我正在尝试对Postman中现有的加密有效载荷进行解密。加密在nodejs中进行,如下所示。我无法修改加密。请注意,有效负载是同样也是base64编码的json对象:
import crypto from 'crypto'
export const encrypt = (text: any, key: string, iv: any) => {
const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(key), iv)
let encrypted = cipher.update(text)
encrypted = Buffer.concat([encrypted, cipher.final()])
return { iv: iv.toString('hex'), encryptedData: encrypted.toString('hex') }
}
我正在尝试使用crypto-js在Postman中解码然后解密。这是执行此操作的模拟代码:
var crypto = require("crypto-js");
var payload = 'eyJpdiI6ImFhMzAxYmQwYjE0ODNiZTQ3ZGIzNGZkYWMzYzZjZGNmIiwiZW5jcnlwdGVkRGF0YSI6IjYzNDUwYjdmNTBmM2I3Y2MyN2UwYmQ5MjlmMjRkNTZmZTFkY2Y4M2I3YjM3MjYxZDE4ZmJkMTc2YWUzZjU2ZTZiYmE3ZjcxNmQ0MWFlNGIxYWEwMTY3NjI4OTEyNjAwYjYwMzc5MmJhNmI4MWRjZTk4ZTQ2NDkxYjNjOGNhYmU5NDVjOWQ1ZDM4MzUzNGY5NWIwNDljYTM1Y2VlZjA2YTMyOTRkNzY2YjVjZDE3MTlmYjAxMTgzZjkyNWNhODFiM2UwOTM2NTUyNzVjYWU2M2JlMTE0Y2JjYTU0NmNiMjc2ODY0N2ZkYzc2YjRkYzJiMDk3ZjExMDQzNDI2OGE1ZGY3ZDVkZjYwYTVkZjZlMzg0NWIyMzYzNWIxNTVhYTRiZjU5MzU0OTFkYjY3ZWZjYjZhMjM4YTVkNDg5YzAxMDExMGU1NGE5ODc0MDE1MjQxZjJmZmY4ZDNhNmM1OWI5MjhhMzFlYWI4ZjA3M2ZlZGFlMjIxZWVjNWY4ZWM5MDRmMyJ9'
var decodedPayload = Buffer.from(payload, 'base64').toString('utf8');
console.log('decoded: ', decodedPayload);
var parsedPayload = JSON.parse(decodedPayload);
var iv = parsedPayload.iv;
var crypttext = parsedPayload.encryptedData;
console.log('iv: ', iv);
console.log('crypttext: ', crypttext);
var key = 'fpK92jhnf914Kahqkecnml96l4apmgOf';
var plaintextArray = CryptoJS.AES.decrypt(
{
ciphertext: CryptoJS.enc.Hex.parse(crypttext),
salt: ''
},
Buffer.from(key),
{ iv: CryptoJS.enc.Hex.parse(iv), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.NoPadding }
)
console.log('plaintextArray: ', plaintextArray);
console.log('res: ', CryptoJS.enc.Hex.stringify(plaintextArray));
我得到了一个字节数组,但是没有纯文本中的期望值。它应该是一个json对象。我在某处缺少一些编码翻译吗?任何帮助表示赞赏。
答案 0 :(得分:0)
const CryptoJS = require('crypto-js');
const payload = 'eyJpdiI6ImFhMzAxYmQwYjE0ODNiZTQ3ZGIzNGZkYWMzYzZjZGNmIiwiZW5jcnlwdGVkRGF0YSI6IjYzNDUwYjdmNTBmM2I3Y2MyN2UwYmQ5MjlmMjRkNTZmZTFkY2Y4M2I3YjM3MjYxZDE4ZmJkMTc2YWUzZjU2ZTZiYmE3ZjcxNmQ0MWFlNGIxYWEwMTY3NjI4OTEyNjAwYjYwMzc5MmJhNmI4MWRjZTk4ZTQ2NDkxYjNjOGNhYmU5NDVjOWQ1ZDM4MzUzNGY5NWIwNDljYTM1Y2VlZjA2YTMyOTRkNzY2YjVjZDE3MTlmYjAxMTgzZjkyNWNhODFiM2UwOTM2NTUyNzVjYWU2M2JlMTE0Y2JjYTU0NmNiMjc2ODY0N2ZkYzc2YjRkYzJiMDk3ZjExMDQzNDI2OGE1ZGY3ZDVkZjYwYTVkZjZlMzg0NWIyMzYzNWIxNTVhYTRiZjU5MzU0OTFkYjY3ZWZjYjZhMjM4YTVkNDg5YzAxMDExMGU1NGE5ODc0MDE1MjQxZjJmZmY4ZDNhNmM1OWI5MjhhMzFlYWI4ZjA3M2ZlZGFlMjIxZWVjNWY4ZWM5MDRmMyJ9';
const key = 'fpK92jhnf914Kahqkecnml96l4apmgOf';
function decrypt(b64payload, key) {
const decodedData = Buffer.from(b64payload, "base64").toString("utf8");
const { iv, encryptedData } = JSON.parse(decodedData);
return CryptoJS.AES.decrypt(encryptedData, CryptoJS.enc.Utf8.parse(key), {
iv: CryptoJS.enc.Hex.parse(iv),
mode: CryptoJS.mode.CBC,
format: CryptoJS.format.Hex,
}).toString(CryptoJS.enc.Utf8);
}
console.log(decrypt(payload, key));
对我有用。坦白地说,这主要是猜测,我假设decrypt函数隐式地假定密文为十六进制,而您不必解析它。
顺便问一下,您不能只使用crypto.createDecipheriv吗?我认为这会更简单,我认为您需要在浏览器中运行它,这就是为什么要使用CryptoJS的原因,但是您在代码中使用了Buffer.from。尽管在浏览器环境中可以很容易地用atob()代替。