react-native-aes icon indicating copy to clipboard operation
react-native-aes copied to clipboard

Published 20 hours ago verified publisher icon tectiv3

No conversion of Base64 to Hex

Open nowlkaszick opened this issue 7 years ago • 3 comments

The React encrypt method parameters are requesting a base64 encoded key and IV, however the private encrypt method requires hexadecimal key and IV values - however there is no explicit conversion that is occurring.

React method

@ReactMethod
    public void encrypt(String data, **String keyBase64, String ivBase64**, Promise promise) {
        try {
            // calls private method, that expects hex, with no conversion
            String result = encrypt(data, **keyBase64, ivBase64**);
            promise.resolve(result);
        } catch (Exception e) {
            promise.reject("-1", e.getMessage());
        }
    }

Private method

private static String encrypt(String text, **String hexKey, String hexIv**) throws Exception {
        if (text == null || text.length() == 0) {
            return null;
        }

        byte[] key = Hex.decode(hexKey);
        SecretKey secretKey = new SecretKeySpec(key, KEY_ALGORITHM);

        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey, hexIv == null ? emptyIvSpec : new IvParameterSpec(Hex.decode(hexIv)));
        byte[] encrypted = cipher.doFinal(text.getBytes("UTF-8"));
        return Base64.encodeToString(encrypted, Base64.NO_WRAP);
    }

Passing through base64 values (to the React method) throws an exception that states that hexadecimal values are required. Passing through hexadecimal values (to the React method) works successfully.

I propose that either:

  • The example in the readme, and the parameter names are updated to reflect that these values should be hexadecimal
  • An explicit conversion is added to the react method
  • The parameters in the private method are updated to accept base64, and the conversion is added to the private method (this may impact other code that relies on the private encrypt method)

nowlkaszick avatar Jan 04 '18 23:01 nowlkaszick

I haven't tried it out yet on iOS, but is it possible that iOS expects base64 and Android a Hex string? The iOS sources seems to point towards base64, while Android mentions Hex (and fails with base64, as @nowlkaszick already mentioned).

Also, I'm looping over a file and feed 64KB chunks with the same key/iv into Aes.encrypt, and the results are super weird: The lengths of the returned cyphers vary with every chunk, and they are super short. I end up with a total of around 13 KB worth of encrypted text for a 4 MB file.

@tectiv3 - I saw that you mentioned a few times that you don't have an Android phone. Has this library been tested on an emulator so far? Or do we have to assume that Android isn't production ready so far?

Thanks!

hardcodet avatar Feb 01 '18 23:02 hardcodet

@hardcodet yes, android is definitely isn't production ready!

tectiv3 avatar Feb 01 '18 23:02 tectiv3

Hi, any solution, I tried in android, but dont work, thanks

chernandezq avatar Sep 24 '18 14:09 chernandezq