Skip to content Skip to sidebar Skip to footer

Aes-256 Cbc Encryption Succeeds In Ruby/php, But Decryption Fails With Cryptojs

I can AES-256 CBC encrypt a string in PHP or Ruby (using the gem symmetric-encryption) and get the same result.

Solution 1:

PHP and Ruby take the key and IV as a binary string. They don't assume that it is Hex-encoded which means that only the first 32 characters of your 64 character key will be used. OpenSSL silently uses only the number of bytes it needs and doesn't throw an error (which it should in this case).

You probably want something like this in CryptoJS:

var key    = CryptoJS.enc.Utf8.parse("1234567890ABCDEF1234567890ABCDEF");
var iv     = CryptoJS.enc.Utf8.parse("1234567890ABCDEF");

So, although this key has 256 bits in it, the security is actually only 128 bits, because each character has only 4 bit in a Hex-encoded string.

Post a Comment for "Aes-256 Cbc Encryption Succeeds In Ruby/php, But Decryption Fails With Cryptojs"