javascript - CryptoJS 每次都解密更改

Question

我正在使用 CryptoJS 手动解密具有一组提供的值的字符串。提供了 secret ，然后采用 SHA256。消息和初始化向量是 base 64 编码的。这就是我正在尝试的，但每次我运行它时，输出都会改变——怎么会这样？!我已经无计可施了...

// Key and take the hash of it
var secretKey = 'TESTING123Secret_Key';
var secretKeyHash = CryptoJS.SHA256(secretKey).toString(CryptoJS.enc.Hex);

// Base 64 encoded values
var accountNumberBase64 = 'nxjYfo4Stw63YBEcnjo3oQ==';
var initializationVectorBase64 = 'HnNcvu9AP9yl09APWkWnDQ==';

// decode the values provided above
var accountNumberEncrypt = atob(accountNumberBase64);
var initializationVector = atob(initializationVectorBase64);

// Use crypto to decrypt
var decrypted = CryptoJS.AES.decrypt(
    {
        ciphertext: accountNumberEncrypt,
        salt: ''
    },
  secretKeyHash,
  {
      mode: CryptoJS.mode.CBC,
      padding: CryptoJS.pad.NoPadding,
      iv: initializationVector,
      salt: ''
  }
);
 console.log('   decrypted, by hand: ' + decrypted.toString(CryptoJS.enc.Hex));

每次运行时最后一行都会改变(在页面加载时运行)——每次都提供相同的值，输出不同。

它应该如何工作:

Decryption Instructions:
1. A static, secret key will be shared which will be used for decryption (Secret Key TBD).
    a. HASH the secret key with SHA256, encode it to Hex and use the first 32 characters. This will be used as the KEY when decrypting.
2. Two pieces of information will be sent via the POST method
    a. Parameter “AN”: A Base64 Encoded, AES-256-CBC Encrypted string which will represent the Account Number when decrypted
    b. Parameter “IV”: A Base64 Encoded initialization vector (IV) string which will be used in decrypting the Account Number string
3. Base64 Decode both parameters
4. Using the AES-256-CBC method, decrypt the encrypted string (which was base64 decoded as part of Step #3) with the initialization vector decoded in Step #3 and the hash created in Step #1a
5. The decryption should then provide you the account number.

Java code

Answer 1

您的代码存在很多问题。很难说是什么真正导致了非确定性解密。我想这是因为您将 key 作为字符串传递，这意味着 CryptoJS 将假定它是密码并尝试使用 EVP_BytesToKey 从中派生 key 。由于未设置盐，CryptoJS 可能有一个错误，它会生成一个随机盐用于解密(它不应该)。如果您想手动提供 key ，则需要将 key 解析为 WordArray。

另一个主要问题是使用非 CryptoJS 方法进行解码 (atob)，这意味着您会得到一些 CryptoJS 无法直接读取的数据格式。 CryptoJS 依赖于内部 WordArray 来表示所有二进制数据或期望所有字符串都是 UTF-8 编码的。

工作代码:

// Key and take the hash of it
var secretKey = 'TESTING123Secret_Key';
var secretKeyHash = CryptoJS.SHA256(secretKey).toString(CryptoJS.enc.Hex).slice(0,32);
secretKeyHash = CryptoJS.enc.Utf8.parse(secretKeyHash);

// Base 64 encoded values
var accountNumberBase64 = 'nxjYfo4Stw63YBEcnjo3oQ==';
var initializationVectorBase64 = 'HnNcvu9AP9yl09APWkWnDQ==';

var ct = CryptoJS.enc.Base64.parse(accountNumberBase64);
var iv = CryptoJS.enc.Base64.parse(initializationVectorBase64);

// Use crypto to decrypt
var decrypted = CryptoJS.AES.decrypt({
    ciphertext: ct
  },
  secretKeyHash, {
    mode: CryptoJS.mode.CBC,
    padding: CryptoJS.pad.NoPadding,
    iv: iv
  }
);
console.log('   decrypted, by hand: ' + decrypted.toString(CryptoJS.enc.Utf8));

<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/aes.js"></script>
<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/sha256.js"></script>
<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/components/pad-nopadding-min.js"></script>