logo标签列表

如何在Node.js中使用AES GCM加密并在浏览器中解密?

javascriptencryptioncryptographyaes-gcmwebcrypto-api
7
我将尝试在Node.js中加密一段字符串,并需要在前端JavaScript中解密。在Node.js中,我使用了加密库,在前端中使用了Web加密。但是在前端解密时遇到了一些错误。 Node.js 
const crypto = require('crypto');
const iv = crypto.randomBytes(12);
const algorithm = 'aes-256-gcm';
let password = 'passwordpasswordpasswordpassword';
let text = 'Hello World!';
let cipher = crypto.createCipheriv(algorithm, password, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
var tag = cipher.getAuthTag();
let cipherObj = {
    content: encrypted,
    tag: tag,
    iv: iv
}

前端

let cipherObj;  //GET FROM BE
let aesKey = await crypto.subtle.importKey(
  "raw",
  Buffer.from('passwordpasswordpasswordpassword'), //password
  "AES-GCM",
  true,
  ["decrypt"]
);

let decrypted = await window.crypto.subtle.decrypt(
  {
    name: "AES-GCM",
    iv: Buffer.from(cipherObj.iv),
    tagLength: 128
  },
  aesKey,
  Buffer.concat([Buffer.from(cipherObj.content), Buffer.from(cipherObj.tag)])
);

前端的解密函数出现错误。

ERROR Error: Uncaught (in promise): OperationError
    at resolvePromise (zone.js:814)
    at zone.js:724
    at rejected (main.js:231)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (zone.js:388)
    at Object.onInvoke (core.js:3820)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invoke (zone.js:387)
    at Zone.push../node_modules/zone.js/dist/zone.js.Zone.run (zone.js:138)
    at zone.js:872
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:421)
    at Object.onInvokeTask (core.js:3811)
    at ZoneDelegate.push../node_modules/zone.js/dist/zone.js.ZoneDelegate.invokeTask (zone.js:420)
    at Zone.push../node_modules/zone.js/dist/zone.js.Zone.runTask (zone.js:188)
    at drainMicroTaskQueue (zone.js:595)

PS: 我正在前端使用 Angular 7

你解决了吗? - Diana Ysabel
1个回答
3

我通过一些更改成功地使其工作:

  1. 我使用SHA-256来哈希密码,因此它可以是任意长度。(OP要求32字节的字符串。)
  2. 我从另一个答案中添加了其他辅助函数,用于将缓冲区转换为/从十六进制。
  3. 我以JSON格式打印输出cipherObj。这是您的加密消息负载。

Helpers - NodeJS和浏览器

// look up tables
var to_hex_array = [];
var to_byte_map = {};
for (var ord=0; ord<=0xff; ord++) {
    var s = ord.toString(16);
    if (s.length < 2) {
        s = "0" + s;
    }
    to_hex_array.push(s);
    to_byte_map[s] = ord;
}

// converter using lookups
function bufferToHex2(buffer) {
    var hex_array = [];
    //(new Uint8Array(buffer)).forEach((v) => { hex_array.push(to_hex_array[v]) });
    for (var i=0; i<buffer.length; i++) {
        hex_array.push(to_hex_array[buffer[i]]);
    }
    return hex_array.join('')
}
// reverse conversion using lookups
function hexToBuffer(s) {
    var length2 = s.length;
    if ((length2 % 2) != 0) {
        throw "hex string must have length a multiple of 2";
    }
    var length = length2 / 2;
    var result = new Uint8Array(length);
    for (var i=0; i<length; i++) {
        var i2 = i * 2;
        var b = s.substring(i2, i2 + 2);
        result[i] = to_byte_map[b];
    }
    return result;
}

后端使用 hex2buffer,前端使用 buffer2hex,但你可以在两端都包含这段代码。
因此,后端代码是以上帮助函数加上:
NodeJS
const crypto = require('crypto');
const iv = crypto.randomBytes(12);
const algorithm = 'aes-256-gcm';
let password = 'This is my password';
let key = crypto.createHash("sha256").update(password).digest();
let text = 'This is my test string, with  emoji in it!';
let cipher = crypto.createCipheriv(algorithm, key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
var tag = cipher.getAuthTag();
let cipherObj = {
    content: encrypted,
    tag: bufferToHex2(tag),
    iv: bufferToHex2(iv)
}

console.log(JSON.stringify(cipherObj));

由于随机IV,每次运行输出都会发生变化,但以下是一个示例:

{"content":"22da4796365ac1466f40022dd4510266fa3e24900b816f365e308cf06c95237783d1043c7deeb45d00381f8ff9ed","tag":"b7007905163b2d4890c9452c8edc1821","iv":"eb4758787164f95ac22ee50d"}

那么,示例前端代码就是上面的辅助函数加上:

浏览器

let cipherObj;  //GET FROM BACKEND
// For example:
cipherObj = {"content":"22da4796365ac1466f40022dd4510266fa3e24900b816f365e308cf06c95237783d1043c7deeb45d00381f8ff9ed","tag":"b7007905163b2d4890c9452c8edc1821","iv":"eb4758787164f95ac22ee50d"}

let password = 'This is my password';

let enc = new TextEncoder();
let key = await window.crypto.subtle.digest({ name:"SHA-256" }, enc.encode(password));
let aesKey = await crypto.subtle.importKey(
  "raw",
  key,
  "AES-GCM",
  true,
  ["decrypt"]
);

let decrypted = await window.crypto.subtle.decrypt(
  {
    name: "AES-GCM",
    iv: hexToBuffer(cipherObj.iv),
    tagLength: 128
  },
  aesKey,
  hexToBuffer(cipherObj.content + cipherObj.tag)
);

let dec = new TextDecoder();
console.log(dec.decode(decrypted));
// This is my test string, with  emoji in it!

一些加密 参考示例

严肃地说,谁想到NodeJS和浏览器每一次都应该有不同的API。 - Jeff Ward
2
非常感谢!哈哈,你真的是在两个小时前发布的吗?我在凌晨2:30醒来,正在苦苦挣扎着解决这个问题,我差点要放弃了!最终帮助我的是看到我需要在解密之前将auth标签附加到消息上!而且,意识到node.js crypto生成的16 BYTE标记与crypto.subtle所期望的128 BIT标记相匹配!在找到您的帖子后的2分钟内,我就搞定了!真希望我能请你喝杯啤酒 :) - spartan_dev
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接