript you can check out the SO answers here.

edited May 23 '17 at 10:27

Community

1
1

answered Jan 29 '16 at 03:16

Kent Cooper

4,319
3
19
23

Decrypt AES 256 CBC javascript

1 Answers1

Linked