TypeError: Cannot read property '0' of undefined CryptoJS

Question

I am using CryptoJS in my angular app to implement AES encryption but I am keep getting TypeError: Cannot read property '0' of undefined error when I try to send empty 16 byte array in IV

Here's my typescript code:

aesEncrypt(keys: string, value: string) { // encrypt api request parameter with aes secretkey

    var key = CryptoJS.enc.Utf8.parse(keys);
    //var iv = CryptoJS.enc.Utf8.parse(keys);
    var iv = new Uint16Array(16);
    var encrypted = CryptoJS.AES.encrypt(JSON.stringify(value), key,
        {
            //keySize: 256,
            keySize: 128,
            iv: iv,
            mode: CryptoJS.mode.CBC,
            padding: CryptoJS.pad.Pkcs7,
        });

    return encrypted.toString();
}

But same thing works fine in .NET, android, ios when I send empty 16 byte array in IV

.NET code:

private static AesCryptoServiceProvider AesCryptoServiceProvider(string key)
{
    AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
    aes.KeySize = 128;
    aes.BlockSize = 128;
    aes.Mode = CipherMode.CBC;
    aes.Padding = PaddingMode.PKCS7;
    aes.Key = Encoding.UTF8.GetBytes(key);
    //aes.IV = Encoding.UTF8.GetBytes(key);
    aes.IV = new byte[16];
    return aes;
}

android code:

public static String encryptURLEncoding(byte[] key, String encryption) throws GeneralSecurityException 
{
    if (key.length != 16) 
    {
        throw new IllegalArgumentException("Invalid key size.");
    }

    // Setup AES tool.

    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[16]));
    byte[] dstBuff = cipher.doFinal(encryption.getBytes());
    String encryptedStringData = android.util.Base64.encodeToString(dstBuff, android.util.Base64.DEFAULT);
    return encryptedStringData;
}

I want to implement AES encrypt decrypt by providing empty 16 byte array because this app is interconnected with my other apps which are on android, ios platform with same encryption setup but I am getting error in my angular app, How can I resolve this issue?

Answer 1

I have faced the same problems. When I need to use AES.encrypt with hexed key, I always need to pass iv, If I use string key, iv is not needed due to the iv is infered from the string key as password.

See also https://github.com/brix/crypto-js/issues/439#issuecomment-2172055554.

Answer 2

For those who faced a similar error in typescript for encrypting a string, you just need to import the package this way

import * as Crypto from 'crypto-js';

Answer 3

I faced the same problem. Including the iv option solved it.

var iv = CryptoJS.enc.Hex.parse("101112131415161718191a1b1c1d1e1f"); var ciphertext = CryptoJS.AES.encrypt("msg", CryptoJS.enc.Hex.parse("000102030405060708090a0b0c0d0e0f"),{ iv: iv, mode: CryptoJS.mode.CTR, padding: CryptoJS.pad.AnsiX923 });

Answer 4

In the JavaScript code the IV must be passed as WordArray. Since a 0-IV was used in the C# code, this must also be done in the JavaScript code. The corresponding WordArray could be e.g.

var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");

Note that the Hex encoder is used so that the 16 bytes 0-IV correspond to 32 0-values.

Also be aware that generally a 0-IV should only be used for testing purposes. In practice, for security reasons, a random IV has to be generated for each encryption. Additionally, a key / IV pair may only be used once.

Furthermore CryptoJS does not know the parameter keySize and ignores it. The used AES variant is determined by the key size, e.g. for a 32 bytes key AES-256 is applied, here.