0

I am new to android and I am trying to decrypt the data which is encrypted by making use of crypto-js in nodejs.

Nodejs code

const secretKey = "My secret key here";    
const cipherText = CryptoJS.AES.encrypt("Hello world", secretKey);
const encryptedData = cipherText.toString();

Android code

public static String encryptData(String data, String key) throws Exception {


    SecretKey secretKey = new SecretKeySpec(Base64.decode(key.getBytes(), Base64.NO_PADDING), "AES");

    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    byte[] bytes = cipher.doFinal(data.getBytes("UTF-8"));
    String encValue = Base64.encodeToString(bytes, Base64.NO_PADDING);
    return encValue;
}

But both encrypted data (from nodejs & android) is not same, so please help me what I need to do in android to get same encrypted data as in nodejs code. Thanks in advance.

Kumar
  • 270
  • 1
  • 4
  • 17
  • 1
    From the crypto-js documentation (which is very poor regarding - I would not use such a library): `If you use a passphrase, then it will generate a 256-bit key.` I assume it performs a PBKDF2. Anyway your posted code doe snot make sense - where does the base64 encode dkey in your Java code come from? – Robert Mar 29 '19 at 16:06
  • Thank you Robert, now I have edited my question and added the encryption method I'm using in android side. – Kumar Mar 30 '19 at 05:13
  • 1
    Trying to create the same ciphertext will always fail as the CryptoJS ciphertext will always change whenever it is called as well. Only the first, static 8 bytes will be identical. – Maarten Bodewes Mar 30 '19 at 21:29
  • @Robert It assumes the weak `EVPBytesToKey` from OpenSSL. It is particularly weak because it uses only 1 iteration (by default / from the command line). – Maarten Bodewes Mar 30 '19 at 21:31
  • @Maarten Yes I agree, but in my case first static 8 bytes are not identical. – Kumar Apr 01 '19 at 05:03
  • Could you please show two or thee different ciphertext, encoded in hex or base64 in your question? I presume you are talking about the JS encrypted ciphertext, yes? – Maarten Bodewes Apr 01 '19 at 11:31
  • Without the ciphertext I don't see any reason to reopen the question. – Maarten Bodewes Apr 02 '19 at 13:02

0 Answers0