CryptoJS AES256 解密问题

CryptoJS AES256 decryption issue

我在解密 AES256 编码 URL 的过程中遇到了一些问题。对于我使用 CryptoJS 的解密过程,但是输出会引发以下异常:

Malformed UTF-8 data

我错过了什么吗? 代码:

router.post("/signin/:eoLogin2", async (req, res) => {
  const param = req.params.eoLogin2;
  const key = "26kozQaKwRuNJ24tsfd22asdaD2f6232";

  try {
    // 1. DECODE URL, CONVERT DATA AND IV TO BASE64 atob()
    const decodedURL = decodeURI(param);
    const data = atob(decodedURL.split(":")[0]);
    const IV = atob(decodedURL.split(":")[1]);

    console.table(["Base64 decoded DATA: ", data]);
    console.table(["Base64 decoded IV: ", IV]);

    // 2. DECRYPT DATA
    const decrypted = CryptoJS.AES.decrypt(data, key, {
      iv: IV,
      mode: CryptoJS.mode.CBC,
    }).toString(CryptoJS.enc.Utf8);

    console.log(decrypted);

    return;
  } catch (err) {
    console.log(err.message);
    res.status(500).send({ msg: "Internal server error" });
  }
});

URL:

http://localhost:8000/api/v1/users/signin/dwmV7J2tAsk%2F%2F2cU6I1ce8NHtE0D55sXM6GL9eJQe744bp6RQZ2uvhaxa6%2Fvs8m5BtcbFcOpgY%2BpEP3gaKXgVe4QFPLfQTTgB0aeZTvyGOIk%2FdHyF%2B%2FNpZj0jHj6smq5QOyeYf4kZYTzBFxn9YLgZLigYl%2F0gvi1eOq5BMJRhFqKC8T5F9WrtWKhVgynSKT5roQYYRa2xXwNnoQezqx8xtd0BEneWxMN9Tm5XvRHkIOKmoSDD1b5WPAvSWi8%2FdK9%3ANjE3YjVkNjhkNTc0MTI3Mg%3D%3D

为了能够解密,必须在发布的代码中更改以下内容:

  • 密钥必须采用 UTF8 编码并解析为 WordArray
  • IV 部分必须进行 Base64 解码并解析为 WordArray
  • 数据部分不需要进行Base64解码,直接作为Base64编码的字符串传给CryptoJS.AES.decrypt()

通过这些更改,以下加密代码:

const key = "26kozQaKwRuNJ24tsfd22asdaD2f6232";
const decodedURL = decodeURIComponent("dwmV7J2tAsk%2F%2F2cU6I1ce8NHtE0D55sXM6GL9eJQe744bp6RQZ2uvhaxa6%2Fvs8m5BtcbFcOpgY%2BpEP3gaKXgVe4QFPLfQTTgB0aeZTvyGOIk%2FdHyF%2B%2FNpZj0jHj6smq5QOyeYf4kZYTzBFxn9YLgZLigYl%2F0gvi1eOq5BMJRhFqKC8T5F9WrtWKhVgynSKT5roQYYRa2xXwNnoQezqx8xtd0BEneWxMN9Tm5XvRHkIOKmoSDD1b5WPAvSWi8%2FdK9%3ANjE3YjVkNjhkNTc0MTI3Mg%3D%3D");
const data = decodedURL.split(":")[0];
const IV = decodedURL.split(":")[1];
const decrypted = CryptoJS.AES.decrypt(
      data,     
      CryptoJS.enc.Utf8.parse(key), 
      {
          iv: CryptoJS.enc.Base64.parse(IV),
          mode: CryptoJS.mode.CBC
      }).toString(CryptoJS.enc.Utf8)

console.log(decrypted.replace(/(.{56})/g,'\n'));
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>

成功解密密文

明文为:

userName=SEIDLTot1;userPass=3CB5DE262A55F5A21083AB2B9DC07367E01EC61CB81F849D4EBC024BC0E75F1650F8B11815D0AC77B8450DCC62300145B1A083FA70F64857134882854CAE481B;sendTime=1605287468

更多详细信息,例如关于编码器,在 CryptoJS 文档 here.

中有描述