CryptoJS' encrypt
function with a password uses the same EVP_BytesToKey
function node.js' createCipher
, with the important difference that CryptoJS uses a random salt to derive whereas node does not (emphasis mine):
Note: createCipher derives keys with the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt.
Either you directly use CryptoJS in node which is possible, because CryptoJS doesn't have any dependencies, or you do the key derivation yourself on both ends and use crypto.createCipheriv
. If you do the former, you would have to additionally pass the salts of the username and password encryptions to node.
Note that data.username
is the CryptoJS cipherParams object which contains the salt and the IV, but when you convert this to string with data.username.toString()
, the salt is not included anymore, but the IV is. This is not the data
that you would put into the node.js functions. Send data.username.ciphertext
instead.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…