Replicate Java decryption on JS using crypto-js

Question

I have a java code that decrypts the data when provided with data and key. The java class and function is as follow,

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
 
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
 
public class AES {
 
    private static SecretKeySpec secretKey;
    private static byte[] key;
 
    public static String decrptyBySyymetricKey(String encryptedSek, byte[] appKey) {
        Key aesKey = new SecretKeySpec(appKey, "AES"); // converts bytes(32 byte random generated) to key
        
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // encryption type = AES with padding PKCS5
            cipher.init(Cipher.DECRYPT_MODE, aesKey); // initiate decryption type with the key
        
            byte[] encryptedSekBytes = Base64.getDecoder().decode(encryptedSek); // decode the base64 encryptedSek to bytes
        
            byte[] decryptedSekBytes = cipher.doFinal(encryptedSekBytes); // decrypt the encryptedSek with the initialized cipher containing the key(Results in bytes)
        
            String decryptedSek = Base64.getEncoder().encodeToString(decryptedSekBytes); // convert the decryptedSek(bytes) to Base64 StriNG
            return decryptedSek; // return results in base64 string
        }catch(Exception e) {
            return "Exception; "+e;
        }
    }
    
    public static void main(String[] args){
    final String secretKey = "r16glPt7vyO6g22KH4JcpzUIdnUXIy5p";
     
    String custom = AES.decrptyBySyymetricKey("ul1tu6I0tLcfOYAW3Yug0HNP9sKo7O2AUuMLQjs62TOE5g0v9VTzB21EKdSAvlSM", "r16glPt7vyO6g22KH4JcpzUIdnUXIy5p".getBytes());
  
    }
}

Now I need to replicate the above using vanilla JS and Crypto-js library. However I am unable to do so. I am not able to figure out where I am going wrong.

const encryptedsek = 'ul1tu6I0tLcfOYAW3Yug0HNP9sKo7O2AUuMLQjs62TOE5g0v9VTzB21EKdSAvlSM';
const password = 'r16glPt7vyO6g22KH4JcpzUIdnUXIy5p';
        
var parsedBase64Key  = CryptoJS.enc.Base64.parse(password);

var d = CryptoJS.AES.decrypt(encryptedsek, parsedBase64Key, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
}).toString( CryptoJS.enc.Utf8 );

I am thinking that the way I am using the password is causing the issue. It does not produces any output. Any pointers will be helpful. Also I tried different decoders from crypto-js on password but it does not works.

Thanks in advance.

Relevant: [Is it ever recommended to use the ECB cipher mode?](https://stackoverflow.com/questions/9039617/is-it-ever-recommended-to-use-the-ecb-cipher-mode) — dnault, Jul 16 '20 at 22:58
Also: [What's wrong with in-browser cryptography in 2017?](https://security.stackexchange.com/questions/173620/what-s-wrong-with-in-browser-cryptography-in-2017) — dnault, Jul 16 '20 at 23:00
On Java-side the password is NOT used as a Base64-string but converted to a 32 byte long byte array (to its hex string representation). On JS-side you try to decode the password with 'var parsedBase64Key = CryptoJS.enc.Base64.parse(password);'. Just provide the password (or its hexstring representation) to your decryption method. — Michael Fehr, Jul 16 '20 at 23:48
Just to remember: Usage of AES ECB mode might be UNSECURE and should be avoided in most cases. — Michael Fehr, Jul 16 '20 at 23:50
@MichaelFehr it did not worked. I tried passing the string directly as well tried it by converting to hex as well. It does not seems to work. — digitalis, Jul 17 '20 at 10:23
As I'm no specialist on JS-side I can give you only the advice to make an encrypt method on JS-side and find out what data are need and what the output is. It might be worthful as well to run the encryption with the same params more than 1 time - I often saw an "internal" random/seed that makes the output more unpredictable AND not directly comparable with pure Java code. Good luck! — Michael Fehr, Jul 17 '20 at 15:19

score 1 · Answer 1 · answered Jul 18 '20 at 10:55

I was able to solve it. What I was doing wrong was I was using the encrypted password to decrypt my value. I realized this when I saw the password was different than the one I set. It dawn upon me that the password that I am using is encrypted one and I need to use my actual password.

The following worked once I used my actual password instead of the encrypted one.

var encryptedInfo = "5jo90pB0Sat8ftkSwS4s5cZQj2bM55kbikGKLxw/2bvk57gBPEnolPiMy3C2wr3x";

var password =  "my_secret_non_encrypted_password";
password = CryptoJS.enc.Utf8.parse(password)

var decrypt = CryptoJS.AES.decrypt(encryptedInfo.toString(), password, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
}).toString(CryptoJS.enc.Base64);

console.log('decrypt ', decrypt);

Replicate Java decryption on JS using crypto-js

1 Answers1