Need to decrypt an AES encrypted string that was encrypted in flutter https://pub.dev/packages/encrypt

Questions / Help
1

Hi guys,

I battling to decrypt a string that was encrypted using this
encrypt | Dart Package. link in flutter.

AES Encryption

privateKEY = “%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J”
privateINV = “}Lq5Wu~nkr\Vdfm~”
Encrypted string = “rMCS4wiyvQH7nXx6slP6rA==”
Actual massage should be = “Fantastic”

The flutter code to encrypt is

Using this library to encrypt text only.


import 'package:encrypt/encrypt.dart';
import 'package:flutter_dotenv/flutter_dotenv.dart';

class EncryptAESData {
  static Encrypted encrypted;
  static var decrypted;

  static String encryptAES(data) {
    final key = Key.fromUtf8(dotenv.env['privateKEY']);
    final iv = IV.fromUtf8(dotenv.env['privateINV']);
    final encrypter = Encrypter(AES(key));
    encrypted = encrypter.encrypt(data, iv: iv);
    return encrypted.base64;
  }

  static decryptAES(data) {
    final key = Key.fromUtf8(dotenv.env['privateKEY']);
    final iv = IV.fromUtf8(dotenv.env['privateINV']);
    final encrypter = Encrypter(AES(key));
    String decrypted = "";
    if (data != "") {
      try {
        decrypted = encrypter.decrypt(Encrypted.fromBase64(data), iv: iv);
      } catch (exception) {
        decrypted = data;
      }
    }
    return decrypted;
  }
}

I’m getting nothing back and i suspect the :crypto.crypto_one_time function i’m using is getting the wrong binary arguments

Here is an example of how i’m getting the binary from the string, if thats even what i’m supposed to do

b_password = :crypto.hash(:md5, privateKEY)

2

It should work with something like :

secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
iv = "}Lq5Wu~nkr\Vdfm~"
payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")
:crypto.crypto_one_time(:aes_128_cbc, secret, iv, payload, false)

but your iv length is 15 bytes, and it should be 16 :

iex(20)> :crypto.crypto_one_time(:aes_256_cbc, secret, iv, payload, false)
** (ErlangError) Erlang error: {:badarg, {'api_ng.c', 310}, 'Bad iv size'}:

  * 3rd argument: Bad iv size

    crypto.erl:967: :crypto.crypto_one_time(:aes_256_cbc, "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J", "}Lq5Wu~nkrVdfm~", <<172, 192, 146, 227, 8, 178, 189, 1, 251, 157, 124, 122, 178, 83, 250, 172>>, false)
    iex:20: (file)
3

Thanks for the reply ChristopheBelpaire,

does the iv argument have to be binary when given to the one_time function and the key can be a string?
because when i try Base.decode16! the key i get (ArgumentError) non-alphabet digit found: “%” as that how other Help with crypto module - crypto_one_time method - (ArgumentError) argument error Issue - #2 by NobbZ users have done

  # Use AES 128 Bit Keys for Encryption.
  @block_size 16

  def encrypt(plaintext) do
    # create random Initialisation Vector
    iv = "}Lq5Wu~nkr\Vdfm~"
    # sample secret_key is a 32 bit hex string
    secret_key = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
    plaintext = pad(plaintext, @block_size)
    encrypted_text = :crypto.crypto_one_time(:aes_128_cbc, secret_key, iv, plaintext, true )
    encrypted_text = ( iv <>  encrypted_text )
    :base64.encode(encrypted_text)
  end

  def decrypt(ciphertext) do
    secret_key = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
    ciphertext = :base64.decode(ciphertext)
    <<iv::binary-16, ciphertext::binary>> = ciphertext
    decrypted_text = :crypto.crypto_one_time(:aes_128_cbc, secret_key, iv, ciphertext, false )
    unpad(decrypted_text)
  end

  def unpad(data) do
    to_remove = :binary.last(data)
    :binary.part(data, 0, byte_size(data) - to_remove)
  end

# PKCS5Padding
  def pad(data, block_size) do
    to_add = block_size - rem(byte_size(data), block_size)
    data <> :binary.copy(<<to_add>>, to_add)
  end
end
4

:crypto.hash is definitely digging in the wrong spot.

The post from @ChristopheBelpaire almost has it, but the cipher + mode need to match the defaults that encrypt is using:

  • it appears to pick the block size based on the key, so a 32-byte key → AES-256
  • the default AESMode is SIC, also known as CTR

In addition, the given IV has an explicit \ in it, so it needs to be written as \\ inside ".

Putting it all together:

secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"

iv = "}Lq5Wu~nkr\\Vdfm~"

payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")

:crypto.crypto_one_time(:aes_256_ctr, secret, iv, payload, false)

# result: "Fantastic\a\a\a\a\a\a\a"

HOWEVER

Using a fixed IV in CTR mode is BAD. Real bad. The original code you posted gets the IV from dotenv, which leads me to believe the same value is used for every encryption.

Reusing an IV for CTR mode means that an attacker that knows ONE plaintext and the corresponding ciphertext can read ANY shorter ciphertext, because the “key stream” is identical for every encryption operation.

A demonstration:

defmodule CompareStream do
  def to_bytes(s) do
    for <<x::8 <- s>>, do: x
  end

  def xor(s1, s2) do
    [to_bytes(s1), to_bytes(s2)]
    |> Enum.zip()
    |> Enum.map(fn {b1, b2} -> Bitwise.bxor(b1, b2) end)
  end
end

secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"

iv = "}Lq5Wu~nkr\\Vdfm~"

payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")

message = :crypto.crypto_one_time(:aes_256_ctr, secret, iv, payload, false)

other_message = "lolwut\a\a\a\a\a\a\a\a\a\a"

other_payload = :crypto.crypto_one_time(:aes_256_ctr, secret, iv, other_message, true)

CompareStream.xor(message, payload) |> IO.inspect(label: "first key stream")

CompareStream.xor(other_message, other_payload) |> IO.inspect(label: "second key stream")

This prints:

first key stream: [234, 161, 252, 151, 105, 193, 201, 104, 152, 154, 123, 125, 181, 84, 253, 171]
second key stream: [234, 161, 252, 151, 105, 193, 201, 104, 152, 154, 123, 125, 181, 84, 253, 171]

Generally, you want to use a mode like CTR with an IV that is sent along with the encrypted result and “never” reused. I put “never” in quotes because most implementations settle for something like a 128-bit cryptographically-random number, which could technically repeat if you collected about 2^64 of them but is close enough to “never” for most purposes.

1 Like
5

Hi al2o3cr You legend! this worked very well, may i ask why there is “\a\a\a\a\a\a\a\a\a\a” after the result?

6

That’s PKCS#7 padding, to make the message length a multiple of the block size. You can strip it by passing encrypt: false, padding: :pkcs_padding instead of just false as the last argument.