使用CryptoJS解密AES CFB时,有大量重要字节

时间:2017-01-18 11:09:08

标签: javascript encryption cryptography cryptojs

我正在尝试解密AES-256加密的Base64编码的data。这部分我的JS代码:



var data = "Ic9OcXxn2MnpgFwH4SHkxSY3laYB+kkevevwOPeQjLEeUsAVcHzLdBJZ1liWK5d94I/uNwyzbk+/l6QH/WsU0mzxuXcqBYl4iRIA7UIfchYJTsoaWAnSIjsioFUBAfc8YCODID0HW4AY7nK6Bb0mTP55HxlWstE92w1uJVMmBmJRscrAxySNlAFzVVGxuiiCc3sJimfbMNajXOUeFgvSzw==";

var base64data = CryptoJS.enc.Base64.parse(data);

var encrypted = new CryptoJS.lib.WordArray.init(base64data.words.slice(4));
var iv = new CryptoJS.lib.WordArray.init(base64data.words.slice(0, 4));
var key = CryptoJS.enc.Utf8.parse("secure%password!secure%password!");

var cipher = CryptoJS.lib.CipherParams.create({
  ciphertext: encrypted
});

var decrypted = CryptoJS.AES.decrypt(cipher, key, {
  iv: iv,
  mode: CryptoJS.mode.CFB
});

var result = decrypted.toString(CryptoJS.enc.Utf8);
console.log(decrypted.toString(CryptoJS.enc.Utf8)); 
// Wrong Output: {"first_name": "Han

console.log(decrypted.sigBytes);

decrypted.sigBytes = 144

console.log(decrypted.toString(CryptoJS.enc.Utf8)); // Correct
// Correct Output: {"first_name": "Hans-J\u00fcrgen", "last_name": "M\u00fcller", "city": "Hamburg", "number": "20a", "zip": "20456", "street": "Ladenstra\u00dfe"}

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/mode-cfb.js"></script>
&#13;
&#13;
&#13;

WordBuffer的第一个输出只产生部分解密数据,因为有效字节设置为19而不是144.校正后,输出错误。

为什么我必须更正sigBytes手册?有任何想法吗?谢谢!

1 个答案:

答案 0 :(得分:1)

我自己找到了答案。问题实际上不在javascript代码中。它是在Python代码中加密数据的。

使用AES CFB在pycrpyto中将段大小设置为128时,必须填充日期以将其加密为16字节的倍数。

这是我的完整python加密代码,其中data引用一些字节字符串和key 32字节长的加密密钥。

length = 16 - (len(data) % 16)
data += bytes([length]) * length

iv = Random.new().read(AES.block_size)
key = options.encrypt_key.encode()
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)

crypted = cipher.encrypt(data)
entry = iv + crypted
entry = base64.b64encode(entry)

将条目发送到客户端,该客户端使用以下代码再次解密数据,其中data是来自python代码的base64编码的加密数据,key再次是相同的32字节长密钥:

var base64data = CryptoJS.enc.Base64.parse(data);

var encrypted = new CryptoJS.lib.WordArray.init(base64data.words.slice(4));
var iv = new CryptoJS.lib.WordArray.init(base64data.words.slice(0, 4));

var cipher = CryptoJS.lib.CipherParams.create({ ciphertext: encrypted });

var decrypted = CryptoJS.AES.decrypt(cipher, key, {iv: iv, mode: CryptoJS.mode.CFB});

这在每种情况下都很好。