0

I am using CryptoJs to encrypt files on client side before uploading to a server. Encryption and decyption is working, but my question is how secure is this. In my javascript, I pass the 'secret passphrase' as the argument to the encrypt function. All I am using for decryption is also the same passphrase. So, if someone can get hold of this 'secret passphrase', can't they easily decrypt the data?

Crytpjs:

var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase");
var decrypted = CryptoJS.AES.decrypt(encrypted, "Secret Passphrase");
Noob
  • 57
  • 3
  • 12
  • If someone were to acquire the salt used in the encryption and knew what kind of encryption you used they could decrypted it, but that's the same for all encryption. – SaggingRufus Jan 12 '17 at 18:28
  • If someone has the key of your house, he may be able to go into it, if he is able to find the door – Jonas Wilms Jan 12 '17 at 18:31
  • Keep in mind this is why it is best to have the salt a random string of characters as long as permitted. – SaggingRufus Jan 12 '17 at 18:32
  • Can you elaborate with respect to cryptojs? – Noob Jan 12 '17 at 18:35
  • @Noob the secret phrase in this case is the salt. Make it a string that no one could just guess, so if you work for Company X than using "CompanyX" as a passphrase would not be a good idea. Make a random string. – SaggingRufus Jan 12 '17 at 18:40
  • I can make that a random string. However if I hit F12 in the browser, isn't my 'random string' exposed? – Noob Jan 12 '17 at 18:42
  • Why not do the encryption server side? – SaggingRufus Jan 12 '17 at 19:00
  • It is a requirement that the encryption has to be client side. – Noob Jan 12 '17 at 19:01
  • Looks like you need something like this: http://stackoverflow.com/questions/1020368/how-can-i-hide-or-encrypt-javascript-code – SaggingRufus Jan 12 '17 at 19:02
  • @SaggingRufus Encryption doesn't use a salt. It uses a key and sometimes an IV. Salts are used with hashing and are not relevant to encryption. – Luke Joshua Park Jan 12 '17 at 20:49
  • @SaggingRufus Also, recommending a key of simply ASCII characters without applying a KDF is poor advice. It limits your keyspace by a significant margin. – Luke Joshua Park Jan 12 '17 at 20:58

3 Answers3

2

If your requirement is for uploaded files to be encrypted but visible to the server, you should really just be using TLS. There's no reason to use anything else.

If your requirement is for uploaded files to be encrypted such that even the server cannot decrypt them, then simply ask the user for a password, apply PBKDF2, and use the result as the key.

If you are going to keep your current code, there's some things you should change. At the moment, it looks like you are using ECB mode (you don't provide an IV). ECB mode is insecure and should not be used. Additionally, you need a way to ensure the data has not been changed in transit. You should apply an HMAC and append it to the end.

Luke Joshua Park
  • 9,527
  • 5
  • 27
  • 44
0

AES is a symmetric algorithm for encryption. It means that the key (secret passphrase) used to encrypt and decrypt is the same.

So, it's security relies mostly in keeping the key secure. If someone obtains the key, they will be able to decrypt anything encrypted with that passphrase.

I usually recommend that, if the encrypted data is going to be shared, then share the data over one channel (email or cloud server) and send the key over a different channel (whatsapp, phone call, etc.).

adonike
  • 1,038
  • 10
  • 8
  • Even though I am not sending key along with the data, since this is javascript, it can be easily found, correct? I mean in the browser if some one does F12, you can see all the values in the script. I am still sending the encrypted object itself over to the server. – Noob Jan 12 '17 at 18:38
  • Correct! A way to avoid it, could be to let the user to type it's key before encrypting the file. Another is generate a random key and tell the user to write it down. – adonike Jan 12 '17 at 19:47
-2

Resolved by using Javascript obfuscation. This is a neat way to mask the contents of the script.

Noob
  • 57
  • 3
  • 12