Is this encryption possible with NodeJS

psweb · September 6, 2022, 11:47pm

Instructions from my payment portal are

The string must be encrypted using AES (block size 128-bit) in CBC mode with PKCS#5 padding. Use the provided password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).

Prepend the ‘@’ sign to the beginning of the encoded result.
To decrypt, ensure you remove the ‘@’ sign before using the same procedure in decryption mode

Does anyone know if this is possible using NodeJS without having to do anything custom?

patrick · September 7, 2022, 8:09am

You will need a custom module for it, it is not possible with the provided actions.

Here the needed NodeJS code for the encrypt and decrypt:

const crypto = require('crypto');

exports.encrypt = function(data, password) {
  const cipher = crypto.createCipheriv('aes-128-cbc', password, password);
  let encrypted = cipher.update(data, 'utf8', 'hex');
  encrypted += cipher.final('hex');
  return '@' + encrypted.toUpperCase();
}

exports.decrypt = function(encrypted, password) {
  const decipher = crypto.createDecipheriv('aes-128-cbc', password, password);
  let decrypted = decipher.update(encrypted.slice(1), 'hex', 'utf8');
  decrypted += decipher.final('utf8');
  return decrypted;
}

psweb · September 7, 2022, 8:10am

Thank you so so much Patrick, wow

patrick · September 7, 2022, 9:58am

I hope I’ve got it all correct, the PKCS#5 padding should normally be the default padding.

psweb · September 7, 2022, 10:45am

I am getting an error at the moment saying this, so not really sure to be honest

{
  "status": "500",
  "code": "ERR_CRYPTO_INVALID_IV",
  "message": "Invalid initialization vector",
  "stack": "TypeError: Invalid initialization vector\n    at Cipheriv.createCipherBase (node:internal/crypto/cipher:116:19)\n    at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:135:3)\n    at new Cipheriv (node:internal/crypto/cipher:243:3)\n    at Object.createCipheriv (node:crypto:138:10)\n    at App.exports.encrypt (/opt/node_app/extensions/server_connect/modules/aes128cbc.js:4:25)\n    at App._exec (/opt/node_app/lib/core/app.js:491:57)\n    at App._exec (/opt/node_app/lib/core/app.js:458:28)\n    at processTicksAndRejections (node:internal/process/task_queues:96:5)\n    at async App.exec (/opt/node_app/lib/core/app.js:427:9)\n    at async App.define (/opt/node_app/lib/core/app.js:417:9)"
}

psweb · September 7, 2022, 10:52am

I assume it is something I am doing though, I have not worked much with custom modules to be honest, so a newbie at it.

I added you code to a file called aes128cbc.js and placed it in the /extensions/server_connect/modules/ folder along with an hjson file called aes128cbc.hjson
This is what I added to the hjson

[
  {
    type: 'crypto',
    module : 'aes128cbc',
    action : 'encrypt',
    groupTitle : 'Custom SagePay Crypto',
    groupIcon : 'fal fa-lg fal fa-barcode comp-data',
    title : 'SagePay Crypto',
    icon : 'fal fa-lg fa-barcode comp-data',
    dataPickObject: true,
    properties : [
      {
        group: 'Crypto options',
        variables: [
          { name: 'name', optionName: 'name', title: 'Name', type: 'text', required: true, defaultValue: 'xxx', help: 'blah'},
          { name: 'data', optionName:'data', title: 'Data', type: 'text', required: true, defaultValue :'', help: 'blah'},
          { name: 'password', optionName:'password', title: 'Password', type: 'password', required: true, defaultValue :'', help: 'blah'},
          { name: 'cryptoOutput', optionName: 'output', title: 'Output', type: 'boolean', defaultValue: false }        
        ]
      }
    ]
  },
]

So I am assuming your code is perfect and I have just done something wrong here.

psweb · September 7, 2022, 11:19am

Just thinking about it @patrick, was your code not more for a formatter rather than a module?

patrick · September 7, 2022, 11:53am

As it is now it would be more like a formatter, when using it as a module you should use a single options argument and have the current arguments as properties on the options object.

About the error you are getting. I’ve checked the requirements for the IV vector and it seems that it must be from a fixed length depending on the algorithm being used. In your case with aes-128 it must be 128 bits, that is 16 bytes. Not sure if the password you are using does match that, does their documentation not have an example on how to use it?

psweb · September 7, 2022, 11:56am

Thanks Patrick, they did provide me with a 16 character password which i used, but got that error.

patrick · September 7, 2022, 12:01pm

I do find it a bit strange that they use the password for the IV vector, since the IV vector should always be random and never the same to be secure.

Try converting the password to a buffer first.

const key = Buffer.from(password, 'utf8');
const cipher = crypto.createCipheriv('aes-128-cbc', key , key);

psweb · September 7, 2022, 12:08pm

Thanks Patrick, it is still giving the same error, let me change this to a formatter rather, and test again, will let you know asap.

psweb · September 7, 2022, 1:26pm

Got it working as a formatter Patrick, with your original code or your slight update, both produce the same result, thank you so much.