Friday, March 28, 2025

OIC - AES encryption and decryption in javascript using CryptoJS

Use Case

A source application sends an AES-encrypted and RSA-signed request to an OIC REST service, including a cipher key, encrypted message, and IV. OIC retrieves the AES key from Vault secrets, decrypts the data using JavaScript, processes it, then encrypts and signs the response before sending it back.

We use JavaScript (CryptoJS) to encrypt and decrypt messages with IV and fetch the AES key from Vault. For signing and verification, we use the Vault RSA sign key.

In today's digital world, encryption is essential for data security. This blog explains how to use CryptoJS for AES-256 encryption/decryption and Vault for secure key management and RSA signing.

Steps to follow:

  1. Download the cryptojs file from https://github.com/ihsmarkitosi/CryptoJS-v3.1.2/blob/master/rollups/aes.js
  2. Use the below mentioned encrypt and decrypt code snippet.
  3. First place step1 cryptojs code and then add step2 code. Test it in Online tool to test javascript: https://onecompiler.com/javascript

Encrypt and decrypt code snippet:

function EncryptAESCBC(plaintext, aesKey, aesIV) {

    var key = CryptoJS.enc.Utf8.parse(aesKey);

    var iv = CryptoJS.enc.Utf8.parse(aesIV);

    // Encrypt the plaintext

    var cipherText = CryptoJS.AES.encrypt(plaintext, key, {

        iv: iv,

        mode: CryptoJS.mode.CBC

        //padding: CryptoJS.pad.NoPadding

    });

    var encryptedString = cipherText.toString();

    return encryptedString;

}


function DecryptAESCBC(cipherText, aesKey, aesIV) {

    // IV is a base64 string

    var key = CryptoJS.enc.Utf8.parse(aesKey);

    var iv = CryptoJS.enc.Utf8.parse(aesIV);

    var cipherBytes = CryptoJS.enc.Base64.parse(cipherText);

    var decrypted = CryptoJS.AES.decrypt({ciphertext: cipherBytes}, key, {

        iv: iv,

        mode: CryptoJS.mode.CBC

        //padding: CryptoJS.pad.Pkcs7

    });

    var decryptedString = decrypted.toString(CryptoJS.enc.Utf8);

    return decryptedString;

}

//console.log(DecryptAESCBC(EncryptAESCBC('YWFhYWFhYWFhYWFhYWFhYQ', 'h3Hv332dw8JYJcdx', 'aDNIdjMzMmR3OEpZSmNkeA=='), 'h3Hv332dw8JYJcdx', 'aDNIdjMzMmR3OEpZSmNkeA=='));

Screenshot:


Note: you can also take below updated google cryptojs (rollups /aes.js file)

https://code.google.com/archive/p/crypto-js/downloads

Used in OIC Integrations:

Encryption common service:

Integration flow:


Configure trigger





Get AES Key from vault secret






Call javascript action




Call sign service for RSA vault








Decryption common service

Integration flow


Configure trigger





Verify service






Throw new fault if varification failed.


Get AES Key from vault secret





Call Javascript



Connection details:





at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Featured Post

OIC - Padding leading zeros to a number field using xslt format-number()

In many payment-related integrations, credit card numbers often arrive as plain numeric strings. For security and compliance—and to meet tar...