Why does decrypting modified AES-CBC ciphertext fail decryption?
I am trying to get familiar with encryption/decryption. I am using deno as it supports the web crypto API.
I can encrypt and decrypt to get back the original plaintext using AES-CBC.
What I am now doing now is to encrypt, then manually modify the ciphertext and then decrypt. My expectation is that this would still work since I understand that AES-CBC does not provide integrity and authenticity check. (AES-GCM is the one that is AEAD)
But when I modify the cipher text and try to decrypt, it fails with the following error:
error: Uncaught (in promise) OperationError: Decryption failed
let deCryptedPlaintext = await window.crypto.subtle.decrypt(param, key, asByteArray);
^
at async SubtleCrypto.decrypt (deno:ext/crypto/00_crypto.js:598:29)
at async file:///Users/me/delete/run.js:33:26
Does AES-CBC also have integrity checks? Or why is the decryption failing?
do you know?
how many words do you know
See also questions close to this topic
-
Error message : MongoServerError: bad auth :Authentication failed
What is the reason behind this error? this code I am using to connect to DB.
const uri =`mongodb+srv://${process.env.DB_USER}:${process.env.DB_PASSWORD}@cluster0.xft2s.mongodb.net/myFirstDatabase?retryWrites=true&w=majority`;
-
In Mongo, If a document I'm saving "Prateek" then I don't want on the next create operation even the "prateek" or "praTEEK", etc is saved
//** If I'm adding a new document with the name: "India", then I don't want that the DB allow another name with the name: "INDIA", "india", "indIA", etc. I'm new and learning, help would be great!!**
// Controller
var Dinosaur = require('../models/dinosaurs'); //addDino module.exports.addDino = (req, res) => { var name = req.body.name; var type = req.body.type; var height = req.body.height; var weight = req.body.weight; var Period = req.body.Period; req.checkBody('name', 'Name is required').notEmpty(); var errors = req.validationErrors(); if (errors) return res.status(400).send({ message: 'Name is Required' }); else { let newDino = { name: name, type: type, height: height, weight: weight, Period: Period } Dinosaur.addDino(newDino, (err, result) => { if (err) { if (err.name) return res.status(409).send({ message: name + ' Already Exist' }); else if (err.url) return res.json({ status: false, error: { url: "Url already exist" }, message: err.url }); else return res.json(err, "Server Error"); } else { return res.status(200).send({ message: "Done" }); } }); } }
// Model
var mongoose = require('mongoose'); //dinosaur schema var DinosaurSchema = mongoose.Schema({ name: { type: String, unique: true }, type: { type: String }, height: { type: Number }, weight: { type: Number }, Period: { type: String } }); var Dinosaur = mongoose.model('dinosaur', DinosaurSchema); //add module.exports.addDino = (query, callback) => { Dinosaur.create(query, callback); }
// GetAll, Already Created a new document with the name "Brachiosaurus"
// > Create, a new create with the first letter lower case "brachiosaurus", Don't want it to be pushed.
- i am trying to run the node of ganache but getting this error
-
Please help to find email out of this cipher
Please help me to extract the email from this cipher, i am not been able to identify what type of hash or cipher is this.email is encoded in this hash please help me find the email.
1AAXs0RyFR3OM9nZA3XVkD07AVOZmYUMsRvyeq2BoY42sNbkSUySHCdFdwwQx6LWghNDqiPyBzNE7KDXkerX4vt0klZ2
-
Having error with .cer file for As2 communication for validation
Trying to setup the As2 communication for walmart vendor. Using the as2gateway site and have everything correct for communication on both sides. Receiving the email on site but getting error.
MDN report
Message Disposition Notification
Reporting-UA: AdroitLogic AS2-X/latest Original-Recipient: rfc822; Larry-Smith1 Final-Recipient: rfc822; Larry-Smith1 Original-Message-ID: <CLEO-20220507_032305226-77N95E@08925485US00_Larry-Smith1-K> Disposition: automatic-action/MDN-sent-automatically;failed/error: authentication-failed Received-Content-MIC: u722DTqJUUlmR35anz0AUcEfbhc=, sha1
MDN for Message-ID: <CLEO-20220507_032305226-77N95E@08925485US00_Larry-Smith1-K> From: 08925485US00 To: Larry-Smith1 Received on: Sat May 07 03:23:05 UTC 2022 Status: failed Comment: Message processing failed due to the following errors Errors encountered : error: Cannot validate message signers of : <CLEO-20220507_032305226-77N95E@08925485US00_Larry-Smith1-K> - Cause : Trust anchor for certification path not found. - Signers : CN=Larry-Smith1, OU=Prod, O=WM, L=Bentonville, C=US
Original Message Tracking Information (provided by Harmony):
Sent-Content-MIC: u722DTqJUUlmR35anz0AUcEfbhc=, sha1 Sent-Message-ID: CLEO-20220507_032305226-77N95E@08925485US00_Larry-Smith1-K Transfer-ID: AS2-20220506_222305222-K;40771661-61a7-494b-b8f6-301405e2c918 Original-Filename: sendTest_X12 Original-Subject: EDIINTDATA Original-Send-Date: Sat, 07 May 2022 03:23:05 GMT Signed-Request: true Encrypted-Request: true Compressed-Request: false Encryption-Algorithm: TripleDES Key-Algorithm: RSA Signature-Algorithm: RSA Hash-Algorithm: SHA-1 Response-Method: synchronous Sender: 08925485US00 Recipient: Larry-Smith1 Host: 48794_TestConn Mailbox: 48794_TestConn Restart-On-Failure: false Signed-MDN: true Signed-By: C=us,ST=X,L=X,OU=EDI Integration,O=Larry Smith Books,CN=X Serial-No: 1806D466C49 Signer-Signature-Algorithm: rsaEncryption Signer-Hash-Algorithm: SHA1
It is a private encryption. This could be why getting error but don't know how to resolve. Have been reading articles to try to find a solution or how to get certificate authority validation.
-
What is the strongest method, using netcore, to decrypt and encrypt passwords?
I am developing an encryption and decryption engine for passwords. I need to encrypt a password and store the result in a repository. The user needs to decrypt the result when needed.
So in Netcore and C# what is the strongest method to do this?
Thanks in advance
-
How do I monitor transactions in a Polygon wallet?
So I'm wanting to monitor a Polygon wallet for when transactions occur. It doesn't seem like there are a ton of resources for Polygon wallet monitoring, mostly just for Bitcoin and Ethereum wallet monitoring. What's the process to develop a program to monitor a Polygon wallet? Is there an API I can use?
-
How to implement a rehostable licenced software
I have already implemented a software licensing via a license file. I am planning to make this software rehostable. That is, a user can migrate his licensed software from one PC to another PC.
I wondering is there any cryptographic techniques that can prevent a user from using the licensed software on his old PC that once the software license has been migrated. Giving the fact that, a user can by pass this restriction by backing up his system before the rehosting process. (Uses may stay offline)
-
Find the subproblems for parallel RSA cracker
RSA algorithm: you need to take user input for two prime numbers, p and q and then generated a public key and encrypted msg and private key. Then use this private key to decrypt or find the plain text from the encrypted msg.
RSA cracker: you have user input for encrypted msg, public key and N(modulus) using those you need to generate the private key and plain text.
I am trying to build a RSA cracker which I can use for parallel programing(CUDA -C)
I have a function to generate private key and another function to generate plain text.
I am taking user input for encrypted message and public key and modulus N. So I need to find out two prime numbers(p, q) whose product should be N. N= p*q. I went though this tutorial.
My serial code runs fine. However, for parallel code I haven't understood which portion I need to paralyzed. To launch threads in CUDA kernel I need to have independent subproblems of main problem. But in RSA cracker which portion can be implemented as independent subproblem?
Thank you.
-
convert plain text To hexa value using AES Cryptojs in Vanilla js
I am trying to convert this encrypted value to Hex form. Is there any simple way to do it?. Also i want to make key as a string(email)
function encrypt() { var encrypted = CryptoJS.AES.encrypt( document.getElementById("text").value, document.getElementById("email").value ) document.getElementById("EncryptedValue").innerHTML = encrypted; document.getElementById("decrypted").innerHTML = ""; }
-
VB.net To Js AES Encryption
I want to be able to encrypt data in javascript and compare it in Vb.net, however the two scripts do not return the same value.
text input : azerty123 key pass : qwerty1234
VB.NET
'Encrypt a string with AES Public Function CryptAES(ByVal input As String, ByVal pass As String) As String Dim AES As New System.Security.Cryptography.RijndaelManaged Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider Dim encrypted As String = "" Try Dim hash(31) As Byte Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.Encoding.UTF8.GetBytes(pass)) ' Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass)) Array.Copy(temp, 0, hash, 0, 16) Array.Copy(temp, 0, hash, 15, 16) AES.Padding = PaddingMode.PKCS7 AES.KeySize = 256 AES.Key = hash AES.Mode = CipherMode.ECB Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor Dim Buffer As Byte() = System.Text.Encoding.UTF8.GetBytes(input) ' Dim Buffer As Byte() = System.Text.ASCIIEncoding.ASCII.GetBytes(input) encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length)) Return encrypted Catch ex As Exception Return input 'If encryption fails, return the unaltered input. End Try End Function 'Decrypt a string with AES Public Function DecryptAES(ByVal input As String, ByVal pass As String) As String Dim AES As New System.Security.Cryptography.RijndaelManaged Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider Dim decrypted As String = "" Try Dim hash(31) As Byte Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.Encoding.Default.GetBytes(pass)) 'Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass)) Array.Copy(temp, 0, hash, 0, 16) Array.Copy(temp, 0, hash, 15, 16) AES.Padding = PaddingMode.PKCS7 AES.KeySize = 256 AES.Key = hash AES.Mode = CipherMode.ECB Dim DESDecrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateDecryptor Dim Buffer As Byte() = Convert.FromBase64String(input) decrypted = System.Text.Encoding.Default.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length)) 'decrypted = System.Text.ASCIIEncoding.ASCII.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length)) Return decrypted Catch ex As Exception Return input 'If decryption fails, return the unaltered input. End Try End Function
return AnQHmip8sfrIqPHYun3vSQ==
JS use https://www.npmjs.com/package/crypto-js
router.post("/encrypt", (req, res, next) => { const key = CryptoJS.enc.Utf8.parse('qwerty1234'); let ciphertext = CryptoJS.AES.encrypt(req.body.value.toString(), key, {mode: CryptoJS.mode.ECB}).toString(); return res.status(200).json({encrypted: ciphertext}); })
return UtOXdzYOBC0wnG5pe6Ndkw==
-
Swift, warning while generating a Nonce 'withUnsafeMutableBytes' is deprecated: use `withUnsafeMutableBytes<R>
I don't know how I should translate the following function in Swift 5 that generates a 12-byte nonce to use in AES 256 GCM:
func generateRandomNonce() throws -> Data { let iNonceLength = 12 var dataNonce = Data(count: iNonceLength) let result = dataNonce.withUnsafeMutableBytes { (mutableBytes: UnsafeMutablePointer<UInt8>) -> Int32 in SecRandomCopyBytes(kSecRandomDefault, iNonceLength, mutableBytes) } if result == errSecSuccess { return dataNonce } else { throw CryptError.ErrorGeneratingNonce } }
I get the following warning:
'withUnsafeMutableBytes' is deprecated: use
withUnsafeMutableBytes<R>(_: (UnsafeMutableRawBufferPointer) throws -> R) rethrows -> R
insteadand I don't know how to rewrite it correctly
Thank you
-
Safetyness of putting AES IV in the client side url
I shared the encryption and decryption function but I don't think it matters for this question.
Scenario:
https://example.com/posts/awtvwav1689at6awv697atve
is hidden. So we have a query parameter, let's saypassword
to be able access it.the id is
awtvwav1689at6awv697atve
.So what I did is when the user hits
https://example.com/posts
An api request is made to the server, then a link to posts id
awtvwav1689at6awv697atve
with and encrypted password using the id itself is generated in the server and in sent back to the client.post.url = `/posts/${post.id}?password=${encodeURIComponent(encryptText(post.id))}`;
then on the frontend, it is used on a anchor tag
<a href={post.url}>Post 1</a>
Then if the user goes to the link
https://example.com/posts/awtvwav1689at6awv697atv?password=<iv:encryptedId>
A request is made again on the server and I decrypt it there then compare it with the original id to see if it still matches.
Is it safe for IV together with encryptedText to be shown in a url (client-side)?
Additional question (you don't need to answer): If I implement this with AES-GCM, I will have an auth tag.. Is it also okay for it to be in the url? E.g.
posts/asdasasdasdas?<IV:EncryptedID:AuthTag>
Thanks!
This might help..
const algorithm = 'aes-256-ctr'; function encryptText(text: string) { const iv = crypto.randomBytes(IV_LENGTH); const cipher = crypto.createCipheriv(algorithm, Buffer.from(process.env.ENCRYPTION_SECRET_KEY, 'hex'), iv); let encrypted = cipher.update(text); encrypted = Buffer.concat([encrypted, cipher.final()]); return iv.toString('hex') + ':' + encrypted.toString('hex'); } function decryptText(text: string) { const textParts = text.split(':'); const iv = Buffer.from(textParts.shift(), 'hex'); const encryptedText = Buffer.from(textParts.join(':'), 'hex'); const decipher = crypto.createDecipheriv(algorithm, Buffer.from(process.env.ENCRYPTION_SECRET_KEY, 'hex'), iv); let decrypted = decipher.update(encryptedText); decrypted = Buffer.concat([decrypted, decipher.final()]); return decrypted.toString(); }