Re: encrypt/decrypt between javascript and postgresql.

On 3/11/20 5:46 PM, AC Gomez wrote:
> I'm trying to encrypt/decrypt between javascript and postgresql.
> 
> I'm using this: 
> https://gist.github.com/vlucas/2bd40f62d20c1d49237a109d491974eb algorithm to 
> encrypt my text, and then in PostgreSQL I use PGCRYPTO.decrypt_iv to 
> decrypt the text.
> 
> I pass in 'ThisISMySign' to the Encrypt function.
> 
> Encrypted string returned from 
> above: "fc9a03cbc8a57d4061570575f197c29c:a319a4bf354516f392ba96a895478af6"

A quick walk through the JS code found:

...

let decipher = crypto.createDecipheriv('aes-256-cbc', 
Buffer.from(ENCRYPTION_KEY), iv);

let decrypted = decipher.update(encryptedText);

decrypted = Buffer.concat([decrypted, decipher.final()]);

return decrypted.toString();


where

const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;

Pretty sure the below does not have access to the above.

> 
> I have to remove the colon to get something out...and so this:
> 
> select 
> decrypt_iv(decode('fc9a03cbc8a57d4061570575f197c29ca319a4bf354516f392ba96a895478af6','hex')::bytea, 
> 'sKCx49VgtHZ59bJOTLcU0Gr06ogUnDJi'::bytea, 'null'::bytea, 
> 'aes-cbc/pad:pkcs');
> 
> Gives me this: 6 á¶ðÒÿÆÛÏBSïÅThisISMySign

In my instance(12.1) I get:

                          decrypt_iv
------------------------------------------------------------
  \x36df9ec98ff4ad80b9a4b0425390baed5468697349534d795369676e

> 
> "ThisISMySign" was the original string. So I'm getting the right result 
> in half of the decrypted string.
> 
> The paremeter after the key, 3rd parameter, it can be any string. That 
> just changes the first part of the output, the garbage part.
> 
> In decrypt_iv I tried using the encryption algorithm name in the 
> javascript used to encrypt, but that gets me nowhere.
> 
> I cannot see what i'm missing here.
> 
> Thanks


-- 
Adrian Klaver
adrian.klaver@aklaver.com