AES encryption in java vs cryptojs

Question

I Have an AES encryption and decrypt both in java and nodejs (cryptojs).

but when I tried to encrypt and decrypt in both have different result.

This is my java code :

import java.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;

public class enc {

    public static void main(String[] args){
        String key = "1234567890123456"; // 128 bit key: must 16 character
        String initVector = "1234567890123456"; // 16 bytes IV : must 16 character

        System.out.println("Key : "+key);
        System.out.println("Init Vector : "+initVector);

        String encrypted = encryptAES(key, initVector, "Hello World");
        System.out.println("encrypted : "+encrypted);

    }

    public static String encryptAES(String key, String initVector, String value) {

        try {

            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));

            SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");

            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);

            byte[] encrypted = cipher.doFinal(value.getBytes());

            return Base64.encodeBase64String(encrypted);

        } catch (Exception ex) {

            ex.printStackTrace();

        }

        return null;

    }

    public static String decryptAES(String key, String initVector, String encrypted) {

        try {

            IvParameterSpec iv = new IvParameterSpec(

                    initVector.getBytes("UTF-8"));

            SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");

            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);

            byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));

            return new String(original);

        } catch (Exception ex) {

            ex.printStackTrace();

        }

        return null;

    }
}

and java result :

Key : 1234567890123456
Init Vector : 1234567890123456
encrypted : ZyODokM33Io1ZKIA8h7owA==
decrypted : Hello World

My Nodejs using crypto js :

var CryptoJS = require("crypto-js");
var atob = require('atob');
var btoa = require('btoa');

var message = "Hello World";

var key = "1234567890123456"; 
var iv  = "1234567890123456"; 

console.log("Key : "+key);
console.log("Init Vector : "+iv);

key = CryptoJS.enc.Base64.parse(key);
iv = CryptoJS.enc.Base64.parse(iv);

var chiperData = CryptoJS.AES.encrypt(message, key, { iv: iv });
console.log('encrypted : ',chiperData.toString());

var data = CryptoJS.AES.decrypt(chiperData, key, { iv: iv });
console.log('decrypted : ',hex2a(data.toString()));

// Convert hex string to ASCII.
// Thanks to https://stackoverflow.com/questions/11889329/word-array-to-string
function hex2a(hex) {
    var str = '';
    for (var i = 0; i < hex.length; i += 2)
        str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
    return str;
}

and the result :

Key : 1234567890123456
Init Vector : 1234567890123456
encrypted :  tHtu5jUs0ZotjjJIHgy0eQ==
decrypted :  Hello World

as you can see encrypted in java and cryptojs is different. ZyODokM33Io1ZKIA8h7owA== and tHtu5jUs0ZotjjJIHgy0eQ==

Where is my code wrong? and how to solve this case?

so they have same encruption so can decrypt each other encrypted string

thanks

Answer 1

This is a typical problem that occurs due to the mismatch of encodings. For example, here, it seems like the problem lies in the following lines:

key = CryptoJS.enc.Base64.parse(key);
iv = CryptoJS.enc.Base64.parse(iv);

Here you are treating key and iv as Base64 encoded string, where previously (in Java) you treated them as UTF-8 encoded string.

If you want the same result as Java you should change it to,

key = CryptoJS.enc.Utf8.parse(key);
iv = CryptoJS.enc.Utf8.parse(iv);

Edit: As @erickson suggested, you can also change your Java implementation as well so that it interprets your key and iv as Base64.