byron
Need to decrypt an AES encrypted string that was encrypted in flutter https://pub.dev/packages/encrypt
Hi guys,
I battling to decrypt a string that was encrypted using this
encrypt | Dart package. link in flutter.
AES Encryption
privateKEY = “%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J”
privateINV = “}Lq5Wu~nkr\Vdfm~”
Encrypted string = “rMCS4wiyvQH7nXx6slP6rA==”
Actual massage should be = “Fantastic”
The flutter code to encrypt is
Using this library to encrypt text only.
import 'package:encrypt/encrypt.dart';
import 'package:flutter_dotenv/flutter_dotenv.dart';
class EncryptAESData {
static Encrypted encrypted;
static var decrypted;
static String encryptAES(data) {
final key = Key.fromUtf8(dotenv.env['privateKEY']);
final iv = IV.fromUtf8(dotenv.env['privateINV']);
final encrypter = Encrypter(AES(key));
encrypted = encrypter.encrypt(data, iv: iv);
return encrypted.base64;
}
static decryptAES(data) {
final key = Key.fromUtf8(dotenv.env['privateKEY']);
final iv = IV.fromUtf8(dotenv.env['privateINV']);
final encrypter = Encrypter(AES(key));
String decrypted = "";
if (data != "") {
try {
decrypted = encrypter.decrypt(Encrypted.fromBase64(data), iv: iv);
} catch (exception) {
decrypted = data;
}
}
return decrypted;
}
}
I’m getting nothing back and i suspect the :crypto.crypto_one_time function i’m using is getting the wrong binary arguments
Here is an example of how i’m getting the binary from the string, if thats even what i’m supposed to do
b_password = :crypto.hash(:md5, privateKEY)
Most Liked
al2o3cr
:crypto.hash is definitely digging in the wrong spot.
The post from @ChristopheBelpaire almost has it, but the cipher + mode need to match the defaults that encrypt is using:
- it appears to pick the block size based on the key, so a 32-byte key → AES-256
- the default
AESModeisSIC, also known asCTR
In addition, the given IV has an explicit \ in it, so it needs to be written as \\ inside ".
Putting it all together:
secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
iv = "}Lq5Wu~nkr\\Vdfm~"
payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")
:crypto.crypto_one_time(:aes_256_ctr, secret, iv, payload, false)
# result: "Fantastic\a\a\a\a\a\a\a"
HOWEVER
Using a fixed IV in CTR mode is BAD. Real bad. The original code you posted gets the IV from dotenv, which leads me to believe the same value is used for every encryption.
Reusing an IV for CTR mode means that an attacker that knows ONE plaintext and the corresponding ciphertext can read ANY shorter ciphertext, because the “key stream” is identical for every encryption operation.
A demonstration:
defmodule CompareStream do
def to_bytes(s) do
for <<x::8 <- s>>, do: x
end
def xor(s1, s2) do
[to_bytes(s1), to_bytes(s2)]
|> Enum.zip()
|> Enum.map(fn {b1, b2} -> Bitwise.bxor(b1, b2) end)
end
end
secret = "%8R=&PfC5SXT:pRF2vF[5zCTy}M7CX]J"
iv = "}Lq5Wu~nkr\\Vdfm~"
payload = Base.decode64!("rMCS4wiyvQH7nXx6slP6rA==")
message = :crypto.crypto_one_time(:aes_256_ctr, secret, iv, payload, false)
other_message = "lolwut\a\a\a\a\a\a\a\a\a\a"
other_payload = :crypto.crypto_one_time(:aes_256_ctr, secret, iv, other_message, true)
CompareStream.xor(message, payload) |> IO.inspect(label: "first key stream")
CompareStream.xor(other_message, other_payload) |> IO.inspect(label: "second key stream")
This prints:
first key stream: [234, 161, 252, 151, 105, 193, 201, 104, 152, 154, 123, 125, 181, 84, 253, 171]
second key stream: [234, 161, 252, 151, 105, 193, 201, 104, 152, 154, 123, 125, 181, 84, 253, 171]
Generally, you want to use a mode like CTR with an IV that is sent along with the encrypted result and “never” reused. I put “never” in quotes because most implementations settle for something like a 128-bit cryptographically-random number, which could technically repeat if you collected about 2^64 of them but is close enough to “never” for most purposes.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









