How to create aes-256 encryption in javascript

Question

I have a PHP script that creates a AES-256-CBF8 Encryption for given string. I want to create a equivalent code for the same encryption in javascript. I used CryptoJS for the same. But my encrypted code for javascript and php both differs.

I have tried this:

PHP:

$secret_key = 'qIthpcluB8xA4Y0CGS7ahl3kfluBay7p';
    $secret_iv = '99FF8B0332880F69D14110316D640AFFA8F422311C1576AF055A00498A88EEE80D337FBB1E4B8081A0901E9A1750806B2B371E7438AB968E4C1C8D3EF05A81ED';

    $output = false;
    $encrypt_method = "AES-256-CFB8";
    $key = hash( 'sha256', $secret_key );
    $iv = substr( hash( 'sha256', $secret_iv ), 0, 16 );

    if( $action == 'enc' )
    {
        $output = base64_encode( openssl_encrypt( $string, $encrypt_method, $key, 0, $iv ) );

    }
    else if( $action == 'dec' )
    {
        $output = openssl_decrypt( base64_decode( $string ), $encrypt_method, $key, 0, $iv );
    }
    else
    {
        return false;
    }

    return $output;

JavaScript:

var message = '{"Request":"login","Username":"123456","API_AccessKey":"b57a4d91965d456","GMT_Timestamp":"101439"}';

var key = CryptoJS.SHA256("qIthpcluB8xA4Y0CGS7ahl3kfluBay7p"); //length=22
console.log(key);


var iv1  = CryptoJS.SHA256("99FF8B0332880F69D14110316D640AFFA8F422311C1576AF055A00498A88EEE80D337FBB1E4B8081A0901E9A1750806B2B371E7438AB968E4C1C8D3EF05A81ED"); //length=22

var iv = iv1.toString().substring(0,16);


var key1 = key.toString();


console.log(iv);
console.log(key);

//iv.substring(0,16);
//iv is now 987185c4436764b6e27a72f2fffffffd, length=32

var cipherData = CryptoJS.AES.encrypt(message, key1, { iv: iv },{mode: CryptoJS.mode.CFB8});
console.log(cipherData.toString());
//var cipherData="NUUyUDZPVGFLUzVCSUZpRUR3S28vN3dwY2ZLbjVTeDRDc25aTUdmS2pYc3VlTFBFWEpxVFVENmRIV1BCTUdxQXo4UHpOdTlqK2lqcXVNWlBZdTQvTlFlSW5CZnI5UHdiQ1ovNEhCUHU2KytyT3dyOCtrLzBmQT09";


var data = CryptoJS.AES.decrypt(cipherData.toString(), key1, { iv: iv },{mode: CryptoJS.mode.CFB});
console.log(data);

var NewCipher = CryptoJS.enc.Utf8.parse(cipherData);

document.getElementById("demo0").innerHTML = message;
document.getElementById("demo1").innerHTML = CryptoJS.enc.Base64.stringify(NewCipher);
document.getElementById("demo2").innerHTML = data;
//document.getElementById("demo3").innerHTML = CryptoJS.enc.Base64(data.toString(CryptoJS.enc.Utf8));
document.getElementById("demo3").innerHTML = data.toString(CryptoJS.enc.Utf8);

Please help me in this.

@user2182349 i am not much into encryption, could you please explain Why i need SSL? i just want a common encryption method which could be developed in another language as well — Rajan, May 29 '17 at 03:18
JavaScript is all on the client side. It can be read and the encryption can be examined by all site visitors. Using an SSL certificate will properly protect the data as it is sent from the client to the server. Encryption is very complex, you should use existing solutions instead of writing your own. — user2182349, May 29 '17 at 03:21
Okay could i use JAVA instead ? As i am creating an API in PHP, my client would be any other language.. So i just want to test my encryption technique can be developed on other language as well — Rajan, May 29 '17 at 03:26
If you're using only symmetric encryption you need the exact same key at the server and the client. If you send the encryption key from the server to the client or the other way around you need to encrypt your symmetric encryption key. The easiest way to do this would be to use TLS. If you use TLS, then the data as well as key are encrypted, so you don't need to encrypt it yourself. This doesn't provide any security, just a little bit of obfuscation. You should read: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/ — Artjom B., May 29 '17 at 05:28
The IV must be different (read: random) for each encryption with the same key. Don't use a static IV, because that makes the cipher deterministic and permits the attacker to deduce the plaintexts if they observed multiple ciphertexts. This is called the many-time pad (or [two-time pad](https://twitter.com/angealbertini/status/425561082841690112/photo/1)). The IV is not secret, so you can send it along with the ciphertext. Usually, it is simply prepended to the ciphertext and sliced off before decryption. — Artjom B., May 29 '17 at 05:28

capcj · Answer 1 · 2017-05-29T03:49:40.820

You should rely on the backend to do the encrypt, it's the safer way to do that. But if you are so concerned about security to use AES256, should use SSL as already said into the comments, because of tunneling and other properties that increase significantly the security of your routine.

I know there are plenty of routines in client side around the web, but it's not good to use them, the flaws of client side is outnumbered comparing with backend routines of criptography, IMHO.

For several reasons, including the following:

Secure delivery of Javascript to browsers is a chicken-egg problem.

Browser Javascript is hostile to cryptography.

The "view-source" transparency of Javascript is illusory.

Until those problems are fixed, Javascript isn't a serious crypto research environment, and suffers for it.

About the SSL solution, it will already deliver to use some kind of security better than your own js routine:

You can. It's harder than it sounds, but you safely transmit Javascript crypto to a browser using SSL. The problem is, having established a secure channel with SSL, you no longer need Javascript cryptography; you have "real" cryptography. Meanwhile, the Javascript crypto code is still imperiled by other browser problems.

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/

Thanks for this valuable information, but i just wanted to check if my php code is reproducible in any another language — Rajan, May 29 '17 at 04:24
I know Rajan, but I wanted to show about JS crypto, understand? Check in java to maintain reliability in your php api, ok? — capcj, May 29 '17 at 10:25
Yes Carlos i appreciate your help I had not noticed that earlier — Rajan, May 29 '17 at 10:27
https://stackoverflow.com/questions/992019/java-256-bit-aes-password-based-encryption Consider using the Spring Security Crypto Module — capcj, May 29 '17 at 10:36

How to create aes-256 encryption in javascript

1 Answers1