CryptoJS AES encryption/decryption JavaScript and command line examples

CryptoJS-AES.md

You can run these commands to encrypt or decrypt a string:

Command

To encrypt:

printf "Lorem ipsum dolor sit amet, ..." | \
  openssl enc -e -base64 -A -pbkdf2 -aes-256-cbc -pass pass:"my-password"

# -e: Encrypt data
# -base64: Perform base64 encoding on the output
# -A: Process base64 data in one line (no line breaks)
# -pbkdf2: Use PBKDF2 (Password-Based Key Derivation Function 2)
# -aes-256-cbc: Use AES algorithm with 256-bit key and CBC mode
# -pass pass:"my-password": Use the password "my-password" for encryption

To decrypt:

printf "U2FsdGVkX1/bn2viH3Y4tAYbV8mPy9Lp58HTvpTDUmRyaUK6a2pSW+O71YU5B+/C" | \
  openssl enc -d -base64 -A -pbkdf2 -aes-256-cbc -pass pass:"my-password"

# -d: Decrypt data
# -base64: Decode base64 encoded data before decryption
# -A: Process base64 data in one line (no line breaks)
# -pbkdf2: Use PBKDF2 (Password-Based Key Derivation Function 2)
# -aes-256-cbc: Use AES algorithm with 256-bit key and CBC mode
# -pass pass:"my-password": Use the password "my-password" for decryption

Note: Be cautious as executing these commands in a shared environment or on a system where others have access can expose sensitive information, such as the plaintext content and password.

Interactive

To encrypt:

echo Text to encrypt:; read STRING; \
printf "Password: "; read -s PASS; \
echo; echo Encrypted:; printf "$STRING" | \
openssl enc -e -base64 -A -pbkdf2 -aes-256-cbc -pass pass:"$PASS"; \
unset STRING PASS

To decrypt:

echo Encrypted text:; read STRING; \
printf "Password: "; read -s PASS; \
echo; echo Decrypted:; printf "$STRING" | \
openssl enc -d -base64 -A -pbkdf2 -aes-256-cbc -pass pass:"$PASS"; \
unset STRING PASS

Browser

You can open console of your browser, copy and run these commands to use CryptoJS:

const CryptoJS = await import('https://cdn.skypack.dev/crypto-js@4.2.0')
const base64Encrypted = 'U2FsdGVkX1/bn2viH3Y4tAYbV8mPy9Lp58HTvpTDUmRyaUK6a2pSW+O71YU5B+/C'
const password = 'my-password'
const cipherParams = CryptoJS.enc.Base64.parse(base64Encrypted)
const salt = CryptoJS.lib.WordArray.create(cipherParams.words.slice(2, 4))
const ciphertext = CryptoJS.lib.WordArray.create(cipherParams.words.slice(4))
const keySize = 256/32
const ivSize = 128/32
const iterations = 10000
const key = CryptoJS.PBKDF2(password, salt, {
  keySize: keySize + ivSize,
  iterations: iterations,
})
const iv = CryptoJS.lib.WordArray.create(key.words.slice(keySize), ivSize * 4)
const actualKey = CryptoJS.lib.WordArray.create(key.words.slice(0, keySize), keySize * 4)
const decrypted = CryptoJS.AES.decrypt({ ciphertext: ciphertext }, actualKey, {
  iv: iv,
  padding: CryptoJS.pad.Pkcs7,
  mode: CryptoJS.mode.CBC,
}).toString(CryptoJS.enc.Utf8)

example.html

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js" integrity="sha512-E8QSvWZ0eCLGk4km3hxSsNmGWbLtSCSUcewDQPQWZF6pEU8GlT8a5fF32wOl1i8ftdMhssTrF/OhyGWwonTcXA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/aes.min.js" integrity="sha512-4b1zfeOuJCy8B/suCMGNcEkMcQkQ+/jQ6HlJIaYVGvg2ZydPvdp7GY0CuRVbNpSxNVFqwTAmls2ftKSkDI9vtA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script>
  var string = 'Lorem ipsum dolor sit amet, ...';
  var password = 'my-password';

  var encrypted = CryptoJS.AES.encrypt(string, password);
  console.log(encrypted.toString());
  // will output something like:
  // U2FsdGVkX1/l/LqNSCQixd0iPv4neKAGZvbQDbYUovZE4OcM7l3ULNDgkZQmrweN

  var decrypted = CryptoJS.AES.decrypt(encrypted, password);
  console.log(decrypted.toString(CryptoJS.enc.Utf8));
  // Lorem ipsum dolor sit amet, ...
</script>

Doesn't seem to work! the cryptojs remote source is even failing.

Also, does it work with: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

@smokeyhallow I have updated the source code.

notice for interactive encryption mode example :
use parameters -a -pbkdf2 enstead of without this parameter, otherwise you will get deprecated key derivation error.

full example for working interactive mode with correct derivation key:

interactive encryption with key derivation paramater

unset -v PASS
unset -v STRING
echo -e "\n\n Text to encrypt:"; read STRING;
echo -e "\n\nPassword: "; read -s PASS; 
echo -e "\n"; echo Encrypted:; 
printf "$STRING" | openssl enc -e -base64 -A -a -pbkdf2 -aes-256-cbc -pass pass:"$PASS"; 
echo -e "\n\n"

interactive decryption with key derivation parameter:

unset -v PASS
unset -v STRING
echo -e "\n\n Encrypted text:"; read STRING; 
echo -e "\n\n Password: "; read -s PASS;
echo -e "\n\nDecrypted:"; 
printf "$STRING" | openssl enc -d -base64 -A -aes-256-cbc -a -pbkdf2  -pass pass:"$PASS"
echo -e "\n\n"