Comments (5)
Forgot to mention that now I can AES encrypt/decrypt back and forth between
node.js crypto and crypto-js so I can encrypt/decrypt on client-side and
optionally decrypt at server-side when browser is too slow (like IE). I used to
run crypto-js server-side too but node.js is much faster (10x) so I switched
over.
Original comment by [email protected]
on 14 Mar 2011 at 9:28
- Added labels: ****
- Removed labels: ****
from crypto-js.
Hi Don,
I apologize for the delay.
For encrypt(), I copied your options.iv into the repo. For the ciphertext
result, however, I did something a little different, which I hope will be even
more flexible. Rather than returning a string, encrypt() now returns a
ciphertext object. For backward compatibility, that object has a toString
method that will turn the encrypted message and the IV into a string in the
same way previous versions did. But it also allows you to access the ciphertext
and IV individually.
var ciphertextObj = Crypto.AES.encrypt("Message", "Secret Passphrase", { iv: Crypto.util.hexToBytes(yourIV) });
ciphertextObj.rawCiphertext
ciphertextObj.iv
Likewise, when you're preparing to decrypt, you can pass in a ciphertext object
in place of a string.
var ciphertextObj = new Crypto.Ciphertext(
Crypto.util.base64ToBytes(yourRawCiphertext),
Crypto.util.hexToBytes(yourIV)
);
Crypto.AES.decrypt(ciphertextObj, "Secret Passphrase");
I'd like to hear your thoughts, suggestions or concerns. Barring any issues,
I'll be tagging and packaging a new version soon.
Revision r324: http://code.google.com/p/crypto-js/source/detail?r=324
Original comment by Jeff.Mott.OR
on 22 Mar 2011 at 10:50
- Changed state: Accepted
- Added labels: ****
- Removed labels: ****
from crypto-js.
Hi Jeff,
Only concern I have is that this breaks API backward compatibility. Besides, if
caller provided the IV, it's already known to the caller. If they didn't, I
doubt they would need it beyond being wrapped within encrypted text.
Anyway, my recommendation is to add it as another method (like encryptIV) to
maintain backward compatibility.
- Don
Original comment by [email protected]
on 23 Mar 2011 at 6:06
- Added labels: ****
- Removed labels: ****
from crypto-js.
Indeed. At first, I was also worried about the ciphertext object breaking
backward compatibility. But it seems to be safe for all the use cases I can
think of. If the ciphertext object is sent by ajax, or assigned to a form
control, or used in any kind of string context, then the toString method is
called automatically, and the result will be the same as it was in previous
versions. Though, I suppose it's always possible someone somewhere is doing
something I never planned on or accounted for.
I understand that in your case you don't need to access the IV. But I'm hoping
to use this opportunity to ease other pain points, beyond this specific issue.
In your case, you only needed the raw ciphertext. But in other cases, people
are allowing CryptoJS to generate the IV, and sending the result to a
server-side application. But not every application packages ciphertext data in
the same way, and sometimes it's easier for people to handle the IV and the raw
ciphertext separately.
A lot of this is going to be addressed in the next major release, so I may
still opt for your simpler fix that solves the immediate issue. I'm still
mulling it over.
Original comment by Jeff.Mott.OR
on 23 Mar 2011 at 7:22
- Added labels: ****
- Removed labels: ****
from crypto-js.
r326
Original comment by Jeff.Mott.OR
on 13 Apr 2011 at 11:49
- Changed state: Fixed
- Added labels: ****
- Removed labels: ****
from crypto-js.
Related Issues (20)
- Request: Support RSA signing and validation HOT 2
- Code misses license headers or LICENSE file HOT 1
- Support for computing hashes incrementally HOT 7
- Builder assumes case insensitive file system HOT 1
- PBKDF2Async updates too much and is very slow. HOT 1
- SHA 512 implementation HOT 5
- Error encrypt / decrypt CTR (AES) HOT 5
- Not obvious how many bits AES encryption uses. HOT 2
- Add support for Whirlpool digest HOT 1
- Crypto-JS v2.5.3 is reacting differently on Embed devices (Samsung Smart TV (sdk 2.XX)) and Desktop/Web HOT 5
- Unpad should throw Error if input in Invalid HOT 1
- SHA-512 HOT 1
- SHA1 hashed are different on Blackberry HOT 2
- Core concat error HOT 2
- PBKDF2 does not produce the expected results HOT 2
- AES encryption fails for long strings HOT 2
- crypto-js is not compatible with openssl base64 encoding when decrypting with AES/CBC HOT 7
- padding schemes corrupted - ZeroPadding HOT 1
- Add support for Javascript Typed Arrays HOT 5
- Cannot read property 'words' of undefined HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-js.