ECIES: encrypt in Javascript and decrypt in Java/Kotlin

Question

I am using eccrypto library in javascript for encryption using the ECIES algorithm (curve- secp256k1). The cipher generated by encryption in JS code could not be decrypted in Kotlin.

Here is the Javascript code.

var eccrypto = require("eccrypto");

eccrypto.encrypt(publicKeyA, Buffer.from("Sic Mundus Creatus Est")).then(function(encrypted) {
  val ciphertext = encrypted.ciphertext
  //the hex encoded ciphertext is then sent to the server
}

Here is the decryption code for kotlin

val cipherBytes = DatatypeConverter.parseHexBinary(ciphertext)
val cipher: Cipher = Cipher.getInstance("ECIES", "BC") 
cipher.init(Cipher.DECRYPT_MODE, privateKeyA)
print( cipher.doFinal(cipherBytes) )

With this code for decryption, I get an Bad Block Exception.

However, if I just do encryption and decryption using Java, there is no problem. Also, encryption and decryption both in Javascript also work fine.

Is there anything I am missing?

Try encrypting something in both Environment and see if the values match — PLASMA chicken, Aug 26 '20 at 10:30
Encryption and decryption cycle works fine if both operations are done either in Javascript or Kotlin only. However, encryption in one could not be decrypted by the other. — paradox, Aug 26 '20 at 10:38
Encrypting the same message using the same public key in both environment gives different cipher messages. — paradox, Aug 26 '20 at 10:38
Please provide a full example along with key generation, key transport/encoding steps and keys. — Artjom B., Aug 26 '20 at 18:11

score 2 · Accepted Answer · answered Aug 27 '20 at 07:52

I found the solution (or say figured out the actual issue). Hope it helps future devs:

The mismatch in encryption/decryption between javascript and java implementation is because those implementations are using different parameters of the hash algorithm and AES encryption.

ECIES implementation in Java using BouncyCastle has a crappy implementation. It uses AES with 128 bits, does not use a secure hash algorithm, no robust check for MAC, and has very little test cases.

As a workaround, I now use a custom written ECIES implementation for Java which uses SHA-512 for the hash, AES encryption (using 256 bits key and AES/CBC/PKCS7Padding mode). This new implementation is what eccrypto javascript library engine uses under the hood. Now, they work fine!

I'm glad you found a solution. Can you kindly share 'custom written' ECIES implementation ? — Michael Fehr, Aug 27 '20 at 07:58

score 0 · Answer 2 · edited Aug 27 '20 at 18:32

Your comment 'Encrypting the same message using the same public key in both environment gives different cipher messages' does not prove a difference between values. I encrypted 10 times the same message '123' with my public key and got 10 times a different encrypted value.

This is due to a random element in the (internal) encryption function:

ciphertext: 0444a9e31cf1f8f7cabcf2a6562622ce2ee1c38bcdf9938fa48401b34fbeae7ea70c9ad1bd16343a3632ef9011ba6081a7df47ed2ca9904bf0f97febdd18f1b5da9315f744a68c87deee353b481cfbe90a49462403550e3a
ciphertext: 04e1970f415cccb62dc61de534bd61ce9627e9b0e857f6270c20b202f3e62a789979d7c9ca893d85f65f00f5462a29cb986764e34fefb8f5c5ce8f0e9700ddf777b616539ec4e860bad4cac04f8cd3b29c61513cb68a1c9b
ciphertext: 04b07bfbfa53e17446ac8ebaf6af53056274ff4e104bfe26da6176aab390d521429971c151f31a1af4b0240703d4b75a81136b22695798b1ad1cf272e842f5e60ba931972e6868ca54301ec6585ff503cfab76f69ad3beb0
ciphertext: 041d90bcfa34af06559c5f482d06a684492001bb3bd52dc2e9f2eb31cd2de27e595fad3178c0f65d3cd160e0444ae6d9cbfbd2a1e12e21525057d79b8ea24fed572426e3fdeba4a298c17fc481acb66db7b0c8f1d0d0701d
ciphertext: 04a440a994dc0a5f712b1190e1dc0bfff15c053e4a03dc3c74c0cfc965a2da5ed6d668a52b4ae1e320b5ed068fc338e2076f2bc68f156fb79d67daf74ab21c4036a23bebcca007417d5c8ed486750dd37b3f495de92312aa
ciphertext: 04033bfaa2fb90c667ca25e77abba6cdc8e6c601ebb5bf836456c810abe54a4d426b3e52477a8b97f1115905d0babbdda572d9294532d7eda032f6fc98a588c77b00b7bebfe1fe1f4319f3aa0b1776c6da02d9f24baa98c2
ciphertext: 047a1aa7e82084af63cdf76ad0bdd21865d38fdee7fa8902dbf5c0e4840c7209c9cb249698802313c83d22fc8e18b376012888ee0878d4e8c186c241b648180613b1ee460bf9eef5c9a6fab15541ae4bc16dd9f98a10c940
ciphertext: 04dbababe30bd8013bd74f846ed2f1bd818e5b826b59b9b6c6336a62e2e373e82e7f80d2a2fbc3094435e61a53325aba6585047af6bfa593260afc6e5ee737783a8dbbc60d3f99277eea95ed2671d2a81d369602388b7cb0
ciphertext: 04eb52c8d946bfd1d84b27858f78d174bf77509058d10d6bfe11ee5f6553b1c571b3c9c7389b08e596735342584c2be43f5ef4e6952d3db7b5239d00b2c7d22f1ca9e588a8f6dc5c8274d97d18999c4a88702d12b9d56ea6
ciphertext: 04808530ee927d5445a1e8f7a06b6bd8c1457cbf89ea6a75e2a28fd8899e06e8ccc5fab8b45536610a79a50ebf3ca1ed5fafb782fe483165fdc483c7e2e3c3724409d539cdbf586f090b783647d791f33ddfa8e2ba29e328

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - [From Review](/review/low-quality-posts/27033231) — Daniel Manta, Aug 27 '20 at 14:36
@derloopkat: My answer was nether a critique nor request for clarification. The author was wondering in a comment 'Encrypting the same message using the same public key in both environment gives different cipher messages' and I wanted to show him that using this kind of encryption it is normal that you receive different ciphertext even using the same program and environment. — Michael Fehr, Aug 27 '20 at 14:43
Sorry, this text was not written by me. It's the template From Review. — Daniel Manta, Aug 27 '20 at 15:57

ECIES: encrypt in Javascript and decrypt in Java/Kotlin

2 Answers2