An issue when decrypting json on php about cryptojs-aes-php HOT 18 CLOSED

Do you have example code/output?

from cryptojs-aes-php.

For example, I encoded value "asdfasdf" via CyptoJS method as below:
CryptoJS.AES.encrypt( JSON.stringify("asdfasdf"), "my passphrase", {format: CryptoJSAesJson}).toString();

Sometimes, the 'ct' in json code contained as blow:
{"ct":"VanWxFPKp hK1i5vNIaexg==","iv":"a131e9ca4a0e965d58be3f335797ba10","s":"8b2f34b47ba02738"}

If the 'ct' contained any space, it would failed to be decoded via cryptoJsAesDecrypt method only in PHP site as below: (note: it work as well with JS for encode or decode method)
cryptoJsAesDecrypt("my passphrase", '{"ct":"VanWxFPKp hK1i5vNIaexg==","iv":"a131e9ca4a0e965d58be3f335797ba10","s":"8b2f34b47ba02738"}');

Basically, I solved my issue via a tricking way that is to pass the json code without white-space to PHP.

Hope, It will make the PHP lib more stable.

PS: If it only happened to me, please skip this issue.

thanks!

from cryptojs-aes-php.

It seems that CryptoJS add invalid whitespace in the base64 encoding text. This is not valid for any other base64 decode function, so PHP cannot handle this.

This is a problem. I will fix this in this repository soon.

from cryptojs-aes-php.

Hi, i am facing exactly the same issue , any idea if there is a workaround or a fix.

from cryptojs-aes-php.

It's fixed now with latest master. You just have to update aes-json-format.js. Don't forget to flush browser cache with F5 or CTRL+F5 on the used website after changing the file.

from cryptojs-aes-php.

thank you for your reactivity
good job

from cryptojs-aes-php.

i updated the aes-json-format.js and still having the same issue
i understood that you added the replace method cal to stringify function in order to eliminate the space

from cryptojs-aes-php.

Can you verify that there is still a whitespace in the json encoding string? It can't really be possible now.

from cryptojs-aes-php.

Here was a tricky way to solve the issue I used before. Hope it could help.

do {
var encryptedpwd = CryptoJS.AES.encrypt(
JSON.stringify(document.getElementById('btn_password').value),
"my passphrase",
{format: CryptoJSAesJson}
).toString();
} while( JSON.parse(encryptedpwd)['ct'].indexOf('+') > -1 )

from cryptojs-aes-php.

@cweiming This "fix" is strange, you search for the + character and redo encryption as long as a plus char is in. + is perfectly valid and it work fine for me if something contains that key.

from cryptojs-aes-php.

Basically, I don't know what kinda character containing in encoded string. When you print out the encoded string, the char looked like a whitespace. Finally I found it's not a real whitespace, but a char +.

I couldn't remember why I found a char +. Anyway it works as well for me.

from cryptojs-aes-php.

yes the encoded strin contains blanks, below an example
{"ct":"nYeWps QOIsD0 RHPob/ Q==","iv":"11367096de8dbb1f58ad770a5e08bd79","s":"5d9a557f1718614c"}
this time 2 blanks are included in the "ct"

from cryptojs-aes-php.

Ok, than please make 100% sure that nothing is cached in your browser and that you have used the correct new file. It literally cannot happen anymore that there are whitespace in generated encoded string.

from cryptojs-aes-php.

cached files cleared, browser in private mode, result:
{"ct":"9iMR76dADs scUlzSGFrg==","iv":"68d02b2aafc6afdaaf0735abd044050f","s":"67c7ccae6bf7786d"}
as you can see , an other double blank is generated
the code i use is copyed from the the master update 26 april 2018:
var CryptoJSAesJson = {
stringify: function (cipherParams) {
var j = {ct: cipherParams.ciphertext.toString(CryptoJS.enc.Base64)};
if (cipherParams.iv) j.iv = cipherParams.iv.toString();
if (cipherParams.salt) j.s = cipherParams.salt.toString();
return JSON.stringify(j).replace(/\s/g, '');
},
parse: function (jsonStr) {
var j = JSON.parse(jsonStr);
var cipherParams = CryptoJS.lib.CipherParams.create({ciphertext: CryptoJS.enc.Base64.parse(j.ct)});
if (j.iv) cipherParams.iv = CryptoJS.enc.Hex.parse(j.iv);
if (j.s) cipherParams.salt = CryptoJS.enc.Hex.parse(j.s);
return cipherParams;
}
}

from cryptojs-aes-php.

Thank you. This is so weird, this should be impossible. I have no idea what else we can do here. I have tested it on 2 servers with the new version, i don't get any whitespace anymore.

Another fix probably is to modify the PHP functions, but that's the wrong way around because the initial error is that output.

from cryptojs-aes-php.

As I mentioned before, the blank not a real whitespace, so "JSON.stringify(j).replace(/\s/g, '');" should not work as I tried before. The blank appears occasionally, and hard to find out by eyes. Anyway, hope those comments can help.

from cryptojs-aes-php.

@cweiming I guess your case is different. The + sign is valid in this case, a real whitespace, on the other hand, is not. I also had the problem with whitespace, but the last fix on the master fixed it for me.

I have a + every 30% and it isn't a problem. Work fine.

from cryptojs-aes-php.

@brainfoolong

got it. I haven't tried your new updated version. But till now, i used the tricky way I mentioned before, I haven't got problem anymore. I am also curious what kinda problem @hichemguidara is facing now.

from cryptojs-aes-php.