I've created an encrypted cookie in .Net and I'm trying to decrypt it's content in nodejs. But nodejs keeps throwing the exception "TypeError: DecipherFinal fail"
In .Net I'm using the AES encryption method with the key
932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC.
My web.config file has the following row
<machineKey validationKey="A5326FFC9D3B74527AECE124D0B7BE5D85D58AFB12AAB3D76319B27EE57608A5A7BCAB5E34C7F1305ECE5AC78DB1FFEC0A9435C316884AB4C83D2008B533CFD9"
decryptionKey="932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC"
validation="SHA1" decryption="AES" />
And the code that generates my cookie in .Net looks like this:
var ticket = new FormsAuthenticationTicket(0, "test", DateTime.Now, DateTime.Now.AddYears(1), true, "test");
var encryptedTicket = FormsAuthentication.Encrypt(ticket);
Response.Cookies.Add(new HttpCookie(cookieName, encryptedTicket));
The nodejs code that decrypts the cookie is
var crypto = require('crypto');
var logger = require('winston');
var deckey = "932D86BB1448EEAA423F38495A2290746D81C27E55D1DC264279537006D6F4CC";
function hex2a(hex) {
var str = '';
for (var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
}
function decrypt(cookie) {
var ivc = cookie, iv, cipherText, ivSize = 16, res;
ivc = new Buffer(ivc, 'hex');
iv = new Buffer(ivSize);
cipherText = new Buffer(ivc.length - ivSize);
ivc.copy(iv, 0, 0, ivSize);
ivc.copy(cipherText, 0, ivSize);
iv = new Buffer(Array(16));
c = crypto.createDecipheriv('aes-256-cbc', hex2a(deckey), iv.toString());
res = c.update(cipherText, 'binary');
res += c.final('binary'); //<-- throws TypeError: DecipherFinal fail
return res;
}
I'm kind of lost and I would appreciate tips or ideas on what could be the issue.
You can see the source code of Encryp and Decrypt here with all the different possibilities (Framework20SP1, Framework20SP2, etc)
https://github.com/Microsoft/referencesource/blob/master/System.Web/Security/FormsAuthentication.cs
It took me hours to read that code, but once you got it, it's possible to write a simple code just for your specific encryption settings.
A key is not a String, take a look at the method fromCharCode():
The
fromCharCode()method converts Unicode values into characters.
This means that any hexadecimal is converted to a textual character, while createDecipheriv() method specifies that:
key and iv must be 'binary' encoded strings or buffers.
Note that this is just one of the issues that may be present, I haven't had time to run the code (yet).
Your problem is probably a failure in automatic padding, turned on by default. You want to turn this off, by adding:
c.setAutoPadding(false);
来源:https://stackoverflow.com/questions/13890393/decrypt-net-cookie-in-nodejs