我到达以下代码,并想知道这是否是使用CryptoJS生成AES-CBC-192密码的正确和安全的方法:
原问题码:
let encrypt = (text,key) => {
let salt = "M@Tr05K@";
let iv = CryptoJS.lib.WordArray.random(16);
let key_to_bits = CryptoJS.PBKDF2(key,salt,{keySize: 192/8, iterations:30000});
return CryptoJS.AES.encrypt(text,key,{iv:iv}).toString();
}
encrypt("Lorem ipsum...","¿MinhaSenha?>Segur@?");
建议修改的代码:
let encrypt = (text, key) => {
let salt = CryptoJS.lib.WordArray.random(16);
let iv = CryptoJS.lib.WordArray.random(16);
let key_to_bits = CryptoJS.PBKDF2(key, salt, {
keySize: 192 / 32,
iterations: 30000
});
return {result : CryptoJS.AES.encrypt(text, key_to_bits, {
iv: iv
}).toString(),
salt:CryptoJS.enc.Hex.stringify(salt),
iv:CryptoJS.enc.Hex.stringify(iv)
};
}
encrypt("Lorem ipsum...", "¿MinhaSenha?>Segur@?");
谢谢你的聆听:)
这里我刚刚完成了使用PBKdf2从密码中获取AES-CBC-256,这是使用Web加密api https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
不是你正在寻找的,但它可能有助于方向,从下面删除importKey并阅读https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey
function generateKey(passwd, iterations) {
var encoder = new TextEncoder('utf-8');
var passphraseKey = encoder.encode(passwd);
var saltBuffer = encoder.encode("carthage");
crypto.subtle.importKey(
'raw',
passphraseKey,
{name: 'PBKDF2'},
false,
['deriveBits', 'deriveKey']
).then(function(key) {
// console.log(key);
return window.crypto.subtle.deriveKey(
{ "name": 'PBKDF2',
"salt": saltBuffer,
"iterations": iterations,
"hash": 'SHA-256'
},
key,
{ "name": 'AES-CBC',
"length": 256
},
true,
[ "encrypt", "decrypt" ]
)
}).then(function (webKey) {
// console.log(webKey);
return crypto.subtle.exportKey("raw", webKey);
}).then(function (buffer) {
// console.log(buffer);
// console.log(saltBuffer);
console.log("Private Key = " + buf2hex(buffer));
console.log("Salt = " + bytesToHexString(saltBuffer));
});
}
function buf2hex(buffer) { // buffer is an ArrayBuffer
return Array.prototype.map.call(new Uint8Array(buffer), x => ('00' + x.toString(16)).slice(-2)).join('');
}
function bytesToHexString(byteArray) {
return Array.prototype.map.call(byteArray, function(byte) {
return ('0' + (byte & 0xFF).toString(16)).slice(-2);
}).join('');
}