How to use mcrypt in ionic 3?


#1

Dear Friends,

In my application i plan to implement the encryption which is corresponding to the mcrypt in PHP backend. I need a functionality in ionic 3 which gives output as shown in php sample script

<?php
    /* Open the cipher */
    $td = mcrypt_module_open('rijndael-256', '', 'ofb', '');

    /* Create the IV and determine the keysize length, use MCRYPT_RAND
     * on Windows instead */
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
    $ks = mcrypt_enc_get_key_size($td);

    /* Create key */
    $key = substr(md5('very secret key'), 0, $ks);

    /* Intialize encryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Encrypt data */
    $encrypted = mcrypt_generic($td, 'This is very important data joker');
     echo "encrypted value: ".$encrypted;

    /* Terminate encryption handler */
    mcrypt_generic_deinit($td);

    /* Initialize encryption module for decryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Decrypt encrypted string */
    $decrypted = mdecrypt_generic($td, $encrypted);

    /* Terminate decryption handle and close module */
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);

    /* Show string */
    echo trim($decrypted) . "\n";
?>


Is Crypto JS is enough for this ?

please advise with some guidelines

Thanks

Anes


#2

<giant-blink>BACK AWAY FROM THE COMPUTER</giant-blink>

The road to hell is paved with the bones of amateurs who have attempted to build their own encrypted communication protocols. Do not add yours to the pile.

DO NOT use MD5 for anything.
DO NOT burn secrets into your app binary.
DO NOT use any homebrew cryptographic protocol.
DO use HTTPS.
DO use JSON Web Tokens.


#3

Fixed the issue by taking it in another manner…

Done .ts as

import { Component } from '@angular/core';
import { NavController, NavParams } from 'ionic-angular';
import CryptoJS from 'crypto-js';
/**
 * Generated class for the HomePage page.
 *
 * See https://ionicframework.com/docs/components/#navigation for more info on
 * Ionic pages and navigation.
 */

@Component({
  selector: 'page-home',
  templateUrl: 'home.html',
})
export class HomePage {
  key: any;
  iv: any;
  plain_text: string;
  encrypted_text: string;
  constructor(public navCtrl: NavController, public navParams: NavParams) {
    this.key = CryptoJS.enc.Hex.parse("0123456789abcdef0123456789xxxxxx");
    this.iv  = CryptoJS.enc.Hex.parse("yyyyyy9876543210abcdef9876543210");
    this.plain_text = '';

    this.encrypted_text = '';

  }


  encrypt() {
    var text = this.plain_text;
    var encrypted = CryptoJS.AES.encrypt(text, this.key, {
            iv: this.iv  
          });
  this.encrypted_text = encrypted.ciphertext.toString(CryptoJS.enc.Base64);
  console.log("enc text:"+this.encrypted_text);
  alert(this.encrypted_text);
}

  ionViewDidLoad() {
    console.log('ionViewDidLoad HomePage');
    this.plain_text = "parvez.alam";
    this.encrypt();
  }

}

and corresponding php as

<?php 
$key = pack("H*", "0123456789abcdef0123456789xxxxxx");
$iv =  pack("H*", "yyyyyy9876543210abcdef9876543210");

$encrypted = base64_decode("MwOfGGCYPBEpQ0ImKQsgyA=="); //corresponding value of "parvez.alam"

$shown = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encrypted, MCRYPT_MODE_CBC, $iv);

echo "decrypted value is:".$shown;
?>

Thanks friends
Anes


#4

The above post is not a “solution” to anything and should emphatically NOT be emulated by anybody coming across this thread. It displays remarkable irresponsibility and willful ignorance of an extremely important topic. Promoting it to anybody as providing any meaningful degree of security is a gross misrepresentation of reality.