Java Encryption and Javascript Decryption [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

Want to improve this question? As written, this question is lacking some of the information it needs to be answered. If the author adds details in comments, consider editing them into the question. Once there's sufficient detail to answer, vote to reopen the question.

Closed 11 years ago.

Improve this question

I am trying to encrypt a data in java and decrypt the same in javascript. There is already a similar question in SO but it does not work for me.

My question is - Encrypted Text given by Java code is not getting decrypted by Javascript. I have hardcoded the the encrypted text and key in my JS below.

P.S. I know decryption on the UI is of no use as Key will be visible and any user can decode the code. But my requirement of doing so is to bypass a Penetration Testing tool. So please suggest how it can be done

Java code -

import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class Crypt {
    private static final String ALGO = "AES";
    private static final byte[] keyValue = 
    new byte[] { 'A', 'b', 'c', 'd', 'e', 'f', 'g',
    'h', 'i', 'j', 'k','l', 'm', 'n', 'o', 'p'};

public static String encrypt(String Data) throws Exception {
    Key key = generateKey();
    String keyForJS = Base64.encodeBase64String(keyValue);
    System.out.println("Key2 = " + keyForJS);
    Cipher c = Cipher.getInstance(ALGO);
    c.init(Cipher.ENCRYPT_MODE, key);
    byte[] encVal = c.doFinal(Data.getBytes());
    String encryptedValue = Base64.encodeBase64(encVal).toString();
    return encryptedValue;
}

private static Key generateKey() throws Exception {
    Key key = new SecretKeySpec(keyValue, ALGO);
    return key;
}

public static void main(String a[]) throws Exception
{
  System.out.println("Encryption = " + Crypt.encrypt("Test"));

}
}

execution of the above code in eclipse generate the following output -

Key2 = [B@670b5064

Encryption = [B@3c8b22e5

Now i will use this data for my JS Code

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script>

var base64Key = "[B@670b5064"; // This is the output key from Java
var key = CryptoJS.enc.Base64.parse(base64Key);


var decryptedData = CryptoJS.AES.decrypt( "[B@3c8b22e5", key, { // This is the Output text from Java
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
} );
var decryptedText = decryptedData.toString( CryptoJS.enc.Utf8 );
console.log( "decryptedText = " + decryptedText );

Output of JS code -

decryptedText - (Its blank, nothing appears). Please find JS Fiddle - http://jsfiddle.net/achyut/pKNzV/11/

Please read this: matasano.com/articles/javascript-cryptography — ntoskrnl
– ntoskrnl, Commented Oct 11, 2014 at 15:11
@ntoskrnl - I have already done my research. I very well know the fact that decryption on javascript is of no good. But it is my requirement and that is why i have been doing research on finding out how to and so is the question here posted. I need to by pass a penetration testing tool. — Achyut
– Achyut, Commented Oct 11, 2014 at 20:39
A problem I can immediately spot is that you've called toString() on a byte array and then put the resulting strings in the JS code. byte[] doesn't override toString() so you just get the default method from Object. — ntoskrnl
– ntoskrnl, Commented Oct 11, 2014 at 20:47

Community · Accepted Answer · 2017-05-23 12:22:41Z

1

You didn't listen to the comments of GregS, so I'll do all the work for you:

HTML of Fiddle:

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script>
<body>
<pre id="output"></pre>
</body>

and the JavaScript that solves the issue, basically just the comment of GregS and an output function.

function out() {
    var args = Array.prototype.slice.call(arguments, 0);
    document.getElementById('output').innerHTML += args.join("") + "\n";
}

out("decrypted text: ");
var base64Key = "QWJjZGVmZ2hpamtsbW5vcA==";
var key = CryptoJS.enc.Base64.parse(base64Key);

var decryptedData = CryptoJS.AES.decrypt("lxbdRfoav/6UW/yZtuQM9X1qaI7qZLyuPWgmwPkti/Ayl4CpiPEAMklpaq74BU/U/MxxLgDz4CMs/jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on/fdkkLLRMkIFYyBXRTLb/Q1Y85jzbRTOpTG50EjOxMZFlQ=", key, {
    mode: CryptoJS.mode.ECB,
    padding: CryptoJS.pad.Pkcs7
});
var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8);
out("decryptedText = " + decryptedText);

You can run the fiddle here and you can find the hints with regards to the output here.

edited May 23, 2017 at 12:22

CommunityBot

11 silver badge

answered Oct 20, 2014 at 21:31

Maarten Bodewes

94.6k15 gold badges169 silver badges289 bronze badges

Sign up to request clarification or add additional context in comments.

6 Comments

Achyut Over a year ago

Few things : 1st YOU ARE STILL NOT READING THE QUESTION. 2nd- Your friend GregS never said anything about the JS Code. He only commented about the Java code so before commenting you should READ his comments. 3rd thing whatever Javascript code you have written is just another version of MY code. If i give the same base64Key and encrypted Text which you have used as input to the JS code which i have shared above in the QUESTION i get the same output which your fiddle is giving. So what DIFFERENT did you wrote. Can you please confirm if you actually understood the question.

Achyut Over a year ago

Let me put the question in short for you since you spent some time writing that answer above which is nothing but COPY PASTE of my code + 1 out function. So don't even think of taking the pride that you did "all the work for me".So the Question is - Java should encrypt some TEXT and pass on the key and encrypted text to Javascript which will use the key and decrypt the encrypted text. I have written a Java Code which does encryption and a a javascript code which does decryption. There is something which i am missing between the 2 hence my decryption is failing. I hope this would make it clear.

Achyut Over a year ago

I am shocked to see someone up voted his answer which does the same thing as the code in the question. Stack Overflow is seriously losing its charm. Some body has down voted the question. Can the person JUSTIFY the down vote or he just did because he has the power to do it. Do we have any moderators in stack overflow or even we have lost them.

Maarten Bodewes Over a year ago

Yeah, yeah whatever. In the mean time both the Java and JavaScript is running fine on my system. And you still haven't grasped Greg's comment.

Achyut Over a year ago

O Mr Genius i think you aren't following things here. Yes i haven't understood what Mr Greg has written because i am not a Java developer and That is the reason the question is posted here. If i would have known things i wouldn't have been wasting my time here with a arrogant noob like you here.

|

Collectives™ on Stack Overflow

Java Encryption and Javascript Decryption [closed]

1 Answer 1

6 Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

6 Comments

Linked

Related