Node application of AES encryption algorithm

Time:2020-9-6

AES

It belongs to symmetric encryption algorithm

Three elements:

  • Secret key
  • fill
  • pattern

Secret key

Symmetric encryption is symmetric because it uses the same secret key to encrypt and decrypt plaintext

AES supports secret keys of three lengths:

  • 128 bit 128 has the best performance
  • 192 bits
  • 256 bit 256 has the highest security and more encryption rounds.

These three different length secret keys have different encryption rounds in the underlying encryption process.

fill

Characteristics of AES encryption group: AES encryption is not to encrypt plaintext into ciphertext, but to split it into independent plaintext blocks, each plaintext block is 128bit.

Suppose that the length of a plaintext block is 192bit. If the plaintext block is split according to one plaintext block per 128bit, the second plaintext block is only 64bit, less than 128bit. In this case, it is necessary to fill the plaintext block with less than 128bit.

Type of filling:
  • NoPadding

Without any padding, the plaintext must be an integer multiple of 128bit

  • PKCS7Padding

Fill in with 0. For those with the end of 0, it is easy to misjudge and decrypt. It is not recommended

  • Zero padding (when the plaintext block is less than 16 bytes, how many less bytes are filled with corresponding numbers. For example, if there are five less, there will be five five. If there are six less, there will be six sixes.)
1, 2, 3, 4, 5, 6, 2, 3, 4, 5, 4, 4, 4, 4, 4, if there are four missing, fill with 4
1,2,3,4,5,6,2,3,4,5,5,5,5 ᦇ, 5, 5, 5 ᦇ, fill in with the number 5
  • AnsiX923
  • Iso10126
  • Iso97971

pattern

The working mode of AES is embodied in the process of encrypting plaintext block into ciphertext block

AES algorithm provides five working modes

  • CBC
  • EBC
  • CTR
  • CFB
  • OFB

The main ideas of the patterns are similar, and there are some differences in the details.

ECB mode:

ECB (electronic codebook book) is the simplest working mode. In this mode, each plaintext fast encryption is completely independent and does not interfere with each other.

advantage:

  • simple
  • It is good for parallel computing

Disadvantages:

  • The same plaintext block is the same plaintext block after encryption, so the security is poor
CBC mode

CBC mode introduces a new concept: initialization vector

The function of IV is similar to “salt adding” in MD5, which aims to prevent the same plaintext from being encrypted into the same ciphertext

In CBC mode, the plaintext block and a value are XOR operated before each plaintext block is encrypted.

IV is the XOR that participates in the first plaintext block as an initialization variable. Each subsequent plaintext block is different from the encrypted ciphertext of its previous plaintext block.

In this way, the encrypted ciphertext of the same plaintext block is obviously different.

advantage:

  • High security

Disadvantages:

  • Unable to parallel computing, performance is inferior to that of ECB
  • The initialization vector IV is introduced to increase the complexity

Encryption process summary:

  • The plaintext is divided into several plaintext blocks according to 128bit
  • Fills the last plaintext block according to the selected padding method
  • Each plaintext block is encrypted into cipher block by AES encryptor and secret key
  • Splicing all ciphertexts is fast and becomes the final ciphertext result

Example:

var CryptoJS = require("Crypto-js");

Function aesencrypto (text, key, IV) {// encryption
    key = CryptoJS.enc.Utf8.parse(key);
    iv = CryptoJS.enc.Utf8.parse(iv);
    var encryptoed =  CryptoJS.AES.encrypt(text, key, {
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    })
    var encryptoed__=CryptoJS.enc.Utf8.parse(encryptoed)
    return encryptoed

}

Function AES decrypto (encrypted, key, IV) {// decryption
    key = CryptoJS.enc.Utf8.parse(key);
    iv = CryptoJS.enc.Utf8.parse(iv);
    var result = CryptoJS.AES.decrypt(encryptoed, key, {
        iv: iv,
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    })
    return result.toString(CryptoJS.enc.Utf8)
}

Var text = "Wo Ai Python"; // plaintext

Var key = "abc123456789"; // secret key

var iv = "hehehehehehe";    // iv

var encryptoed = aesEncrypto(text, key, iv);

console.log(encryptoed.toString());

var decod = aesDecrypto(encryptoed, key, iv);
console.log(decod);