Context: I'm running into an issue of decrypting a value in Java that was encrypted in javascript with crypto-js. I have two applications on a server talking to each other and some of the requests are secured by sending some encrypted values and decrypting them on the receiving end, to make sure that the requests are not accepted when they are coming from the client, but only from the other server.
Code: In javascript I have the following code to encrypt it:
export const encryptString = (stringToEncrypt: string, saltKey: string) => {
const key = enc.Utf8.parse(saltKey);
const ciphertext = AES.encrypt(stringToEncrypt, saltKey, { iv: key }).toString();
return ciphertext;
};
In Java I have the following code to decrypt it:
private String decryptString(String stringToDecrypt, String saltKey)
{
IvParameterSpec iv = new IvParameterSpec(saltKey.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(saltKey.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] cipherText = cipher.doFinal(Base64.getDecoder().decode(stringToDecrypt));
return new String(cipherText);
}
The problem: The problem seems to be caused by the fact that I am using the 'saltKey' as passphrase in javascript, because if I use the value 'key' it works. Unfortunately it is undesirable to change the encryption because of existing logic.
Question: Is it possible to modify the java code in a way that it can decrypt the encrypted value? And if so, how?
