admin管理员组

文章数量:1335159

Let assume that I have an Phonegap mobile app, and I want to store some user data(username/pass_hash) in local indexed db for providing login to app in offline. I want to encrypt that data of course, and my app already use CryptoJS. As I understood, first I need to generate encryption_key by password using PBKDF2, and then just encrypt CryptoJS.AES. Example code:

function generateKey(p){
var salt = CryptoJS.lib.WordArray.random(128/8);
return CryptoJS.PBKDF2(p, salt, { keySize: 512/32, iterations: 1000 });     
}

var pass = "test1"; 
var iv  = CryptoJS.lib.WordArray.random(16);
key512Bits1000Iterations = generateKey(pass);
var encrypted = CryptoJS.AES.encrypt("Message", key512Bits1000Iterations, { iv: iv });
var decrypted = CryptoJS.AES.decrypt(encrypted, key512Bits1000Iterations, { iv: iv });

//decrypting with another key step
key512Bits1000Iterations2 = generateKey(pass);
var decrypted2 = CryptoJS.AES.decrypt(encrypted, key512Bits1000Iterations2, { iv: iv });
console.log("decrypted " + decrypted.toString(CryptoJS.enc.Utf8));
console.log("decrypted2 " + decrypted2.toString(CryptoJS.enc.Utf8));

Dynamic salt and iv are used. But when I second time generate key for decryption by same password I'm getting wrong result.(decrypted2 is empty) So I want to ask, what I should store between encryption sessions, salt and iv to ?(but as I understood it should be dynamic ) Thanks!

Let assume that I have an Phonegap mobile app, and I want to store some user data(username/pass_hash) in local indexed db for providing login to app in offline. I want to encrypt that data of course, and my app already use CryptoJS. As I understood, first I need to generate encryption_key by password using PBKDF2, and then just encrypt CryptoJS.AES. Example code:

function generateKey(p){
var salt = CryptoJS.lib.WordArray.random(128/8);
return CryptoJS.PBKDF2(p, salt, { keySize: 512/32, iterations: 1000 });     
}

var pass = "test1"; 
var iv  = CryptoJS.lib.WordArray.random(16);
key512Bits1000Iterations = generateKey(pass);
var encrypted = CryptoJS.AES.encrypt("Message", key512Bits1000Iterations, { iv: iv });
var decrypted = CryptoJS.AES.decrypt(encrypted, key512Bits1000Iterations, { iv: iv });

//decrypting with another key step
key512Bits1000Iterations2 = generateKey(pass);
var decrypted2 = CryptoJS.AES.decrypt(encrypted, key512Bits1000Iterations2, { iv: iv });
console.log("decrypted " + decrypted.toString(CryptoJS.enc.Utf8));
console.log("decrypted2 " + decrypted2.toString(CryptoJS.enc.Utf8));

Dynamic salt and iv are used. But when I second time generate key for decryption by same password I'm getting wrong result.(decrypted2 is empty) So I want to ask, what I should store between encryption sessions, salt and iv to ?(but as I understood it should be dynamic ) Thanks!

Share Improve this question asked Nov 15, 2016 at 9:22 MaximMaxim 111 gold badge1 silver badge2 bronze badges 2
  • If you're using salt for encryption, than you'd need to use the very same salt value to decrypt the message. – Eduard Malakhov Commented Nov 15, 2016 at 9:40
  • 1 Thanks! I also found a good article crackstation/hashing-security.htm may be useful someone. – Maxim Commented Nov 15, 2016 at 10:44
Add a ment  | 

1 Answer 1

Reset to default 3

You are generating a new salt in generateKey(...). This makes PBKDF2 derived a new key.

function generateKey(p){
    var salt = CryptoJS.lib.WordArray.random(128/8);
    return CryptoJS.PBKDF2(p, salt, { keySize: 512/32, iterations: 1000 });     
}

You would need to store the salt and iv between sessions. These two values don't need to be secret.

本文标签: javascriptCryptoJS how to generate a key every timeStack Overflow