javascript - Encrypting with CryptoJS, decrypt with Ruby / AES -



javascript - Encrypting with CryptoJS, decrypt with Ruby / AES -

this problem has me knees!

i'm trying encrypt info that's going sent ror-application via ajax.

i've managed encrypt string in ruby , decrypt in javascript, can't manage reverse.

here's js:

function decrypt(data, key) { var index = data.indexof('!$'); var iv = data.substr(0, index); var crypttext = data.substr(index + 2); encrypted = {} encrypted.ciphertext = cryptojs.enc.base64.parse(crypttext); var decrypted = cryptojs.aes.decrypt(encrypted, key, { iv: cryptojs.enc.base64.parse(iv) }); homecoming decrypted.tostring(cryptojs.enc.utf8); } function encrypt( data, key ) { enc = cryptojs.aes.encrypt( data, key ); enc_str = cryptojs.enc.base64.stringify(enc.iv) + "!$" + cryptojs.enc.base64.stringify(enc.ciphertext); homecoming enc_str; } // ... var key = 'abcdef123abcdef123abcdef123abcdef123abcdef123';//cryptojs.sha256( 'abcdef123' ).tostring(); var key2 = 'abcdef123abcdef123abcdef123abcdef123abcdef123_42'; //cryptojs.sha256( 'abcdef123_42' ).tostring(); code = "123 456" uuid = "0000000000000000000000000000" var enc_code = encrypt( code, key ); var enc_uuid = encrypt( uuid, key2 );

i divided iv , ciphertext because had problems decryption in js.

here's ruby code

def decrypt(string, key) salt = nil if string.include? '$$:' sp = string.split '$$:' string = sp[0] salt = sp[1].to_i(16).to_s end parts = string.split '!$' @initialization_vector = base64.decode64(parts[0]) aes_decrypt(key, base64.decode64(parts[1]), salt) end def aes(key,string) cipher = openssl::cipher::cipher.new("aes-256-cbc") cipher.encrypt cipher.key = key #digest::sha256.digest(key) cipher.iv = @initialization_vector = cipher.random_iv# + '#' cipher_text = cipher.update(string) cipher_text << cipher.final homecoming cipher_text end def aes_decrypt(key, encrypted, salt = nil) p encrypted cipher = openssl::cipher::cipher.new("aes-256-cbc") cipher.decrypt cipher.padding = 0 # spent couple of hours exception cipher, had add together line!! cipher.key = key #digest::sha256.digest(key) cipher.iv = encrypted.slice!(0, 16) unless salt.nil? # cipher.pkcs5_keyivgen key, salt end d = cipher.update(encrypted) d << cipher.final end

as can see tried figure out way include salt, no luck (cipher wont take salt , asking octet)!

the decryption in ruby spits out gibbrish. (the methods work, i've decrypted string sent clientside (which decrypts w/o problems in js) direct in ruby, , works fine!

here's weird thing, tried decrypt string in js right away, doesn't work either! here's results:

cryptojs.aes.decrypt( enc, key, { iv: enc.iv, salt: enc.salt } ).tostring() // in encrypt() // => 31323320343536 // => 30303030303030303030303030303030303030303030303030303030 decrypt( enc_code, key ).tostring(); // after encrypt // => [empty]

my google-fu failing me, i've tried things i've found!

any ideas??

the libraries using using higher layers of openssl. higher layers back upwards password based encryption. default, cryptojs code seems utilize proprietary password based key derivation function openssl. however, ruby code less default; utilize key you've set in key, need key derivation yourself.

so if want utilize key (which should random binary data, not text), should utilize custom key , iv in cryptojs. on other hand, if want utilize password (and hence salt value), should using method-i-pkcs5_keyivgen. in case may need parse openssl encrypted blob.

javascript ruby-on-rails ruby encryption cryptojs

Comments

Post a Comment

Popular posts from this blog

php - Android app custom user registration and login with cookie using facebook sdk -

php - Android app custom user registration and login with cookie using facebook sdk - i developing android application in users need register , log in using facebook. approximately, flow. open app first time, authenticate facebook, data, send info server create them business relationship in application, start session new business relationship in server, cookie perform later interactions. so far good. what need know wich info have send server, can able identify users when log in seccond time. because need start session in server , send cookie android app farther interactions. i'm using php server side language. i thinking getting getaccesstoken() in android facebook sdk, pass server on business relationship creation , storing in android app. but can't manage how login users on sec time utilize app. any suggestions ? in advance ! to uniquely identify user within app, should create request /me , user's id. guaranteed unique , remain con
Read more

django - Access session in user model .save() -

django - Access session in user model .save() - is possible access current session in user model .save()? pseudo code of want achieve: # users.models.py def save(self, *args, **kwargs): created = true if self.pk: created = false super(abstractuser, self).save(*args, **kwargs) # post-save if created: look_for_invite_in_session_and_register_if_found(self, session) seems wrong in architecture. shouldn't access request in models layer. work request must done in view. can this: user, created = abstractuser.objects.get_or_create(name=name) if created: look_for_invite_in_session_and_register_if_found(user, request.session) django session
Read more

php - .htaccess Multiple Rewrite Rules / Prioritizing -

php - .htaccess Multiple Rewrite Rules / Prioritizing - here current htaccess file: rewriteengine on rewritecond %{http_host} !^www\.website\.com [nc] rewritecond %{http_host} ([^.]+)\.website\.com [nc] rewriterule ^(.*)$ http://www.website.com/gotourl.php?urlid=?%1 [l] rewriterule ^(\w+)$ ./gotourl.php?urlid=$1 [nc,l] rewriterule ^(\w+)/$ ./gotourl.php?urlid=$1 [nc,l] the website in question url shortener i'm working on testing/developing , personal use. above code may not ideal i'm not familiar .htaccess , made via googling , testing. want url shortening aspect: http://website.com/1234 -> http://website.com/gotourl.php?urlid=1234 http://website.com/1234/ -> http://website.com/gotourl.php?urlid=1234 the problem cannot figure out how ignore directories. want specific directories go specific pages: http://website.com/img (or) http://website.com/img/ -> http://website.com/img.php http://website.com/img/1234 (or) http://website.com/
Read more