1. 技术文章
  2. How to decrypt data from the result of an IE 11 encrypt operation using AES-GCM

How to decrypt data from the result of an IE 11 encrypt operation using AES-GCM

被刻印的时光 ゝ 提交于 2019-12-21 17:06:34

问题


I've managed to encrypt some data with AES-GCM using IE 11 on Windows 10 but I can't get decryption to work. Example encryption JS code:

let plainText = new Uint8Array([1]);
let key;
let keyBuf = window.msCrypto.getRandomValues(new Uint8Array(32));
let iv = window.msCrypto.getRandomValues(new Uint8Array(12));
let additionalData = window.msCrypto.getRandomValues(new Uint8Array(16));
let encResult;
let importOp = window.msCrypto.subtle.importKey('raw', 
    keyBuf,
    { name: 'AES-GCM' }, 
    false, 
    ['encrypt', 'decrypt']);
importOp.oncomplete = function(e) {
    key = e.target.result;
    let encryptOp = window.msCrypto.subtle.encrypt({
        name: 'AES-GCM',
        iv: iv,
        tagLength: 128,
        additionalData: additionalData
    }, key, plainText);
    encryptOp.oncomplete = function (e) {
        encResult = e.target.result;
    };
};

The resulting item (encResult) is an AesGcmEncryptResult, which has the encrypted value and the tag in 2 different properties. As I understand it, I need to concatenate these and pass them as the cipher text to decrypt, as in:

let cipherText = new Uint8Array(plainText.length + 16); // tagLength / 8
cipherText.set(new Uint8Array(encResult.ciphertext), 0);
cipherText.set(new Uint8Array(encResult.tag), plainText.length);
let decryptOp = window.msCrypto.subtle.decrypt({
    name: 'AES-GCM',
    iv: iv,
    tagLength: 128,
    additionalData: additionalData
}, key, cipherText);

I then wire up oncomplete and onerror and onerror fires. Unfortunately, IE's Event object has nothing to tell me, other than type = "error".

There is very little information on the web on using AES-GCM in IE 11.

Please don't tell me to use a different browser. This all works fine (but differently) with Chrome and Firefox. I'm specifically trying to get this to work in IE 11.

What am I missing?


回答1:


I found this shim that (vaguely) shows that the tag value goes in the algorithm object and the cipher text alone goes in the third argument. E.g.

let decryptOp = window.msCrypto.subtle.decrypt({
    name: 'AES-GCM',
    iv: iv,
    additionalData: additionalData,
    tag: new Uint8Array(encResult.tag)
    }, key, new Uint8Array(encResult.ciphertext));

Why was this so hard to find? Why are there no blog posts about this feature? Why are MS's docs so short on details?



来源:https://stackoverflow.com/questions/41449185/how-to-decrypt-data-from-the-result-of-an-ie-11-encrypt-operation-using-aes-gcm

标签
javascript
encryption
internet-explorer-11
aes-gcm
webcrypto-api
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!