I can't find a nodejs library to decrypt this Salsa20 about encrypt HOT 5 CLOSED

A quick search on NPM: https://www.npmjs.com/search?q=salsa20

Found 5:

• https://www.npmjs.com/package/salsa20
• https://www.npmjs.com/package/js-salsa20
• https://www.npmjs.com/package/node-salsa20
• https://www.npmjs.com/package/natrium
• https://www.npmjs.com/package/@stablelib/salsa20

Have you tried all of them? Or any of them?

from encrypt.

@leocavalcante i had tried the first three, the js-salsa20 seems to be working, but i cannot retrieve a proper string.

code

output

from encrypt.

Got it working here, 3 key points:

1. Use built-in TextEncoder and TextDecoder from Node.js Utils:
   StringDecoder works on Buffers, not the same as Uint8Array and this text-enconding package has been deprecated and no longer maintained.

2. Use a 32-bit length key on Dart-side:
   private!!!!!!!!! will generate a 16 byte long Uint8Array and js-salsa20 sets a minimum of 32 bytes. Just make sure your key is 32 lengtt long on ASCII chars, like: my32lengthsupersecretnooneknows1.

3. The Dart encrypt package outputs a hexadecimal representation of the bytes:
   This is also very important, you're trying to use c5cc91943cf0 as a regular String, but is actually your bytes, but hexdec encoded, a little VanillaJS helper to transform hexstrings into Uint8Array: const hexToBytes = hex => new Uint8Array(hex.match(/.{1,2}/g).map(byte => parseInt(byte, 16))).

Full code on Dart-side:

import 'package:encrypt/encrypt.dart';

void main() {
  final key = 'my32lengthsupersecretnooneknows1';
  final iv = '8bytesiv';
  final plainText = 'Secret';

  final encrypter = new Encrypter(new Salsa20(key, iv));

  final encrypted = encrypter.encrypt(plainText);
  final decrypted = encrypter.decrypt(encrypted);

  print(encrypted);
  print(decrypted);
}

Note it is using a 32 bytes length key, using this new key our Secret gets a different hexadecimal output: 4287bf31150e.
Using this output on the Node.js-side:

const Salsa20 = require('js-salsa20')
const { TextEncoder, TextDecoder } = require('util')

const hexToBytes = hex => new Uint8Array(hex.match(/.{1,2}/g).map(byte => parseInt(byte, 16)))

const encoder = new TextEncoder()
const decoder = new TextDecoder()

const key = encoder.encode('my32lengthsupersecretnooneknows1')
const iv = encoder.encode('8bytesiv')
const encrypted = hexToBytes('4287bf31150e')

const encrypter = new Salsa20(key, iv)
const messageBytes = encrypter.decrypt(encrypted)
const message = decoder.decode(messageBytes)

console.log(message)

Note that const encrypted = hexToBytes('4287bf31150e') isn't using TextEncoder, it is using our little hex-to-uint8array helper.

The console.log(message) output is as expected: Secret.

Let me know if you can reproduce this steps on you side.

from encrypt.

I also like to point out that if you are doing some client-Dart to server-Node.js over HTTP you should favor TLS (SSL/HTTPS) it will encrypt and decrypt things over network for you. Also very important if you Dart code is on client-side note that your key will be also on the client-side, this lib is properly used on Dart for server-side. Never trust sensitive data like keys on client code.

from encrypt.

Thanks a lot! Actually I'm using this lib for my little flutter project, so that I can encrypt the client's credentials and send to my server without being eavesdropped or reverse engineered.

from encrypt.