CODEWITHSUNDEEP
javascriptaescryptojs
user2061637
user2061637

Reputation: 1

How can I decrypt AES CBC Mode in Hex String?

My task is to decrypt AES-128 in CBC Mode as I already have to encrypted hex string and the key (also in hex). I have tried a simple code like:

function doDecrypt(){
    var encryptedData = "1d4c76364618b6efce62258353f89810"
    var key = "11112222333344445555666677778888"; 

    encryptedData = CryptoJS.enc.Hex.parse(encryptedData);
    key = CryptoJS.enc.Hex.parse(key);

        var decrypted = CryptoJS.AES.decrypt(encryptedData, key);
    alert(CryptoJS.enc.Hex.stringify(decrypted));
}

The result I get is just a blank word array (in "decrpyted"), can anyone point out that where did i do wrong please?

do I need an additional information such as iv, salt or not?

Upvotes: 0

Views: 2051

Answers (1)

Rob Napier
Rob Napier

Reputation: 299605

"AES-128 in CBC Mode" is not a data format. There is no universal way of writing encrypted data along with the required metadata. You need to know what you've been handed and how it was generated. Then you can work out how to implement the same with CryptoJS in most cases. In particular, you need to know the following:

  • What algorithm? "AES-128" is ambiguous. It could mean "AES with a 128-bit key size" or it could mean "AES with a 128-block size and some other key size."
  • What key size (see above)
  • What mode? (You've answered this: it's CBC.)
  • What is the padding? The most common is PKCS#7, but there could be no padding. (For CBC mode, it is almost certainly PKCS#7.)
  • What is the IV? There is always an IV for CBC. Sometimes that IV is incorrectly set to NULL (this makes CBC less secure). It is possible that the IV is generated somehow from a password (this is how OpenSSL works).
  • Do you have a good key, an insecure key, or a password. A good key is a series of random bytes the size of your key. An insecure key is when a password is treated like a key (by copying human-typed letters into the key buffer). This is insanely insecure, but very common.
  • If you have a proper password, then what KDF and parameters were used to convert it to a key? For example, did they use the OpenSSL KDF or PBKDF2 or bcrypt or scrypt?
  • Is there any other metadata, such as an HMAC? (An HMAC is required to secure AES-CBC. Without it, an attacker can sometimes modify the ciphertext to decrypt to a desired plaintext.)

When you have these answers, then you can work out how to implement it with CryptoJS.

Upvotes: 3

Related Questions