1

I have encrypt the file using node.js and decrypt in JAVA. Decryption is done in JAVA using "AES/GCM/Nopadding" algorithm and it is third party app hence I cannot change the JAVA code. I am encrypting the file in node.js using "aes-256-gcm" (not sure if it is equivalent to "AES/GCM/Nopadding") algorithm.

I have tried with crypto, node-forge npm module also tried setting cipher.setAutoPadding(false). But no luck. Could you please guide me where I am going wrong.

code in node.js

const
 algorithm = 'aes-256-gcm',
 randomKey = crypto.randomBytes( 32 ),
 randomIv = crypto.randomBytes( 16 );
const
 cipher = crypto.createCipheriv( algorithm, randomKey, randomIv ),
 input = fs.createReadStream( './imageTest.jpg.gz' ), //gzip image 
 output = fs.createWriteStream( './imageTest.jpg.gz.enc' );

input.pipe( cipher ).pipe( output );

code to decrypt in JAVA

byte[] decrypt(byte[] encrptedData, byte[] key, byte[] iv) {

    GCMParameterSpec ivSpec = new GCMParameterSpec(128, iv);
    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), ivSpec);
    return cipher.doFinal(encryptedData);
}

When decrypting the file I get the below error at cipher.doFinal(encryptedData) step

Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
    at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:571)
    at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1046)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:983)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
    at javax.crypto.Cipher.doFinal(Cipher.java:2165)

so I need to know how to achieve an equivalent in node.js

Improve this question
1

1 Answer 1

Reset to default
0

Add this line into NodeJs after the decryption is finished to get the authentication tag.

const tag = cipher.getAuthTag();

Transmit this tag, too.

And. in Java part, append it before dofinal

cipher.update(textBytes);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Then send the authenticated tag appended to the ciphertext?
you mean concat tag with cipher key or encrypted data ? could you please provide more information on this ?
With the encrypted data. The last part of the ciphertext must be the authentication tag.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.