0

I need to do encryption on plain text using AES CBC techinque but on javascript side. Basically i need to encrypt the URL and launch that URL via ajax call. The system where URL is going to decrypt is wrote in c#. So i have to reply on their encryption method which is written in c#. I need to use same logic in my javascript so that way it can be decrypt easily in c#

Javascript code

var Base64encodedandencryptedtext = "username=abc|password=xyz"
// have a password need to hash on that and then pass into aes encryption function
var hash =  CryptoJS.SHA512("234-234-1231"); //password key
var finalhash = hash.toString((CryptoJS.enc.Base64));
Base64encodedandencryptedtext = CryptoJS.AES.encrypt(Base64encodedandencryptedtext ,finalhash)

var Base64encodedkey = Base64.encode("encodedkey");
var baseURL = "https://www.xyz.com/"
var DHINquery = baseURL+"?key="+Base64encodedkey+"&value="+Base64encodedandencryptedtext;

//launch via ajax

    $.ajax({
            type : 'GET',
            async : true,
            url : DHINquery,
            dataType : 'html',
            data : {},          
            success : function (htmlcontent) {
                $("#htmlpage").html(htmlcontent)                
            }, // end success
            complete : function (htmlcontent) {

            }, // end complete
            error : function (htmlcontent) {
            alert("error")
            }
        });

C# encryption on their side

string Base64encodedandencryptedtext = "username=abc|password=xyz"
Encrypt(Base64encodedandencryptedtext ,passwordkey, "AES") // call that function

 public static string Encrypt(string text, string keyguid, string cryptoService)
    {
        ICryptoTransform transform;
        string text1 = keyguid;
        UTF8Encoding enc = new UTF8Encoding();
        byte[] bytes = enc.GetBytes(text);
        string str = CalculateHashToBase64String(text1, enc, "SHA512");
        string s = str.Substring(4, 24);
        string str3 = str.Substring(0, 4) + str.Substring(0x1c, 4);
        string str4 = str.Substring(0, 4) + str.Substring(28, 12);
        string str5 = str.Substring(0, 4) + str.Substring(0x1c, 20);
        byte[] rgbKey = enc.GetBytes(s);
        string str7 = cryptoService;
        byte[] buffer3 = enc.GetBytes(str4);
        AesCryptoServiceProvider provider2 = new AesCryptoServiceProvider();
        provider2.Padding = PaddingMode.PKCS7;
        provider2.Mode = CipherMode.CBC;
        provider2.KeySize = 0x100;
        transform = provider2.CreateEncryptor(rgbKey, buffer3);
        return Convert.ToBase64String(Transform(bytes, transform)); // return the base64 string
    }
    private static byte[] Transform(byte[] input, ICryptoTransform CryptoTransform)
    {
        byte[] buffer;
        using (MemoryStream stream = new MemoryStream())
        {
            using (CryptoStream stream2 = new CryptoStream(stream, CryptoTransform, CryptoStreamMode.Write))
            {
                stream2.Write(input, 0, input.Length);
                stream2.FlushFinalBlock();
                stream.Position = 0L;
                buffer = stream.ToArray();
            }
        }
        return buffer;
    }

While doing debuging on javascript side i am still getting base64string after encryption but c# encryption base64string and javascript encryption base64string looks different. For that reason webservice doesn't succefully return the data.

I wonder aes plugin i were using is not doing exactly what they are doing in c# side.

Anybody have any idea why? Any help would be a great input.

4

1 回答 1

0

I see quite a few significant difference between how the two compute a key. In the JS, you're hashing a password key, then representing that hash's binary data as base64. Whereas in your C# code, it looks like you're representing the hash's binary data base base64, then taking a substring of that base64 string, then getting the UTF8 bytes of the base64 characters. Those are some really significant differences. The JS side can be simplified a bit, and the C# side can be simplified a lot. On both sides, take the hash of the password key, and use that hash itself as the key. Don't convert the hash to base64. Don't do any other manipulations.

** It would actually be better to use something like PBKDF2, but let's get both sides in sync first.

** Actually since the data is being sent through ajax, if you can use HTTPS, that would be the best option.

于 2013-11-05T19:22:29.097 回答