5

I try to do crypto on node.js but badly I fail to have the same result than online sites.

I want to encrypt some binary data with a binary key. I use the tutorial on nodejs site but I have a different result from my reference data set. My reference data set is validated with java code, with C code and with two online site : http://aes.online-domain-tools.com/ and https://www.hanewin.net/encrypt/aes/aes-test.htm

Have you an idea how to encrypt the same way that those sites? I guess it can be the padding?

Thanks in advance. François

My reference data set :

    key=8CBDEC62EB4DCA778F842B02503011B2
    src=0002123401010100000000000000c631
    encrypted=3edde3f1368328a1a37cf596bc8d4a7c

My code :

    var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
    var src = new Buffer('0002123401010100000000000000c631', 'hex')
    cipher = crypto.createCipher("aes-128-ecb", key)
    result = cipher.update(src).toString('hex');
    result += cipher.final().toString('hex');
    "result   : " + result

Output :

    result   : 4da42b57b99320067979086700651050e972f1febd1d506e5c90d3b5d3bc9424
captncraig
  • 22,118
  • 17
  • 108
  • 151
Fanch
  • 141
  • 1
  • 1
  • 4
  • 1
    Change `crypto.createCipher` to `crypto.createCipheriv` and pass an empty IV (`""`). Also, you might want to disable padding. – Artjom B. May 04 '17 at 17:52
  • 1
    **Never use [ECB mode](https://crypto.stackexchange.com/q/14487/13022)**. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like [CBC](https://crypto.stackexchange.com/q/22260/13022) or [CTR](https://crypto.stackexchange.com/a/2378/13022). It is better to authenticate your ciphertexts so that attacks like a [padding oracle attack](https://crypto.stackexchange.com/q/18185/13022) are not possible. This can be done with authenticated modes like GCM or EAX, or with an [encrypt-then-MAC](https://crypto.stackexchange.com/q/202/13022) scheme. – Artjom B. May 05 '17 at 15:57
  • @ArtjomB. There are instances where ECB mode is acceptable. A typical example is a random session code that is encrypted. There are very specific requirements as 'sufficient' entropy on input. The example data above is a single 128-bit block. – Matt Aug 17 '19 at 15:28
  • @Matt If you can design and crypto analyze a mode of operation then you can likely assess whether ECB is secure enough for your specific use case. If you're talking about encrypting a session code then I would say that only encryption doesn't make sense in that case. Instead, use transport layer security possibly along with a cryptographic signature of the session code along with a signed timestamp. – Artjom B. Aug 17 '19 at 18:07
  • @ArtjomB. There are various implementations and different requirements. There are specific implementations where ECB is sufficient. The bold comment 'Never use ECB' is misleading. I will not comment on the 'sense' part of the session key example as I don't believe you have enough details to draw a conclusion. – Matt Aug 18 '19 at 04:44

1 Answers1

9

Thank you Artjom B.

I post hereunder the fixed code :

var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var src = new Buffer('0002123401010100000000000000c631', 'hex')
cipher = crypto.createCipheriv("aes-128-ecb", key, '')
cipher.setAutoPadding(false)
result = cipher.update(src).toString('hex');
result += cipher.final().toString('hex');
"result   : " + result

To decrypt, do the same :

var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var encrypted = new Buffer('3edde3f1368328a1a37cf596bc8d4a7c', 'hex')
decipher = crypto.createDecipheriv("aes-128-ecb", key, '')
decipher.setAutoPadding(false)
result = decipher.update(encrypted).toString('hex');
result += decipher.final().toString('hex');
"result   : " + result

Thanks, i am sincerely grateful. Regards, François

Fanch
  • 141
  • 1
  • 1
  • 4
  • 1
    Note that padding is required if the data to be encrypted is not always a multiple of the block size which is 128-bytes. Also ECB mode is not secure, see [ECB mode](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_.28ECB.29), scroll down to the Penguin. Instead use CBC mode with a random IV, just prefix the encrypted data with the IV for use in decryption, it does not need to be secret. – zaph May 05 '17 at 13:40