encrypt/decrypt between javascript and postgresql.

On 3/11/20 5:46 PM, AC Gomez wrote:

I'm trying to encrypt/decrypt between javascript and postgresql.

I'm using this:
https://gist.github.com/vlucas/2bd40f62d20c1d49237a109d491974eb algorithm to
encrypt my text, and then in PostgreSQL I use PGCRYPTO.decrypt_iv to
decrypt the text.

I pass in 'ThisISMySign' to the Encrypt function.

Encrypted string returned from
above: "fc9a03cbc8a57d4061570575f197c29c:a319a4bf354516f392ba96a895478af6"

A quick walk through the JS code found:

...

let decipher = crypto.createDecipheriv('aes-256-cbc',
Buffer.from(ENCRYPTION_KEY), iv);

let decrypted = decipher.update(encryptedText);

decrypted = Buffer.concat([decrypted, decipher.final()]);

return decrypted.toString();

where

const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;

Pretty sure the below does not have access to the above.

I have to remove the colon to get something out...and so this:

select
decrypt_iv(decode('fc9a03cbc8a57d4061570575f197c29ca319a4bf354516f392ba96a895478af6','hex')::bytea,
'sKCx49VgtHZ59bJOTLcU0Gr06ogUnDJi'::bytea, 'null'::bytea,
'aes-cbc/pad:pkcs');

Gives me this: 6 á¶ðÒÿÆÛÏBSïÅThisISMySign

In my instance(12.1) I get:

decrypt_iv
------------------------------------------------------------
\x36df9ec98ff4ad80b9a4b0425390baed5468697349534d795369676e

"ThisISMySign" was the original string. So I'm getting the right result
in half of the decrypted string.

The paremeter after the key, 3rd parameter, it can be any string. That
just changes the first part of the output, the garbage part.

In decrypt_iv I tried using the encryption algorithm name in the
javascript used to encrypt, but that gets me nowhere.

I cannot see what i'm missing here.

Thanks

--
Adrian Klaver
adrian.klaver@aklaver.com