Comments (5)
Forgot to mention that now I can AES encrypt/decrypt back and forth between
node.js crypto and crypto-js so I can encrypt/decrypt on client-side and
optionally decrypt at server-side when browser is too slow (like IE). I used to
run crypto-js server-side too but node.js is much faster (10x) so I switched
over.
Original comment by [email protected]
on 14 Mar 2011 at 9:28
from crypto-js.
Hi Don,
I apologize for the delay.
For encrypt(), I copied your options.iv into the repo. For the ciphertext
result, however, I did something a little different, which I hope will be even
more flexible. Rather than returning a string, encrypt() now returns a
ciphertext object. For backward compatibility, that object has a toString
method that will turn the encrypted message and the IV into a string in the
same way previous versions did. But it also allows you to access the ciphertext
and IV individually.
var ciphertextObj = Crypto.AES.encrypt("Message", "Secret Passphrase", { iv: Crypto.util.hexToBytes(yourIV) });
ciphertextObj.rawCiphertext
ciphertextObj.iv
Likewise, when you're preparing to decrypt, you can pass in a ciphertext object
in place of a string.
var ciphertextObj = new Crypto.Ciphertext(
Crypto.util.base64ToBytes(yourRawCiphertext),
Crypto.util.hexToBytes(yourIV)
);
Crypto.AES.decrypt(ciphertextObj, "Secret Passphrase");
I'd like to hear your thoughts, suggestions or concerns. Barring any issues,
I'll be tagging and packaging a new version soon.
Revision r324: http://code.google.com/p/crypto-js/source/detail?r=324
Original comment by Jeff.Mott.OR
on 22 Mar 2011 at 10:50
- Changed state: Accepted
from crypto-js.
Hi Jeff,
Only concern I have is that this breaks API backward compatibility. Besides, if
caller provided the IV, it's already known to the caller. If they didn't, I
doubt they would need it beyond being wrapped within encrypted text.
Anyway, my recommendation is to add it as another method (like encryptIV) to
maintain backward compatibility.
- Don
Original comment by [email protected]
on 23 Mar 2011 at 6:06
from crypto-js.
Indeed. At first, I was also worried about the ciphertext object breaking
backward compatibility. But it seems to be safe for all the use cases I can
think of. If the ciphertext object is sent by ajax, or assigned to a form
control, or used in any kind of string context, then the toString method is
called automatically, and the result will be the same as it was in previous
versions. Though, I suppose it's always possible someone somewhere is doing
something I never planned on or accounted for.
I understand that in your case you don't need to access the IV. But I'm hoping
to use this opportunity to ease other pain points, beyond this specific issue.
In your case, you only needed the raw ciphertext. But in other cases, people
are allowing CryptoJS to generate the IV, and sending the result to a
server-side application. But not every application packages ciphertext data in
the same way, and sometimes it's easier for people to handle the IV and the raw
ciphertext separately.
A lot of this is going to be addressed in the next major release, so I may
still opt for your simpler fix that solves the immediate issue. I'm still
mulling it over.
Original comment by Jeff.Mott.OR
on 23 Mar 2011 at 7:22
from crypto-js.
r326
Original comment by Jeff.Mott.OR
on 13 Apr 2011 at 11:49
- Changed state: Fixed
from crypto-js.
Related Issues (20)
- Unnecessary padding HOT 3
- AES encrypted string to be converted to base 64 string and then to byte array in Javascript
- Uncaught TypeError: Cannot read property 'init' of undefined HOT 1
- Clarify license HOT 2
- Automatic key expiration
- Type a is undefined in rollup version of aes.js line 27. HOT 4
- Crypto.JS PBKDF2 Results Differnt then .Net Rfc2898DeriveBytes HOT 1
- Crypto-js decryption implemention HOT 1
- Most of the hashs wont works regarding file encoding HOT 4
- Not able to decrypt the encrypted data on server side which was encrypted using CryproJS on client side..
- TripleDES result is different each time, and is not correct
- AES 256 decrypt from data oracle function encrypting HOT 1
- Broken hashing with sigBytes< bytes
- Error: Unable to get property 'createEncryptor' of undefined or null reference
- [IE8]Object doesn't support property or method
- decrypt of ciphertext not working for strings HOT 2
- [documentation] Add recommendation to use https
- Using pbkdf2Sync function with sha256 gives different key with different system architecture (32 bit and 64 bit) HOT 2
- After encryption CryptoJS returning script then encrypted text
- I am using CryptoJS MD5 algorith for large files, it is very very very slow, how to icrease performance
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-js.