Cipher a string using crypto-js with hex encoding to make it url friendly

Question

I am using crypto-js by brix. I have this function below that handles the encryption of a plain text.

import CryptoJS from 'crypto-js'
import AES from 'crypto-js/aes'

const SECRET = 'I am batman'
const plainText = 'This is Sparta!'

export function enc(plainText){
    // returns something like this U2FsdGVkX184He5Rp991JYAiCSdTwfZs8T3kJUk3zAc=  
    // but with random `/` and I dont want that
    // I want it to be Hex but .toString(CryptoJs.enc.Hex) 
    // is not working, it just returns an '' empty string
    // it's a string, I checked using typeof
    return AES.encrypt(plainText, SECRET).toString();
}

How do I make the enc(string) to return a Hex value which is url friendly?

If you have trouble with `/` why don't you use the URL-safe Base64 encoding? — Artjom B., Jun 23 '17 at 18:32
Hi @ArtjomB. Yes but, .toString(CryptoJs.enc.Base64) isnt working on `AES.encrypt()` — jofftiquez, Jun 24 '17 at 01:57
It's already Base64-encoded. You just need to replace some characters (see [this](https://stackoverflow.com/a/17641505/1816580)). — Artjom B., Jun 24 '17 at 11:46
@ArtjomB. replacing characters will affect the data integrity. — jofftiquez, Jun 26 '17 at 01:00
Well, you would replace them back when you want to use the ciphertext to decrypt it. — Artjom B., Jun 26 '17 at 05:12

l'L'l · Accepted Answer · 2019-06-20T05:15:30.033

19

You would likely want to do:

export function dec(cipherText){
   var bytes = CryptoJS.AES.decrypt(cipherText, SECRET);
   var hex = bytes.toString(CryptoJS.enc.Hex);
   var plain = bytes.toString(CryptoJS.enc.Utf8);
   return [hex, plain];
}

This takes the encrypted base64 string and will return the decrypted plaintext and hexadecimal.

EDIT: In regards to your comment and edited question:

const SECRET = 'I am batman'

function enc(plainText){
    var b64 = CryptoJS.AES.encrypt(plainText, SECRET).toString();
    var e64 = CryptoJS.enc.Base64.parse(b64);
    var eHex = e64.toString(CryptoJS.enc.Hex);
    return eHex;
}

function dec(cipherText){
   var reb64 = CryptoJS.enc.Hex.parse(cipherText);
   var bytes = reb64.toString(CryptoJS.enc.Base64);
   var decrypt = CryptoJS.AES.decrypt(bytes, SECRET);
   var plain = decrypt.toString(CryptoJS.enc.Utf8);
   return plain;
}

The end result takes the base64 string, makes it hexadecimal and returns the decrypted string.

edited Jun 20 '19 at 05:15

answered Jun 23 '17 at 07:14

l'L'l

44,951
10
95
146

Hi, thanks for answering. Im sorry I think I "mis-asked" my question. I updated it. That was careless of me. What I meant is I want `enc(string)` to return `Hex` so I could use it in url. – jofftiquez Jun 23 '17 at 07:37
Wow, thanks man. It worked. I just found out that NodeJs has a native Crypto implemantation with `aes-256-ctr` as well. What's your thoughts on that? – jofftiquez Jun 23 '17 at 08:48
You're welcome! I'd say the native crypto might be a good thing to look into as I'm not sure how secure CryptoJS is for something that would be highly sensitive. Some of the methods CryptoJS uses seem dated and I'm not sure I like the default way in which it salts the encrypted string... – l'L'l Jun 23 '17 at 09:16
Hi, I have a concern. It seems that this setup `enc(string)` produces a different hex every iteration even if I encrypt the same string, which is not good coz I am keeping the the hex output as a reference for my data. `string1 = 23h52kh5242h235232 = string1` `string1 = 23h52kh52gjh235144 = string1` – jofftiquez Jun 23 '17 at 11:28
@CENT1PEDE: Well, that's sort of the point of encrypting something. If you are needing the string to be static then you'll likely want to hash it in some way instead. – l'L'l Jun 23 '17 at 11:46
I was able to achieve what I want using nodejs' crypto. The process is pretty much the same with what you did except you can explicitly tell the algo what to encode to. `crypto.createCipher('aes-256-ctr', SECRET).update(plainText, 'utf8', 'hex')` and the output is the same. My guess is there's something going on when you encoded it to base64, just a guess tho. – jofftiquez Jun 23 '17 at 12:05
@l'L'l Two questions: (1) What is `e64` in the `enc` function snippet you posted? (2) What is the return type of `CryptoJS.AES.encrypt` and `CryptoJS.AES.decrypt` methods? – Water Cooler v2 Oct 23 '19 at 14:08
@WaterCoolerv2: `e64` takes the resulting base64 string and makes it hexadecimal. For `CryptoJS.AES.encrypt` the type would be `Base64`, for `decrypt` the return type is `Hexadecimal`, but for `ASCII` you can use `toString(CryptoJS.enc.Utf8)`. – l'L'l Oct 27 '19 at 00:13
@l'L'l `e64` is actually a `WordArray`. I did some research in the meanwhile after posting the comment. For anyone else reading this, here is a more detailed explanation: https://stackoverflow.com/q/58524245/303685 – Water Cooler v2 Oct 27 '19 at 11:07
@l'L'l We see it in hexadecimal whenever we print out any binary data because hexadecimal is a printable *notation*. It is not a data type. It is simply a way of writing something. That doesn't mean that there's an underlying hexadecimal data type. You can write any numeric data in the hexadecimal notation. In contrast, a *data type* not only represents an underlying value but it also has a *size*. – Water Cooler v2 Oct 27 '19 at 17:32
Can anyone suggest me the corresponding decryption algorithm so that I can decrypt via another language for example in the server end? – Vicks May 13 '21 at 07:47

Cipher a string using crypto-js with hex encoding to make it url friendly

1 Answers1

Linked