没办法使用加密解密cryptocurrencyValue
问题说明
我正在尝试解密来自VB的值(在des中加密).当我尝试使用Javascript中的crypto解密cryptocurrencyValue时,输出给出了一个空值.我已经附上了VB中加密的完成方式.
I am trying to decrypt a value (encrypted in des) coming from VB. When I try to decrypt the encryptedValue using crypto in Javascript the output gives me an empty value. I have attached how the encryption was done in VB.
我如何尝试使用JAVASCRIPT进行加密
var CryptoJS = require("crypto-js");
var key = "peekaboo";
var encryptedValue = "50AznWWn4fJI19T392wIv/ZysP/Ke3mB";
encryptedValue = CryptoJS.enc.Base64.parse(encryptedValue);
var data = CryptoJS.DES.decrypt(encryptedValue, key, { iv: "cbauthiv" });
const email = data.toString(CryptoJS.enc.Utf8);
console.log(email, "ORIGINAL TEXT");
VB中的加密方式
Imports System.Security.Cryptography
Imports System.Text
Imports System.IO
Module Module1
Private Const ENCRYPTIONKEY As String = "peekaboo"
Sub Main()
Dim s As String = Encrypt("ditzymoose@outlook.com")
Dim r As String = Decrypt(s)
Console.ReadLine()
End Sub
Private Function Encrypt(stringToEncrypt As String) As String
Dim rng As New RNGCryptoServiceProvider
Dim byteArray() As Byte = New Byte(8) {}
Dim iv_value As String = "cbauthiv"
Dim key() As Byte = {}
Dim IV() As Byte = System.Text.Encoding.UTF8.GetBytes(Left(iv_value, 8))
key = System.Text.Encoding.UTF8.GetBytes(Left(ENCRYPTIONKEY, 8))
Dim des As New DESCryptoServiceProvider
rng.GetBytes(byteArray)
Dim Salt As String = BitConverter.ToString(byteArray)
Dim SaltedInput As String = Salt & "~" & stringToEncrypt
Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt)
Dim ms As New MemoryStream
Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write)
cs.Write(inputByteArray, 0, inputByteArray.Length)
cs.FlushFinalBlock()
Return Convert.ToBase64String(ms.ToArray())
End Function
End Module
正确答案
密钥和IV必须作为 WordArray 传递.要进行转换,必须使用Utf8编码器,请此处.
The key and IV must be passed as WordArray. For the conversion the Utf8-Encoder has to be used, here.
此外,密文必须作为 CipherParams 对象或Base64编码(然后隐式转换为 CipherParams 对象)进行传递,
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>请注意,DES是不安全的(此处),并且在大约20年前被AES取代.静态IV也是不安全的.相反,应该为每种加密生成一个随机IV.
此外,不应将密码用作密钥.如果要使用密码,则应该使用可靠的密钥派生功能(例如PBKDF2)从密码中派生密钥.
Please note that DES is insecure (here) and was replaced by AES almost 20 years ago. Also insecure is a static IV. Instead, a random IV should be generated for each encryption.
Furthermore a password should not be used as key. If a password is to be used, the key should be derived from the password using a reliable key derivation function such as PBKDF2.
这篇好文章是转载于:学新通技术网
