从 ColdFusion 加密的 NodeJS 中解密 AES/CBC/PKCS5Padding
Decrypt AES/CBC/PKCS5Padding in NodeJS from ColdFusion encrypt
我正在将 nodeJS 应用程序与 ColdFusion 应用程序合并。我使用下面的方法在 ColdFusion 中进行了加密,其中密钥是加密密钥字符串
key = 'nQw7y6QejwGFh/SNrul20Q=='
encrypt(value, key, "AES/CBC/PKCS5Padding", "HEX");
然后,在 NodeJS 中,我尝试使用 crypto
对其进行解密
const crypto = require('crypto');
const key = "nQw7y6QejwGFh/SNrul20Q==";
const binaryEncryptionKey = new Buffer( key, "base64" );
decrypt = (value) => {
try {
var decipher = crypto.createDecipheriv( "AES-128-CBC", binaryEncryptionKey );
var value = (
decipher.update( value, "base64", "utf8" ) +
decipher.final( "utf8" )
);
return value;
} catch (err) {
console.log(err);
}
}
首先return缓冲区警告:
DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
然后,我得到了错误:
TypeError [ERR_INVALID_ARG_TYPE]: The "iv" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received undefined
我没有“iv”,因为 ColdFusion 端没有用它来加密。是否可以在 NodeJS 中解密?
- 当我更改为 Buffer.alloc 时,出现错误:
TypeError [ERR_INVALID_ARG_TYPE]: The "size" argument must be of type number. Received type string ('nQw7y6QejwGFh/SNrul20Q==..)
比如我有如下加密字符串:FB391CAAE5CD8FF47C55211ED8636D213C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B
谢谢
描述了 ColdFusion encrypt 功能 here。可以明确指定 AES/CBC 所需的 16 字节 IV。如果没有给出 IV,它会自动生成并放在密文前面(参见 Michael Fehr 的评论)。在NodeJS中解密可以这样进行:
const crypto = require('crypto');
const key = Buffer.from('nQw7y6QejwGFh/SNrul20Q==', 'base64');
const ivCiphertext = Buffer.from('FB391CAAE5CD8FF47C55211ED8636D213C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B', 'hex');
const iv = ivCiphertext.slice(0, 16);
const ciphertext = ivCiphertext.slice(16);
var decrypt = (value) => {
try {
var decipher = crypto.createDecipheriv('AES-128-CBC', key, iv);
var value =
decipher.update(value, '', 'utf8') +
decipher.final('utf8');
return value;
} catch (err) {
console.log(err);
}
}
console.log(decrypt(ciphertext)); // 4388576099656673
与结果4388576099656673,与对应的ColdFusion脚本一致,可以执行e.g. here, 秒。 示例:
<cfscript>
key = 'nQw7y6QejwGFh/SNrul20Q==';
iv = BinaryDecode('FB391CAAE5CD8FF47C55211ED8636D21', 'HEX');
ciphertext = '3C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B';
plaintext = decrypt(ciphertext, key, 'AES/CBC/PKCS5Padding', 'HEX', iv);
writeOutput(plaintext);
</cfscript>
注意 new Buffer() is deprecated. A description of Buffer.alloc() can be found here.
我正在将 nodeJS 应用程序与 ColdFusion 应用程序合并。我使用下面的方法在 ColdFusion 中进行了加密,其中密钥是加密密钥字符串
key = 'nQw7y6QejwGFh/SNrul20Q=='
encrypt(value, key, "AES/CBC/PKCS5Padding", "HEX");
然后,在 NodeJS 中,我尝试使用 crypto
对其进行解密const crypto = require('crypto');
const key = "nQw7y6QejwGFh/SNrul20Q==";
const binaryEncryptionKey = new Buffer( key, "base64" );
decrypt = (value) => {
try {
var decipher = crypto.createDecipheriv( "AES-128-CBC", binaryEncryptionKey );
var value = (
decipher.update( value, "base64", "utf8" ) +
decipher.final( "utf8" )
);
return value;
} catch (err) {
console.log(err);
}
}
首先return缓冲区警告:
DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
然后,我得到了错误:
TypeError [ERR_INVALID_ARG_TYPE]: The "iv" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received undefined
我没有“iv”,因为 ColdFusion 端没有用它来加密。是否可以在 NodeJS 中解密?
- 当我更改为 Buffer.alloc 时,出现错误:
TypeError [ERR_INVALID_ARG_TYPE]: The "size" argument must be of type number. Received type string ('nQw7y6QejwGFh/SNrul20Q==..)
比如我有如下加密字符串:FB391CAAE5CD8FF47C55211ED8636D213C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B
谢谢
描述了 ColdFusion encrypt 功能 here。可以明确指定 AES/CBC 所需的 16 字节 IV。如果没有给出 IV,它会自动生成并放在密文前面(参见 Michael Fehr 的评论)。在NodeJS中解密可以这样进行:
const crypto = require('crypto');
const key = Buffer.from('nQw7y6QejwGFh/SNrul20Q==', 'base64');
const ivCiphertext = Buffer.from('FB391CAAE5CD8FF47C55211ED8636D213C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B', 'hex');
const iv = ivCiphertext.slice(0, 16);
const ciphertext = ivCiphertext.slice(16);
var decrypt = (value) => {
try {
var decipher = crypto.createDecipheriv('AES-128-CBC', key, iv);
var value =
decipher.update(value, '', 'utf8') +
decipher.final('utf8');
return value;
} catch (err) {
console.log(err);
}
}
console.log(decrypt(ciphertext)); // 4388576099656673
与结果4388576099656673,与对应的ColdFusion脚本一致,可以执行e.g. here, 秒。 示例:
<cfscript>
key = 'nQw7y6QejwGFh/SNrul20Q==';
iv = BinaryDecode('FB391CAAE5CD8FF47C55211ED8636D21', 'HEX');
ciphertext = '3C95F233B615D4E56CB7CD6B051D01DF356E1C45ED7AABAB5F9BCBB9EED6355B';
plaintext = decrypt(ciphertext, key, 'AES/CBC/PKCS5Padding', 'HEX', iv);
writeOutput(plaintext);
</cfscript>
注意 new Buffer() is deprecated. A description of Buffer.alloc() can be found here.