Leigh-/EncryptCFDecryptNodeJS.txt

## EncryptCFDecryptNodeJS.txt
/*
   Encrypt in ColdFusion

   Summary
   1. Generate a cryptographically random key with GenerateSecretKey(). Do *not* use a self generated
      password, which is less secure.
   2. Generate a random IV (initialization vector)][2] and decode into binary.
   3. Encrypt the plain text with AES/CBC/PKCS5Padding
*/

<cfscript>
	// Plain text to encrypt
	plainText = 'This is a plain text string';
	// Secure key produced by generateSecretKey("AES")
	base64Key = "WTq8zYcZfaWVvMncigHqwQ==";
	// Use appropriate method to decode into binary: charsetDecode, binaryDecode, etcetera
	// Important: IV values should be randomized
	binaryIV = binaryDecode("a5e72a3a083a908f32c45f3c7e3143ae", "hex");
	encryptedText = encrypt(plainText, base64Key, "AES/CBC/PKCS5Padding", "hex", binaryIV);

        // Expected result: "39EE0FE0EF686D6619BA8D55D4FC57C2AB35DDE7E692AD051F900906B0E53317"
	writeOutput( encryptedText );
</cfscript>

/*
   Decrypt in Node.js

   Summary
   1. Decrypt key string into binary. Use the appropriate encoding parameter to ensure the string is decoded correctly.
   2. Decrypt IV into binary, with the appropriate encoding parameter
   3. Decrypt encrypted string into binary, with the appropriate encoding parameter
   4. Decrypt the binary using cipher.createDecipheriv(algoirthm, key, iv)
   5. Convert the decrypted binary into a human readable string
*/

var Crypto = require('crypto');
// Decode key string from base64 into binary
var key = new Buffer('WTq8zYcZfaWVvMncigHqwQ==', 'base64');
// Decode iv string from hex into binary
var iv = new Buffer('a5e72a3a083a908f32c45f3c7e3143ae', 'hex');
// Decode encrypted string into binary
var encrypted = new Buffer('39EE0FE0EF686D6619BA8D55D4FC57C2AB35DDE7E692AD051F900906B0E53317', 'hex');
// Decrypt binary value
var decipher = Crypto.createDecipheriv('aes-128-cbc', key, iv);
var decrypted = decipher.update(encrypted);
// Encode decrypted binary as UTF-8
var clearText = Buffer.concat([decrypted, decipher.final()]).toString('utf8');

console.log(clearText);
	/*
	Encrypt in ColdFusion

	Summary
	1. Generate a cryptographically random key with GenerateSecretKey(). Do not use a self generated
	password, which is less secure.
	2. Generate a random IV (initialization vector)][2] and decode into binary.
	3. Encrypt the plain text with AES/CBC/PKCS5Padding
	*/

	<cfscript>
	// Plain text to encrypt
	plainText = 'This is a plain text string';
	// Secure key produced by generateSecretKey("AES")
	base64Key = "WTq8zYcZfaWVvMncigHqwQ==";
	// Use appropriate method to decode into binary: charsetDecode, binaryDecode, etcetera
	// Important: IV values should be randomized
	binaryIV = binaryDecode("a5e72a3a083a908f32c45f3c7e3143ae", "hex");
	encryptedText = encrypt(plainText, base64Key, "AES/CBC/PKCS5Padding", "hex", binaryIV);

	// Expected result: "39EE0FE0EF686D6619BA8D55D4FC57C2AB35DDE7E692AD051F900906B0E53317"
	writeOutput( encryptedText );
	</cfscript>

	/*
	Decrypt in Node.js

	Summary
	1. Decrypt key string into binary. Use the appropriate encoding parameter to ensure the string is decoded correctly.
	2. Decrypt IV into binary, with the appropriate encoding parameter
	3. Decrypt encrypted string into binary, with the appropriate encoding parameter
	4. Decrypt the binary using cipher.createDecipheriv(algoirthm, key, iv)
	5. Convert the decrypted binary into a human readable string
	*/

	var Crypto = require('crypto');
	// Decode key string from base64 into binary
	var key = new Buffer('WTq8zYcZfaWVvMncigHqwQ==', 'base64');
	// Decode iv string from hex into binary
	var iv = new Buffer('a5e72a3a083a908f32c45f3c7e3143ae', 'hex');
	// Decode encrypted string into binary
	var encrypted = new Buffer('39EE0FE0EF686D6619BA8D55D4FC57C2AB35DDE7E692AD051F900906B0E53317', 'hex');
	// Decrypt binary value
	var decipher = Crypto.createDecipheriv('aes-128-cbc', key, iv);
	var decrypted = decipher.update(encrypted);
	// Encode decrypted binary as UTF-8
	var clearText = Buffer.concat([decrypted, decipher.final()]).toString('utf8');

	console.log(clearText);