You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 15, 2024. It is now read-only.
Hello Roland (@brainfoolong brainfoolong).
I am a junior developer, I have the task of implementing password verification on Laravel, on a project migrating from Node.
In the old platform, they used CryptoJs like this:
password: cryptojs.encrypt(JSON.stringify(req.body.password), secretKey).toString();
-----
let bytes = AES.decrypt(user.password.toString(), aesKey);
result = password === JSON.parse(bytes.toString(CryptoJS.enc.Utf8));
In Laravel tried this
$newEncrypter = new \Illuminate\Encryption\Encrypter(config('app.secret_key'), config('app.cipher'));
$decrypted = $newEncrypter->decrypt( $encrypted );
tinker output: Illuminate\Contracts\Encryption\DecryptException The payload is invalid.
Then I found your solution, tried to implement it but it didn't work.
You use salt, vector.
I don't have that.
And judging by the code, past developers did not use it.
I have an encrypted strings (in DB).
One original password and encrypted string (for tests)
And the key (aesKey).
I've been trying to come up with something for the second day, or find something on Google or Stackoverflow, but I can't.
Maybe you will have some ideas
The text was updated successfully, but these errors were encountered:
This is not a problem with this library. I can't help you. I do not provide code support for applications that i don't have written.
But, to give you some hints nonetheless:
cryptojs.encrypt is no default part of CryptoJS. First, original cryptojs variable called CryptoJS, not lowercase as in your code example. So it seems your old application have implemented a custom method to encrypt.
So also "AES" is not default of the global namespace. It's originally inside CryptoJS, like CryptoJS.AES. So another thing that seems to have a custom imlementation in your old project
You need to check what the old application really do with cryptojs.encrypt. What AES mode is used (aes-256-cbc or other).
Then use the exact same method in php (as you already have tried with the check function).
Verify what the out of JS is, then you must extract the correct parts in php
Usually a AES-256-CBC cipher has 3 parts. encryptedValue, salt and initialization vector. The last 2 are usually generated along with the encrypted text
You will find all this parts and how they work together in my library for PHP and JS.
Hello Roland (@brainfoolong brainfoolong).
I am a junior developer, I have the task of implementing password verification on Laravel, on a project migrating from Node.
In the old platform, they used CryptoJs like this:
In Laravel tried this
Also tried this and it return false
Then I found your solution, tried to implement it but it didn't work.
You use salt, vector.
I don't have that.
And judging by the code, past developers did not use it.
I have an encrypted strings (in DB).
One original password and encrypted string (for tests)
And the key (aesKey).
I've been trying to come up with something for the second day, or find something on Google or Stackoverflow, but I can't.
Maybe you will have some ideas
The text was updated successfully, but these errors were encountered: