Trying to encryption/decryption data using NodeJs Fails about steel_crypt HOT 13 OPEN

Okay. I will investigate the discrepancy between this library and node.

from steel_crypt.

To test this, I'll need the values for "secureKey", "data", and "salt". Additionally, what cryptographic library are you using for NodeJS?

from steel_crypt.

I am using the inbuilt library in NodeJs

Here is the code, with the dummy key, salt & data, which works fine on app but on node I am getting an error saying the Invalid key length

var crypto = require('crypto'),
  algorithm = 'aes-256-gcm',
  password = 'n7oAAnS6oSuo9XEExIM2ZfsIw5O1nCuT7JmlEAe+ykQ=',
  // do not use a global iv for production, 
  // generate a new one for each encryption
  iv = 'cfPaa8EXVmNrhfJ36508FQ=='

function encrypt(text) {
  var cipher = crypto.createCipheriv(algorithm, password, iv)
  var encrypted = cipher.update(text, 'utf8', 'hex')
  encrypted += cipher.final('hex');
  var tag = cipher.getAuthTag();
  return {
    content: encrypted,
    tag: tag
  };
}

function decrypt(encrypted) {
  var decipher = crypto.createDecipheriv(algorithm, password, iv)
  decipher.setAuthTag(encrypted.tag);
  var dec = decipher.update(encrypted.content, 'hex', 'utf8')
  dec += decipher.final('utf8');
  return dec;
}

var hw = encrypt("hello world")
  // outputs hello world
console.log(decrypt(hw));

from steel_crypt.

Your key and iv are using base64 encoding. An issue could be that NodeJS expects a hex-encoded key or something.

from steel_crypt.

Whoops didnt mean to close this

from steel_crypt.

Actually NodeJs has an option for using Base64 also if convert the key to hex the key length is still wrong

from steel_crypt.

I don't know what to tell you. 'n7oAAnS6oSuo9XEExIM2ZfsIw5O1nCuT7JmlEAe+ykQ=' is a 32 byte key encoded using base64. What length key does nodeJS want? It should only need a 32 byte key.

from steel_crypt.

Hey, I guess the way I am generating the key could be wrong on my part.

var secureKey = HashCrypt(algo: HashAlgo.Sha_256).hash(inp: 'dummy');

I then used that key for

var aesEncrypter = AesCrypt(padding: PaddingAES.iso78164, key: secureKey);
var encrypted = aesEncrypter.gcm.encrypt(inp: data, iv: salt);

I am just confused why steelcrypt AesCrypt accepted the secureKey if its not 32 byte

And you are right NodeJs needs a 32 byte too but it doesn't accept the key above.

from steel_crypt.

A NodeJs working example similar to the one you've made for dart would be really useful for everyone. It has all the same crypto features which have been standardized and interoperability is really key as a lot of backend software use NodeJs or Python.

from steel_crypt.

for now we decide to stick to

    var crypted = aes.ctr.encrypt(inp: plainText, iv: salt); //encrypt
    var decrypted = aes.ctr.decrypt(enc: crypted, iv: salt);

It works now in both our nodejs backend and dart

from steel_crypt.

I couldn't work out the parameters to make GCM work on node

from steel_crypt.

Thanks that would be super helpful

from steel_crypt.

Okay. I will investigate the discrepancy between this library and node.

Any update on this?

from steel_crypt.