我正在尝试解密Postman中现有的加密有效负载。加密在nodejs中进行,如下所示。我无法修改加密。请注意,有效负载是一个 json 对象,也是 base64 编码的:
import crypto from 'crypto'
export const encrypt = (text: any, key: string, iv: any) => {
const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(key), iv)
let encrypted = cipher.update(text)
encrypted = Buffer.concat([encrypted, cipher.final()])
return { iv: iv.toString('hex'), encryptedData: encrypted.toString('hex') }
}
我正在尝试使用加密 js 在邮递员中解码然后解密。下面是执行此操作的模拟代码:
var crypto = require("crypto-js");
var payload = 'eyJpdiI6ImFhMzAxYmQwYjE0ODNiZTQ3ZGIzNGZkYWMzYzZjZGNmIiwiZW5jcnlwdGVkRGF0YSI6IjYzNDUwYjdmNTBmM2I3Y2MyN2UwYmQ5MjlmMjRkNTZmZTFkY2Y4M2I3YjM3MjYxZDE4ZmJkMTc2YWUzZjU2ZTZiYmE3ZjcxNmQ0MWFlNGIxYWEwMTY3NjI4OTEyNjAwYjYwMzc5MmJhNmI4MWRjZTk4ZTQ2NDkxYjNjOGNhYmU5NDVjOWQ1ZDM4MzUzNGY5NWIwNDljYTM1Y2VlZjA2YTMyOTRkNzY2YjVjZDE3MTlmYjAxMTgzZjkyNWNhODFiM2UwOTM2NTUyNzVjYWU2M2JlMTE0Y2JjYTU0NmNiMjc2ODY0N2ZkYzc2YjRkYzJiMDk3ZjExMDQzNDI2OGE1ZGY3ZDVkZjYwYTVkZjZlMzg0NWIyMzYzNWIxNTVhYTRiZjU5MzU0OTFkYjY3ZWZjYjZhMjM4YTVkNDg5YzAxMDExMGU1NGE5ODc0MDE1MjQxZjJmZmY4ZDNhNmM1OWI5MjhhMzFlYWI4ZjA3M2ZlZGFlMjIxZWVjNWY4ZWM5MDRmMyJ9'
var decodedPayload = Buffer.from(payload, 'base64').toString('utf8');
console.log('decoded: ', decodedPayload);
var parsedPayload = JSON.parse(decodedPayload);
var iv = parsedPayload.iv;
var crypttext = parsedPayload.encryptedData;
console.log('iv: ', iv);
console.log('crypttext: ', crypttext);
var key = 'fpK92jhnf914Kahqkecnml96l4apmgOf';
var plaintextArray = CryptoJS.AES.decrypt(
{
ciphertext: CryptoJS.enc.Hex.parse(crypttext),
salt: ''
},
Buffer.from(key),
{ iv: CryptoJS.enc.Hex.parse(iv), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.NoPadding }
)
console.log('plaintextArray: ', plaintextArray);
console.log('res: ', CryptoJS.enc.Hex.stringify(plaintextArray));
我得到了一个字节数组,但没有纯文本的预期值。它应该是一个 json 对象。我是否在某处缺少一些编码翻译?任何帮助,不胜感激。
const CryptoJS = require('crypto-js');
const payload = 'eyJpdiI6ImFhMzAxYmQwYjE0ODNiZTQ3ZGIzNGZkYWMzYzZjZGNmIiwiZW5jcnlwdGVkRGF0YSI6IjYzNDUwYjdmNTBmM2I3Y2MyN2UwYmQ5MjlmMjRkNTZmZTFkY2Y4M2I3YjM3MjYxZDE4ZmJkMTc2YWUzZjU2ZTZiYmE3ZjcxNmQ0MWFlNGIxYWEwMTY3NjI4OTEyNjAwYjYwMzc5MmJhNmI4MWRjZTk4ZTQ2NDkxYjNjOGNhYmU5NDVjOWQ1ZDM4MzUzNGY5NWIwNDljYTM1Y2VlZjA2YTMyOTRkNzY2YjVjZDE3MTlmYjAxMTgzZjkyNWNhODFiM2UwOTM2NTUyNzVjYWU2M2JlMTE0Y2JjYTU0NmNiMjc2ODY0N2ZkYzc2YjRkYzJiMDk3ZjExMDQzNDI2OGE1ZGY3ZDVkZjYwYTVkZjZlMzg0NWIyMzYzNWIxNTVhYTRiZjU5MzU0OTFkYjY3ZWZjYjZhMjM4YTVkNDg5YzAxMDExMGU1NGE5ODc0MDE1MjQxZjJmZmY4ZDNhNmM1OWI5MjhhMzFlYWI4ZjA3M2ZlZGFlMjIxZWVjNWY4ZWM5MDRmMyJ9';
const key = 'fpK92jhnf914Kahqkecnml96l4apmgOf';
function decrypt(b64payload, key) {
const decodedData = Buffer.from(b64payload, "base64").toString("utf8");
const { iv, encryptedData } = JSON.parse(decodedData);
return CryptoJS.AES.decrypt(encryptedData, CryptoJS.enc.Utf8.parse(key), {
iv: CryptoJS.enc.Hex.parse(iv),
mode: CryptoJS.mode.CBC,
format: CryptoJS.format.Hex,
}).toString(CryptoJS.enc.Utf8);
}
console.log(decrypt(payload, key));
这对我有用。老实说,这主要是猜测,我想decrypt函数隐式地假设密文是十六进制的,你不必解析它。
顺便问一下,你不能用crypto.createDecipheriv吗?我认为这会更简单,我认为您需要在浏览器中运行它,这就是您想使用 CryptoJS 的原因,但您在代码中使用了Buffer.from。尽管这可以很容易地被浏览器环境中的atob()所取代。