Encryption: From PyCrypto to CryptoJS

.gitignore

source.sh

README.md

Encryption: From PyCrypto to CryptoJS

Sample code to encrypt using Python and decrypt in Javascript

app.js

var encrypted;

// Send the #to_encrypt string to be encrypted by Python and populate the Encryption Result Section
$("#do_encrypt").click(function () {
    var post_data = {
        to_encrypt: $("#to_encrypt").val()
    };
    
    $.post("/encrypt", post_data, function (data) {        
        encrypted = data;
        $("#encrypt_key").val(data.key);
        $("#encrypt_iv").val(data.iv);
        $("#encrypt_ct").val(data.ciphertext);
        
        $("#do_decrypt").removeAttr("disabled");
    });
});

// Output the decryption result to #decrypted, based on encrypted data from #do_encrypt
$("#do_decrypt").click(function () {
    var key = CryptoJS.enc.Hex.parse(encrypted.key),
        iv = CryptoJS.enc.Hex.parse(encrypted.iv),
        cipher = CryptoJS.lib.CipherParams.create({
            ciphertext: CryptoJS.enc.Base64.parse(encrypted.ciphertext)
        }),
        result = CryptoJS.AES.decrypt(cipher, key, {iv: iv, mode: CryptoJS.mode.CFB});
    
    $('#decrypted').val(result.toString(CryptoJS.enc.Utf8));
    
});

index.html

<html>
    <head>
        <title>Encryption: from Python to JS</title>
        <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css" type="text/css" />
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
    </head>
    
    <body>
        <div class="container">
            
            <h1>Encryption: from Python to JS</h1>

            <!-- To Encrypt Section -->
            <div class="panel panel-default">
                <div class="panel-body">
                    <div class="form-group">
                        <label for="to_encrypt">To encrypt:</label>
                        <textarea id="to_encrypt" class="form-control">A very secret statement made by an import person.</textarea>
                    </div>
                    <button id="do_encrypt" type="button" class="btn btn-primary">Encrypt Using Python</button>
                </div>
            </div>
            
            <!-- Encrypted Result Section -->
            <div class="panel panel-default">
                <div class="panel-body">
                    <label>Encryption Result:</label>
                    <div class="form-horizontal">
                        <div class="form-group">
                            <label for="encrypt_key" class="col-sm-2 control-label">Key:</label>
                            <div class="col-sm-10">
                                <input id="encrypt_key" class="form-control" disabled>
                            </div>
                        </div>
                        <div class="form-group">
                            <label for="encrypt_iv" class="col-sm-2 control-label">IV:</label>
                            <div class="col-sm-10">
                                <input id="encrypt_iv" class="form-control" disabled>
                            </div>
                        </div>
                        <div class="form-group">
                            <label for="encrypt_ct" class="col-sm-2 control-label">Encrypted:</label>
                            <div class="col-sm-10">
                                <textarea id="encrypt_ct" class="form-control" disabled></textarea>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
            
            <!-- Decrypt Section -->
            <div class="panel panel-default">
                <div class="panel-body">
                    <div class="form-group">
                        <label for="decrypted">Decrypt:</label>
                        <textarea id="decrypted" class="form-control"></textarea>
                    </div>
                    <button id="do_decrypt" type="button" class="btn btn-primary" disabled>Decrypt Using JS</button>
                </div>
            </div>

        </div>
        
        <script src="//crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
        <script src="//crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-cfb.js"></script>
        <script src="app.js"></script>
    </body>
</html>

server.py

#!/usr/bin/env python


import os, json
import binascii

from cgi import parse_header, parse_multipart
from urlparse import parse_qs
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer

from Crypto import Random
from Crypto.Cipher import AES

# ------------------------------
# DEFINE Encryption Class
class Cryptor(object):
	'''
	Provide encryption and decryption function that works with crypto-js.
	https://code.google.com/p/crypto-js/
	
	Padding implemented as per RFC 2315: PKCS#7 page 21
	http://www.ietf.org/rfc/rfc2315.txt
	
	The key to make pycrypto work with crypto-js are:
	1. Use MODE_CFB.  For some reason, crypto-js decrypted result from MODE_CBC
	   gets truncated
	2. Use Pkcs7 padding as per RFC 2315, the default padding used by CryptoJS
	3. On the JS side, make sure to wrap ciphertext with CryptoJS.lib.CipherParams.create()
	'''
	
	# AES-256 key (32 bytes)
	KEY = "01ab38d5e05c92aa098921d9d4626107133c7e2ab0e4849558921ebcc242bcb0"
	BLOCK_SIZE = 16
	
	@classmethod
	def _pad_string(cls, in_string):
		'''Pad an input string according to PKCS#7'''
		in_len = len(in_string)
		pad_size = cls.BLOCK_SIZE - (in_len % cls.BLOCK_SIZE)
		return in_string.ljust(in_len + pad_size, chr(pad_size))
	
	@classmethod
	def _unpad_string(cls, in_string):
		'''Remove the PKCS#7 padding from a text string'''
		in_len = len(in_string)
		pad_size = ord(in_string[-1])
		if pad_size > cls.BLOCK_SIZE:
			raise ValueError('Input is not padded or padding is corrupt')
		return in_string[:in_len - pad_size]
	
	@classmethod
	def generate_iv(cls, size=16):
		return Random.get_random_bytes(size)
	
	@classmethod
	def encrypt(cls, in_string, in_key, in_iv=None):
		'''
		Return encrypted string.
		@in_string: Simple str to be encrypted
		@key: hexified key
		@iv: hexified iv
		'''
		key = binascii.a2b_hex(in_key)
		
		if in_iv is None:
			iv = cls.generate_iv()
			in_iv = binascii.b2a_hex(iv)
		else:
			iv = binascii.a2b_hex(in_iv)
		
		aes = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
		return in_iv, aes.encrypt(cls._pad_string(in_string))
	
	@classmethod
	def decrypt(cls, in_encrypted, in_key, in_iv):
		'''
		Return encrypted string.
		@in_encrypted: Base64 encoded 
		@key: hexified key
		@iv: hexified iv
		'''
		key = binascii.a2b_hex(in_key)
		iv = binascii.a2b_hex(in_iv)
		aes = AES.new(key, AES.MODE_CFB, iv, segment_size=128)		
		
		decrypted = aes.decrypt(binascii.a2b_base64(in_encrypted).rstrip())
		return cls._unpad_string(decrypted)


# ------------------------------
# DEFINE HTTP Handler
class EncryptHandler(BaseHTTPRequestHandler):
	'''
	Simple webserver that server index.html and static "*.html" and "*.js" files,
	which special "/encrypt" URL that would return a JSON with encrypted data
	'''
	
	PORT_NUMBER = 8087
	SCRIPT_PATH = os.path.dirname(__file__)
	
	def _return_http_code(self, http_code):
		self.send_response(http_code)
		self.end_headers()
	
	def _return_file(self, in_file):
		''' '''
		if os.path.exists(in_file):
			with open(in_file) as f:
				self.send_response(200)
				if in_file.endswith(".html"):
					self.send_header('Content-type',"text/html")
				elif in_file.endswith(".js"):
					self.send_header('Content-type',"text/javascript")
				else:
					self.send_header('Content-type',"text/plain")
				self.end_headers()
				self.wfile.write(f.read())
		else:
			self._return_http_code(404)
	
	def _return_json(self, in_dict):
		'''Send JSON back to client from a dictionary'''
		self.send_response(200)
		self.send_header('Content-type','application/json')
		self.end_headers()
		self.wfile.write(json.dumps(in_dict))
	
	def do_GET(self):
		'''
		Serve static .html and .js files
		'''
		request_path = self.path
		if request_path == "/":
			self._return_file("index.html")
		elif request_path.endswith(".html") or request_path.endswith(".js"):
			self._return_file(self.SCRIPT_PATH + request_path)
		else:
			self._return_http_code(404)
			
		return
	
	def parse_POST(self):
		'''
		parse POST body
		'''
		ctype, pdict = parse_header(self.headers.getheader('content-type'))
		if ctype == 'multipart/form-data':
			postvars = parse_multipart(self.rfile, pdict)
		elif ctype == 'application/x-www-form-urlencoded':
			length = int(self.headers.getheader('content-length'))
			postvars = parse_qs(self.rfile.read(length), keep_blank_values=1)
		else:
			postvars = {}
		return postvars

	def do_POST(self):
		'''
		Perform the encryption in Python
		'''
		if self.path == "/encrypt":
			postvars = self.parse_POST()
			if postvars:
				to_encrypt = ''.join(postvars["to_encrypt"])
				iv, encrypted = Cryptor.encrypt(to_encrypt, Cryptor.KEY)
				result = {
					"key": Cryptor.KEY,
					"iv": iv,
					"ciphertext": binascii.b2a_base64(encrypted).rstrip()
				}
				#print "Encrypt result: %s" % result
				self._return_json(result)
			else:
				print "Error: POST received no data."
				self._return_http_code(500)
		else:
			self._return_http_code(404)

		return
		


# ------------------------------
# START WEB SERVER
try:
	#Create a web server and define the handler to manage the
	#incoming request
	server = HTTPServer(('', EncryptHandler.PORT_NUMBER), EncryptHandler)
	print 'Started httpserver on port ' , EncryptHandler.PORT_NUMBER
	
	#Wait forever for incoming htto requests
	server.serve_forever()

except KeyboardInterrupt:
	print '^C received, shutting down the web server'
	server.socket.close()

IT WORKS!!!
Thank you so much!!! I've spent a day figuring out why CryptoJS don't want to decrypt data from PyCrypto!!!

ah, nice +1

Amazing!

Thank you.

So i've been using this, it works good 99% of the times. But 1% of those times i get,

 Input strings must be a multiple of the segment size 16 in length

To test, this is the base64,

xn4g7HpQNZJcOzm+h4AEkUkaXF/FkaWE6HvsYQH53dYmSHb1oa6t2MmVBVCIXOC/3AbFuQ9HbuO5BYxVGovqNMeY9P2PnXGMqYayUQpP80ZfYORVEgKYtDh+KkBcQ2PrwkknGBeULGPQGMOuS+97MmBFxa0pkZM/DqUg73gEgqHVHjMb22//TDkXvruWxy3MDhWwk+MmFaagDZqcKPRTNOiCAesSaoB4KzwzqIuPuAUF8l0HASFcmbeU8SKwmbMg

IV

8a609bf8eeb96d339ecedf59aed5b43b

Cryptor.KEY remains the same.

Try to decrypt this in python you'll get the mentioned error, but it decrypts fine in cryptoJS.

Any help would be really appreciated.

Thanks

Not working. How to use?

Sending any kind of data over the internet without authentication is bunk. CFB doesn't even require padding, so why do you add it? Possibly, if CBC is not working, you might want and try to find out why instead of randomly using another mode of operation.

Simple, yay! "it works", yay! Just a shame it is completely insecure to send anything over the wire using just CFB mode.

@kodeine:

There is a bug in the legacy PyCrypto library that requires the plaintext to be padded to the segment size in CFB mode. This is a bug insofar as the CFB mode is a stream cipher mode and does not require padding if implemented correctly. This bug has been fixed in the successor PyCryptodome.

The padding during encryption and the unpadding during decryption are therefore a workaround that is necessary for using the CFB mode with the PyCrypto library.

---

The error message is caused by the rstrip() in decrypt():

decrypted = aes.decrypt(binascii.a2b_base64(in_encrypted).rstrip()) 

which truncates parts of the ciphertext at the end if these are whitespaces, so that the length is no longer a multiple of the segment size.

You can easily see this in your sample data. If the ciphertext is not Base64 encoded, but hex encoded, you can see that there is a 0x20 (blank) at the end, which is removed by rstrip():

c67e20ec7a5035925c3b39be87800491491a5c5fc591a584e87bec6101f9ddd6264876f5a1aeadd8c9950550885ce0bfdc06c5b90f476ee3b9058c551a8bea34c798f4fd8f9d718ca986b2510a4ff3465f60e455120298b4387e2a405c4363ebc249271817942c63d018c3ae4bef7b326045c5ad2991933f0ea520ef780482a1d51e331bdb6fff4c3917bebb96c72dcc0e15b093e32615a6a00d9a9c28f45334e88201eb126a80782b3c33a88b8fb80505f25d0701215c99b794f122b099b320

---

The fix is to remove rstrip(), s. https://www.jdoodle.com/ia/1GYJ.