0

The value of the data input is encoded with a AES-128 mechanism, where the first 16 characters is the client_secret of my application, which serves as a key to the decoding process.I tried to decode it,it not work. The code I tried `

const express=require('express');
const bodyParser=require('body-parser');
var app=express();
var crypto=require('crypto');
app.use(express.static(__dirname+'/public'));
app.use(bodyParser.urlencoded({extended:true}));
app.post('/',(req,res)=>{
    var app_secret_key="my secret key";
    var abc=JSON.stringify(req.body.data);
    var key_app_secret_key=app_secret_key.substring(0,16);
    function decrypt(key,data){
        var decipher = crypto.createDecipher('aes-128-cbc',key);
        var decrypted = decipher.update(data,'binary', 'utf8');
        decrypted += decipher.final('utf8');
        return decrypted;
    }
    console.log(decrypt(key_app_secret_key,abc));
 });
app.listen(3000,()=>{
    console.log('Server running in port 3000');
})

` The error I am getting attach below. Please advise me how to solve this issue. Thanks in advance. 

Error: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length
    at Decipher.final (crypto.js:183:26)
    at decrypt (c:\xampp\htdocs\cameacoins\encryptPract\app.js:18:25)
    at app.post (c:\xampp\htdocs\cameacoins\encryptPract\app.js:22:14)
    at Layer.handle [as handle_request] (c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\layer.js:95:5)
    at next (c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\route.js:137:13)
    at Route.dispatch (c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\route.js:112:3)
    at Layer.handle [as handle_request] (c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\layer.js:95:5)
    at c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\index.js:281:22
    at Function.process_params (c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\index.js:335:12)
    at next (c:\xampp\htdocs\cameacoins\node_modules\express\lib\router\index.js:275:10)
user3728517
  • 157
  • 3
  • 10
  • First of all AES is not an encoding algorithm, it is an encryption algorithm. You should definitely write your encryption code, too. – kelalaka Jan 31 '19 at 15:46
  • Hi kelalaka, the response is coming from an api, according to there documentation "The value of the data input is encoded with a AES-128 mechanism", what do you think? Still I need to encrypt? – user3728517 Jan 31 '19 at 16:11
  • Which mode of operation, which padding scheme, which output encoding one need to know. If CBC used then the number of blocks must be at least one bigger then the number of plaintext blocks. – kelalaka Jan 31 '19 at 16:27
  • Kelalaka, I can't say that much details but here some information from the documentation,I hope It will help you to understand details Mode of operation is post,padding scheme AES 16 bytes (128 bits).Thank you – user3728517 Jan 31 '19 at 17:04
  • Can you encrypt some with the api? If so, encrypt one block and see the result. If the output 16 bytes, it must be ECB, if 32 bytes it must be CBC. They may use some encoding like base64 that you can see it with the char '=' at the end. – kelalaka Jan 31 '19 at 17:21
  • kelalaka, the last block has no char '=' at the end, Here is the last block 'V5cNRCmn0pfhGzKCIS0OcNcq6WlSXmUPluqY', according to your previous message it's CBC. – user3728517 Jan 31 '19 at 17:40
  • Then try to use [this](https://stackoverflow.com/questions/50922462/aes-cbc-pkcs5padding-iv-decryption-in-nodejs-encrypted-in-java) – kelalaka Jan 31 '19 at 17:42
  • Thanks kelalaka,Thank you so much, in the documentation they wrote a sample code about decoding. Do you have time to check this? https://github.com/santunu23/apiphp/blob/master/converted.php – user3728517 Jan 31 '19 at 18:04
  • As we can see they use base64 encoding see [this](https://stackoverflow.com/questions/3538021/why-do-we-use-base64).They convert _ and - to + and / then you have to. After this decode the base 64. Then the first 16 byte's are IV bytes and the rest is the ciphertext. – kelalaka Jan 31 '19 at 18:08
  • I've uses online base64 tool. Yes, the block is [base64](https://www.base64decode.org/) – kelalaka Jan 31 '19 at 18:16
  • Hi kelalaka, Thank you so much for your feedback, I worked as per your advice,but unfortunately failed to get the work done. Do you have a few minutes to look at my code?It's so that you can advice what point I missed. The link is given below. https://github.com/santunu23/apiphp/blob/master/app.js – user3728517 Feb 02 '19 at 09:39
  • Last two lines should be; mykey.update(payload,'base64'); var mystr =mykey.final(); // update enables to add as many data as possible. final calculates. If still not working let me know. – kelalaka Feb 02 '19 at 18:27

0 Answers0