-2

I have followed to encrypt username and password AES in React based on the below link https://www.code-sample.com/2019/12/react-encryption-decryption-data-text.html using crypto-js

const encryptedUsername = CryptoJS.AES.encrypt(usernameWithoutSpaces, SECRET_KEY).toString();
 const encryptedPassword = CryptoJS.AES.encrypt(values.password, SECRET_KEY).toString();

I have used the SECRET_KEY as 16byte code which I randomly generated. And used this key for both encrypt and decrypt.

I have followed the decryption based on https://devrescue.com/python-aes-cbc-decrypt-example/

from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import base64

def decrypt_view(request):
    encrypted_username = request.data['username'] 
    encrypted_password =request.data['password'] 
    secret_key =b'53d7311e6f8f88c0bbc4a08bccd7e254'
    decrypted_username = decrypt_data(encrypted_username, secret_key)
    decrypted_password = decrypt_data(encrypted_password, secret_key)

  
    
def decrypt_data(encrypted_data, key):
    try:
        cipher = AES.new(key, AES.MODE_CBC, iv=b'1234567890123456')
        decrypted_data = 
         unpad(cipher.decrypt(base64.b64decode(encrypted_data)), 
        AES.block_size)
        
        # print("&&&&&&&&&&&&&&",decrypted_data)
        return decrypted_data.decode('utf-8')
      except Exception as e:
        print("DDDDDDDDDDDDDDD",e)

with this encryption done at frontend and at backend couldn't decrypt as Error which i got as Padding is incorrect. Padding is incorrect.

I have also used cryptography module and fernet which is in python to perform decryption. hence it doesnt suite with crypto-js.

janani dev
  • 1
  • 2
  • CryptoJS applies a key derivation function when the key material is passed as string. If it is to be processed *directly* as key (as it seems to be intended according to the Python code), it has to be passed as `WordArray` (also the IV has to be passed as `WordArray`). – Topaco Aug 23 '23 at 12:47
  • Hi Topaco, Do you mean Secretkey should be 16byte words not numbers? Kindly guide me I'm very new to perform cryptography – janani dev Aug 23 '23 at 12:51
  • If you are not familiar with CryptoJS, you should read the [CryptoJS documentation](https://cryptojs.gitbook.io/docs/), in particular the section [*The Cipher Input*](https://cryptojs.gitbook.io/docs/#the-cipher-input). – Topaco Aug 23 '23 at 12:55
  • You specify an IV for decryption but not for encryption. See also https://stackoverflow.com/a/35536933/150978 – Robert Aug 23 '23 at 13:39
  • def decrypt_data(encrypted_data): try: secret_key = binascii.unhexlify('secret key') iv = secret_key cipher = AES.new(secret_key,AES.MODE_CBC,iv=iv) decrypted_data = cipher.decrypt(base64.b64decode(encrypted_data)) return decrypted_data.decode('utf-8') except Exception as e: print("Error",str(e)) With this code I just happened to decrypt the data but Im getting different trailing characters added at the end of password. I have tried to strip() methods to truncate but of no use. How to get rid of it – janani dev Aug 24 '23 at 14:23

0 Answers0