Re: encrypt/decrypt between javascript and postgresql.

On 3/11/20 5:46 PM, AC Gomez wrote:
> I'm trying to encrypt/decrypt between javascript and postgresql.
>
> I'm using this:
> https://gist.github.com/vlucas/2bd40f62d20c1d49237a109d491974eb algorithm to
> encrypt my text, and then in PostgreSQL I use PGCRYPTO.decrypt_iv to
> decrypt the text.
>
> I pass in 'ThisISMySign' to the Encrypt function.
>
> Encrypted string returned from
> above: "fc9a03cbc8a57d4061570575f197c29c:a319a4bf354516f392ba96a895478af6"

A quick walk through the JS code found:

...

let decipher = crypto.createDecipheriv('aes-256-cbc',
Buffer.from(ENCRYPTION_KEY), iv);

let decrypted = decipher.update(encryptedText);

decrypted = Buffer.concat([decrypted, decipher.final()]);

return decrypted.toString();

where

const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;

Pretty sure the below does not have access to the above.

>
> I have to remove the colon to get something out...and so this:
>
> select
> decrypt_iv(decode('fc9a03cbc8a57d4061570575f197c29ca319a4bf354516f392ba96a895478af6','hex')::bytea,
> 'sKCx49VgtHZ59bJOTLcU0Gr06ogUnDJi'::bytea, 'null'::bytea,
> 'aes-cbc/pad:pkcs');
>
> Gives me this: 6 á¶ðÒÿÆÛÏBSïÅThisISMySign

In my instance(12.1) I get:

decrypt_iv
------------------------------------------------------------
\x36df9ec98ff4ad80b9a4b0425390baed5468697349534d795369676e

>
> "ThisISMySign" was the original string. So I'm getting the right result
> in half of the decrypted string.
>
> The paremeter after the key, 3rd parameter, it can be any string. That
> just changes the first part of the output, the garbage part.
>
> In decrypt_iv I tried using the encryption algorithm name in the
> javascript used to encrypt, but that gets me nowhere.
>
> I cannot see what i'm missing here.
>
> Thanks

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com