0

I'm trying to encrypt and then decrypt string using Rijndael with custom key.

Dim obj,arr,i,r,str,enc,utf
dim bytes,bytesd,s,sc,sd
set obj=WScript.CreateObject("System.Security.Cryptography.RijndaelManaged")
Set utf = CreateObject("System.Text.UTF8Encoding")
s="This is a private message"
bytes=utf.GetBytes_4(s)
obj.GenerateKey()
obj.GenerateIV()
set enc=obj.CreateEncryptor()
set dec=obj.CreateDecryptor()

bytec=enc.TransformFinalBlock((bytes),0,lenb(bytes))
sc=utf.GetString((bytec))
msgbox sc

byted=dec.TransformFinalBlock((bytec),0,lenb(bytec))
sd=utf.GetString((byted))
msgbox sd

I rewrote this vbscirpt code, which works perfectly into jscript.

But in my jscript solution, I'm getting an error: "Padding is invalid and cannot be removed." The error is thrown during decryption at line var result = decryptor.TransformFinalBlock(bytes, 0, string.length);.

I don't know what am I doing wrong.

function CRYPTO(key) {

    this.Rijndael = WScript.CreateObject("System.Security.Cryptography.RijndaelManaged");
    this.Unicode = WScript.CreateObject("System.Text.UTF8Encoding");

    var MD5 = WScript.CreateObject("System.Security.Cryptography.MD5CryptoServiceProvider");
    MD5.Initialize();

    var bytes = MD5.ComputeHash_2(this.Unicode.GetBytes_4(key));
    this.Rijndael.Key = bytes; this.Rijndael.IV = bytes;

}
CRYPTO.prototype.encrypt = function(string) {

    var bytes = this.Unicode.GetBytes_4(string);
    var encryptor = this.Rijndael.CreateEncryptor();

    var result = encryptor.TransformFinalBlock(bytes, 0, string.length);

    return this.Unicode.GetString(result);

}
CRYPTO.prototype.decrypt = function(string) {

    var bytes = this.Unicode.GetBytes_4(string);
    var decryptor = this.Rijndael.CreateDecryptor();

    var result = decryptor.TransformFinalBlock(bytes, 0, string.length);

    return this.Unicode.GetString(result);

}

var crypto = new CRYPTO(getMotherboardSerialNumber());

var before = "Hello World!";
WScript.Echo(before);

var after = crypto.encrypt(before);
WScript.Echo(after);

var back = crypto.decrypt(after);
WScript.Echo(back);

function getMotherboardSerialNumber() {
    var WMI = GetObject("winmgmts:\\\\.\\root\\CIMV2");
    var items = new Enumerator(WMI.ExecQuery("Select * from Win32_BaseBoard"));
    return items.item().SerialNumber;
}

Thanks in advance, sorry for my english.

Improve this question
2
  • Why do you need non-standard Rijndael Managed? It was implemented before the Rijndael becomes the AES standard with some differences. Commented Dec 1, 2019 at 20:59
  • Because it works for me, I don't know how to use the base class Rijndael. When I try to locate the class like this it fails var standard = WScript.CreateObject("System.Security.Cryptography.Rijndael"); Commented Dec 1, 2019 at 22:45

1 Answer 1

Reset to default
2

First, these aren't the same code. Your vbscript enc method correctly returns bytes, which you convert to a string only for display. (That's not particularly helpful, but it doesn't hurt anything.)

Your jscript encrypt tries to convert random bytes into a UTF-8 string. That's going to fail most of the time. The vast majority of things that will be returned by Rijndael are not valid UTF-8 sequences.

Get rid of the string encodings, and this will more likely work.

Note that your vbscript asc is actually a UTF-8 encoder, and utf is an ASCII encoder, which is probably a mistake. Also, your jscript does not create an IV, and insecurely generates its key. Both of these significantly reduce the security of this encryption. There should be a random IV for each encryption, as you have in the vbscript, and if you're going to use something like a serial number as the password, you need to pass it through a KDF such as PBKDF2, not a single MD5 hash. See Rfc2898DeriveBytes for the correct tools.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Is there any way I can convert Rijndael sequences into strings, for example when I need them to be written into utf8 encoded file? Also how am I supposed to use Rfc2898DeriveBytes, I don't think that's possible in jscript/vbscript. I tried to locate the class like this var test = WScript.CreateObject("System.Security.Cryptography.Rfc2898DeriveBytes");, but unsuccessfully. Thank you for tips and time anyway.
You will need an encoding that can take an arbitrary set of bytes. The most popular is Base64. Hex-encoding is also popular. You may want to explore github.com/as08/ClassicASP.PasswordHashing I'm not familiar enough with vbscript security libraries to give good advise there; but what you want is a KDF (PBKDF2, scrypt), not a simple cryptographic hash (MD5, SHA).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.