From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | AC Gomez <antklc(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: encrypt/decrypt between javascript and postgresql. |
Date: | 2020-03-13 19:17:02 |
Message-ID: | 309850a0-ccd6-8ddb-f6ba-e7999ce73681@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 3/11/20 5:46 PM, AC Gomez wrote:
> I'm trying to encrypt/decrypt between javascript and postgresql.
>
> I'm using this:
> https://gist.github.com/vlucas/2bd40f62d20c1d49237a109d491974eb algorithm to
> encrypt my text, and then in PostgreSQL I use PGCRYPTO.decrypt_iv to
> decrypt the text.
>
> I pass in 'ThisISMySign' to the Encrypt function.
>
> Encrypted string returned from
> above: "fc9a03cbc8a57d4061570575f197c29c:a319a4bf354516f392ba96a895478af6"
A quick walk through the JS code found:
...
let decipher = crypto.createDecipheriv('aes-256-cbc',
Buffer.from(ENCRYPTION_KEY), iv);
let decrypted = decipher.update(encryptedText);
decrypted = Buffer.concat([decrypted, decipher.final()]);
return decrypted.toString();
where
const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
Pretty sure the below does not have access to the above.
>
> I have to remove the colon to get something out...and so this:
>
> select
> decrypt_iv(decode('fc9a03cbc8a57d4061570575f197c29ca319a4bf354516f392ba96a895478af6','hex')::bytea,
> 'sKCx49VgtHZ59bJOTLcU0Gr06ogUnDJi'::bytea, 'null'::bytea,
> 'aes-cbc/pad:pkcs');
>
> Gives me this: 6 á¶ðÒÿÆÛÏBSïÅThisISMySign
In my instance(12.1) I get:
decrypt_iv
------------------------------------------------------------
\x36df9ec98ff4ad80b9a4b0425390baed5468697349534d795369676e
>
> "ThisISMySign" was the original string. So I'm getting the right result
> in half of the decrypted string.
>
> The paremeter after the key, 3rd parameter, it can be any string. That
> just changes the first part of the output, the garbage part.
>
> In decrypt_iv I tried using the encryption algorithm name in the
> javascript used to encrypt, but that gets me nowhere.
>
> I cannot see what i'm missing here.
>
> Thanks
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | PegoraroF10 | 2020-03-14 13:48:55 | Reading WALs |
Previous Message | Ron | 2020-03-13 17:36:39 | Re: vacuum full doubled database size |