Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
decrypt(encrypted, password) {
const key = forge.pkcs5.pbkdf2(password, this.salt, 10, 16); // numIterations set to 10
const decipher = forge.cipher.createDecipher(setting.cipherMode, key);
decipher.start({ iv: this.iv, tag: this.tag });
decipher.update(encrypted);
const pass = decipher.finish();
// const result = decipher.finish(); // check 'result' for true/false
// outputs decrypted hex
// console.log(decipher.output.toHex());
if (pass) {
return decipher.output.data;
}
console.log('Authentication failed.');
return false;
}
module.exports = (encryptedToken, key, iv) => {
const decipherToken = forge.cipher.createDecipher('AES-CBC', key);
decipherToken.start({ iv });
decipherToken.update(forge.util.createBuffer(forge.util.decode64(encryptedToken)));
const result = decipherToken.finish(); // check 'result' for true/false
if (!result) {
throw new Error(`Couldn't decrypt token: ${encryptedToken}`);
}
return decipherToken.output.toString();
};
function encryptAndSave(password, rawString, fileName) {
// AES key and IV sizes
const keySize = 24;
const ivSize = 8;
// get derived bytes
const salt = forge.random.getBytesSync(8);
const derivedBytes = forge.pbe.opensslDeriveBytes(
password, salt, keySize + ivSize/*, md*/);
const buffer = forge.util.createBuffer(derivedBytes);
const key = buffer.getBytes(keySize);
const iv = buffer.getBytes(ivSize);
let cipher = forge.cipher.createCipher('AES-CBC', key);
cipher.start({iv: iv});
cipher.update(forge.util.createBuffer(rawString, 'binary'));
cipher.finish();
let output = forge.util.createBuffer();
// if using a salt, prepend this to the output:
if(salt !== null) {
output.putBytes('Salted__'); // (add to match openssl tool output)
output.putBytes(salt);
}
output.putBuffer(cipher.output);
fs.writeFileSync(fileName +'.enc', output.getBytes(), {encoding: 'binary'});
return true;
}
export function decryptAES(jwkOrKey, encryptedResult) {
// TODO: Add assertion checks for JWK
const rawKey = typeof jwkOrKey === 'string' ? jwkOrKey : _b64UrlToHex(jwkOrKey.k);
const key = forge.util.hexToBytes(rawKey);
// ~~~~~~~~~~~~~~~~~~~~ //
// Decrypt with AES-GCM //
// ~~~~~~~~~~~~~~~~~~~~ //
const decipher = forge.cipher.createDecipher('AES-GCM', key);
decipher.start({
iv: forge.util.hexToBytes(encryptedResult.iv),
tagLength: encryptedResult.t.length * 4,
tag: forge.util.hexToBytes(encryptedResult.t),
additionalData: forge.util.hexToBytes(encryptedResult.ad),
});
decipher.update(forge.util.createBuffer(forge.util.hexToBytes(encryptedResult.d)));
if (decipher.finish()) {
return decodeURIComponent(decipher.output.toString());
} else {
throw new Error('Failed to decrypt data');
}
}
Encryption.prototype.encrypt = function encrypt(message) {
var key = this.encryptionKey;
var initializationVector = forge.random.getBytes(12);
var cipher = forge.cipher.createCipher('AES-GCM', key);
cipher.start({ iv: initializationVector });
cipher.update(forge.util.createBuffer(forge.util.encodeUtf8(message)));
cipher.finish();
var tag = cipher.mode.tag.getBytes();
var encryptedMessage = cipher.output.getBytes();
var result = this.btoa('1' + tag + initializationVector + encryptedMessage);
return result;
};
let bufferEncryptedData;
if(bUseBrotli)
{
bufferEncryptedData = Buffer.from(strBase64Data.substr(this.constructor.BROTLI_PREFIX.length), "base64");
}
else if(bNotCompressed)
{
bufferEncryptedData = Buffer.from(strBase64Data.substr(this.constructor.NONE_PREFIX.length), "base64");
}
else
{
bufferEncryptedData = Buffer.from(strBase64Data, "base64");
}
let decipher = forge.cipher.createDecipher("AES-CBC", this._keys[strEncryptionKeyIndex].aes_key);
decipher.start({iv: forge.util.createBuffer(bufferIV)});
decipher.update(forge.util.createBuffer(bufferEncryptedData));
decipher.finish();
let bufferDecryptedData = Buffer.from(decipher.output.getBytes(), "binary");
let strCompressionType = this.constructor.COMPRESSION_TYPE_ZLIB;
if(bUseBrotli)
{
strCompressionType = this.constructor.COMPRESSION_TYPE_BROTLI;
}
else if(bNotCompressed)
{
strCompressionType = this.constructor.NONE;
function decipher({ session, string, compress, alea, rsaKey, bytes })
{
if (rsaKey === undefined)
{
rsaKey = session.cleAES;
}
/*let md5 = string.substr(0, 32).toUpperCase();
string = string.slice(32);*/
let key = forge.md.md5.create().update(rsaKey.bytes()).digest();
let iv = session.ivAES.length() ? forge.md.md5.create().update(session.ivAES.bytes()).digest() : new forge.util.ByteBuffer();
let cipher = forge.cipher.createDecipher('AES-CBC', key);
cipher.start({
iv: iv
});
cipher.update(new forge.util.ByteBuffer(forge.util.hexToBytes(string)));
let result = cipher.finish() && cipher.output.bytes();
if (compress && !session.disableCompress)
{
result = pako.inflateRaw(result, {
to: 'string'
})
}
/*let toCompare = forge.md.md5.create().update(result).update(rsaKey.bytes()).digest().toHex().toUpperCase();
private decryptDataWithOtp(cipherText: string, password: string): string {
const decipher: forge.cipher.BlockCipher = forge.cipher.createDecipher(
"AES-CBC",
forge.pkcs5.pbkdf2(password, this.otpSecret, this.iterations, this.keySize),
);
decipher.start({ iv: forge.util.decode64(this.otp) });
decipher.update(forge.util.createBuffer(forge.util.decode64(cipherText)));
decipher.finish();
return decipher.output.toString();
}
}
forge.random.getBytes(32, (err2, iv) => {
const key = JSON.parse(buildInfo).rndkey;
const cipher = forge.cipher.createCipher('AES-CBC', key.toString());
cipher.start({ iv });
resolve({ cipher, iv });
}),
),
const decrypt = (key, secret, nonce) => {
let nonceInBytes = forge.util.hexToBytes(nonce.substring(0, NONCE_LENGTH));
const decipher = forge.cipher.createDecipher(
"AES-GCM",
forge.util.hexToBytes(key)
);
decipher.start({
iv: nonceInBytes,
output: null,
tag: forge.util.hexToBytes(
secret.substring(secret.length - TAG_LENGTH, secret.length)
)
});
decipher.update(
forge.util.createBuffer(
forge.util.hexToBytes(secret.substring(0, secret.length - TAG_LENGTH))
)