5

I try to do crypto on node.js but badly I fail to have the same result than online sites.

I want to encrypt some binary data with a binary key. I use the tutorial on nodejs site but I have a different result from my reference data set. My reference data set is validated with java code, with C code and with two online site : http://aes.online-domain-tools.com/ and https://www.hanewin.net/encrypt/aes/aes-test.htm

Have you an idea how to encrypt the same way that those sites? I guess it can be the padding?

Thanks in advance. François

My reference data set :

    key=8CBDEC62EB4DCA778F842B02503011B2
    src=0002123401010100000000000000c631
    encrypted=3edde3f1368328a1a37cf596bc8d4a7c

My code :

    var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
    var src = new Buffer('0002123401010100000000000000c631', 'hex')
    cipher = crypto.createCipher("aes-128-ecb", key)
    result = cipher.update(src).toString('hex');
    result += cipher.final().toString('hex');
    "result   : " + result

Output :

    result   : 4da42b57b99320067979086700651050e972f1febd1d506e5c90d3b5d3bc9424
Improve this question
5
  • 1
    Change crypto.createCipher to crypto.createCipheriv and pass an empty IV (""). Also, you might want to disable padding. Commented May 4, 2017 at 17:52
  • 1
    Never use ECB mode. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like CBC or CTR. It is better to authenticate your ciphertexts so that attacks like a padding oracle attack are not possible. This can be done with authenticated modes like GCM or EAX, or with an encrypt-then-MAC scheme. Commented May 5, 2017 at 15:57
  • @ArtjomB. There are instances where ECB mode is acceptable. A typical example is a random session code that is encrypted. There are very specific requirements as 'sufficient' entropy on input. The example data above is a single 128-bit block. Commented Aug 17, 2019 at 15:28
  • @Matt If you can design and crypto analyze a mode of operation then you can likely assess whether ECB is secure enough for your specific use case. If you're talking about encrypting a session code then I would say that only encryption doesn't make sense in that case. Instead, use transport layer security possibly along with a cryptographic signature of the session code along with a signed timestamp. Commented Aug 17, 2019 at 18:07
  • @ArtjomB. There are various implementations and different requirements. There are specific implementations where ECB is sufficient. The bold comment 'Never use ECB' is misleading. I will not comment on the 'sense' part of the session key example as I don't believe you have enough details to draw a conclusion. Commented Aug 18, 2019 at 4:44

1 Answer 1

Reset to default
9

Thank you Artjom B.

I post hereunder the fixed code :

var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var src = new Buffer('0002123401010100000000000000c631', 'hex')
cipher = crypto.createCipheriv("aes-128-ecb", key, '')
cipher.setAutoPadding(false)
result = cipher.update(src).toString('hex');
result += cipher.final().toString('hex');
"result   : " + result

To decrypt, do the same :

var key = new Buffer('8CBDEC62EB4DCA778F842B02503011B2', 'hex')
var encrypted = new Buffer('3edde3f1368328a1a37cf596bc8d4a7c', 'hex')
decipher = crypto.createDecipheriv("aes-128-ecb", key, '')
decipher.setAutoPadding(false)
result = decipher.update(encrypted).toString('hex');
result += decipher.final().toString('hex');
"result   : " + result

Thanks, i am sincerely grateful. Regards, François

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Note that padding is required if the data to be encrypted is not always a multiple of the block size which is 128-bytes. Also ECB mode is not secure, see ECB mode, scroll down to the Penguin. Instead use CBC mode with a random IV, just prefix the encrypted data with the IV for use in decryption, it does not need to be secret.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.