问题
I am trying to follow the instructions seen in the image to complete mutual authentication between a bluetooth smartcard reader and a mobile application.
Based on how I've interpreted the instructions, here is my attempt:
const randomNumbers = 'd3be845b701b37eff9f24ea6108c0f99';
const masterKey = '41435231323535552d4a312041757468';
const d1 = CryptoJS.AES.decrypt(
{
ciphertext: CryptoJS.enc.Hex.parse(randomNumbers),
},
CryptoJS.enc.Hex.parse(masterKey),
{
iv: CryptoJS.enc.Hex.parse('00000000000000000000000000000000'),
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.NoPadding,
},
),
const combined = randomNumbers.concat(d1.toString());
const d2 = CryptoJS.AES.decrypt(
{
ciphertext: CryptoJS.enc.Hex.parse(combined),
},
CryptoJS.enc.Hex.parse(masterKey),
{
iv: CryptoJS.enc.Hex.parse('00000000000000000000000000000000'),
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.NoPadding,
},
);
When I put this together into a full escape command and send it to the reader, I do get a response confirming that the format is valid. The problem is that the response doesn't contain a session key, which means that my encryption didn't work and I can't unlock full reader functionality.
Based on the decryption instructions below, is it possible I've misinterpreted this process?
来源:https://stackoverflow.com/questions/58867842/decrypting-aes-cipher-text-using-cryptojs