1

So, I've developed a user chat using Websockets, with ASP.MVC on the server.

I wanted to encrypt all messages (using AES) sent and received from websockets. To do so, I tried to encrypt the user message before sending (using Crypto.js) and decrpyt it on the server (using Security.Cryptography .net).

The problem is that the encrypted message on the client is different from the encrypted message on the server (with message,key and initialization vector being the same on the client and the user).

Is this a good way of doing the websockets message encrypting? What other solutions would you recommend me?

CryptoJS:

 var encrypted = CryptoJS.AES.encrypt("Message", communicationKey, { iv : communicationIV}, { mode: CryptoJS.mode.CFB });

.NET Cryptography:

 byte[] encryptedMessage = EncryptStringToBytes_Aes(decryptedMessage, keyToDecrypt, ivToDecrypt); return Convert.ToBase64String(encryptedMessage);

The Crypto.js encrypted string is:

U2FsdGVkX18wnoGfYzHo2Ms/6CKsRC+cE1fj8ylSPlI=

And the .NET`s Security.Cryptography is:

kLApirWt1VcVu3tTuAizgA==

I`m using the same key and initalization vector on both sides. What could be the problem?

Improve this question

1 Answer 1

Reset to default
3

I assume that you want to use CFB mode, because you reference this in your JavaScript code and EncryptStringToBytes_Aes already does this.

Put the mode into the first config object. There is no second one:

var encrypted = CryptoJS.AES.encrypt("Message", communicationKey, { iv : communicationIV, mode: CryptoJS.mode.CFB });

Also, CryptoJS formats the output using an OpenSSLFormatter. It includes a salt in there if you use a password based encryption, but it seems that you don't have one. If you want to make sure that only the ciphertext is exchanged, encode it as CryptoJS.enc.Base64.stringify(encrypted.ciphertext) into Base64 instead of using encrypted.toString().

Don't forget to include mode-cfb.js in your page if you're using the aes rollup, because only CBC is included in there.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I tried that. I get "Cannot read property 'createEncryptor' of undefined" error. :|
That's probably because CFB is not initially included in the aes rollup. You have to include the js yourself.
I'm very close to the final answer. Now, the output after atob(encrypted.ciphertext)) is q·øëm8ßÝÞÑݹç¯{yÝ}Ó¦Üo7. The number of characters is the same with what .NET gave, only the encoding isn`t.
That's why I said, that you need an encoding. I'll include it explicitly.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.