Closed muety closed 2 years ago
ciphertext
and salt
properties are serialized and deserialized (later, for decryption) using the OpenSSLFormatter
CryptoJS.AES.encrypt
uses OpenSSL's EvpKDF as a key-derivation function to derive both an IV and a key from a random salt (explained here)For encryption:
SubtleCrypto.importKey()
(https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) to derive key material from the password from (1)SubtleCrypto.deriveKey()
(https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey) on the output of (2) to derive an AES encryption key using PBKDF2SubtleCrypto.encrypt()
(https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt) with the key from (3) to actually encrypt the messageFor decryption:
importKey()
and deriveKey()
again, to derive a new AES key from the password, again, using PBKDF2SubtleCrypto.decrypt()
(https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/decrypt) to decrypt the messageIt is safe to store IV and salt alongside the ciphertext:
Why?