crypto-js npm runkit error.

var CryptoJS = require("crypto-js");

// Encrypt
var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123');

// Decrypt
var bytes  = CryptoJS.AES.decrypt(ciphertext.toString(), 'secret key 123');
var plaintext = bytes.toString(CryptoJS.enc.Utf8);

run.

Error: Native crypto module could not be used to get secure random number.

I'm a member of the Node.js Foundation Ecosystem Security Working Group and we received a report of a vulnerability in this module.

We tried inviting the author by e-mail but received no response so I'm opening this issue and inviting anyone with commit and npm publish rights to collaborate with us on a fix.

Crypto functions that need to reset their cipher a lot (such as CMAC) waste a lot of time repeatedly re-creating the encryptor/decryptor. While not exactly equivalent, re-initing the existing encryptor/decryptor turns out to be sufficient, thanks to the way modes are written to ignore any previous block information if the IV is set.

This change might break custom block cipher modes, but it seems unlikely and would be easy to fix, so IMHO the performance improvement is worth it.

This change is

• Added bower.json file
• Added .npmignore for easier NPM publish, it will prevent unneeded files to sneak in NPM installations
• Modified package.json file (bumped version, added reference to build script, see new README.md section)
• Commented out cleanup after build procedure (files are needed for Bower and NPM)

Unfortunately, NPM publish directly from repository is not yet possible:

require('crypto-js/build/crypto-js/lib-uncompressed/aes')

is very ugly and I don't want to break backward compatibility with existing installations. So far I haven't found a way to explain NPM/Node to look for crypto-js/whatever not in root folder of package, but somewhere else.

So for now NPM publish procedure will stay the same, unless I'll find a way to leave files in sub-folders and refer to them as before. Bower requires only pre-build and can be published without extra efforts.

In order to register Bower package please do:

bower register crypto-js git://github.com/evanvosberg/crypto-js.git

So far package name crypto-js is not taken yet, so be quick :)

What could be done after this is to make the following structure (I can't make builder to produce this kind of output):

• crypto-js
• build
  • components
  • rollupds
• lib note that this folder will now contain uncompressed files
  • ...nodejs/amd stuff, point package.json's main property to index file there
• lib-compressed
  • ...nodejs/amd stuff
• src
  • ...raw files

This will require users of previous NPM package to update their references from require('crypto-js/whatever') to require('crypto-js/lib/whatever') but it seems that this is a wide-spread practice to put stuff into lib.

I got

Unable to resolve module `crypto` from `node_modules/crypto-js/core.js`: crypto could not be found within the project.

when updated from 3.2.0 to 3.2.1

crypto-js use version @4.0.0

My project is reactnative，I'm just do...

1. npm install —-save crypto-js

2. import MD5 from 'crypto-js/md5'

And then,Is an error，The following information：

error: bundling failed: Error: Unable to resolve module crypto from node_modules/crypto-js/core.js: crypto could not be found within the project.

Please tell me what I should do，，Thank you very mucha

Hi guys, I am wondering why this not work after @[email protected] and @types/[email protected] upgrade:

return CryptoJS.AES.decrypt(textToDecrypt, SECRET_KEY.trim()).toString(CryptoJS.enc.Utf8);

Could you tell me how to make it work after the library update?

This makes a big improvement to performance throughout, since so many operations pass through extend and JITs get upset when a prototype is repeatedly (re)set.

The caveat is that Object.create is not supported in IE8 and earlier. I didn't see any formal statement of what browsers crypto-js aims to be compatible with so hopefully that's all right.

(@evanvosberg, I needed to get the crypto running faster in my app, so I spent a solid day profiling and optimizing. More PRs coming up.)

This change is

Hi,

I installed crypro js and was trying to do AES encrypt as follows.

var userAES = CryptoJS.AES.encrypt(JSON.stringify(info.user), 'thisisakey');

But it says "Unhandled rejection TypeError: Converting circular structure to JSON"

The NPM source is uglified, which makes it difficult to debug errors when using it.

I think it's best to not uglify the package, and people interested in doing so for browser usage can then run it through browserify and uglify when needed.

This is related to https://github.com/bitcoinjs/bitcoinjs-lib/pull/57

I'm trying to get CryptoJS to do the same as this from the "crypto" library...

const what = timestamp + method.toUpperCase() + path + body;
const key = Buffer.from(auth.secret, 'base64');
const hmac = crypto.createHmac('sha256', key);
const signature = hmac.update(what).digest('base64');

This is what I have...

const what = `${timestamp}${method}${path}${body}`;
const hmac = CryptoJS.HmacSHA512(what, secret).toString();
const wordArray = CryptoJS.enc.Utf8.parse(signed);
const signature = CryptoJS.enc.Base64.stringify(wordArray);

I'm sure it is something small but I can't seem to get it working.

Is someone able to help?

I used yarn add crypto-js to install and it's the latest version 4.1.1. However, no matter it's import CryptoJS from "crypto-js" or const CryptoJS = require("crypto-js"), I just couldn't use CryptoJS.enc, CryptoJS.AES and anything else, and WebStorm always tells me something like unresolved variable enc. I don't understand why I meet this problem since everything is right with my other imports or requires.

Hi everyone!

I have implemented the crypto-Js in my application for local storage encryption and decryption. It works fine.

Problem: : While refreshing, the page goes black and the console throws the error below:

TypeError: Cannot read properties of undefined (reading 'words')
    at Object._doReset (aes.js:103:1)
    at Object.reset (cipher-core.js:119:1)
    at Object.reset (cipher-core.js:461:1)
    at Object.init (cipher-core.js:104:1)
    at subtype.init (core.js:149:1)
    at subtype.init (core.js:149:1)
    at subtype.init (core.js:149:1)
    at Object.create (core.js:176:1)
    at Object.createDecryptor (cipher-core.js:81:1)
    at Object.decrypt (cipher-core.js:728:1)

NOTE : If i clear the local storage and try agian it works.But whenever i refresh the page this error occures and page goes blank.

I would like to show you the encryption and decryption function that i have used as below:

................... imports .............
import * as CryptoJs from 'crypto-js';

let key: string;

const SECURE_DATA = {
  encrypt: (state: string) => CryptoJs.AES.encrypt(state, key).toString(),
  decrypt: (state: string) => CryptoJs.AES.decrypt(state, key).toString(CryptoJs.enc.Utf8),
};

const STORE_KEYS_TO_PERSIST = [
  { auth: SECURE_DATA },
 ...

];

export interface StoreState {
  auth: User;
....

}

export const reducers: ActionReducerMap<StoreState> = {
  auth: authReducer,
....
};

export function localStorageSyncReducer(
  reducer: ActionReducer<StoreState>
): ActionReducer<StoreState> {
  return localStorageSync({
    keys: STORE_KEYS_TO_PERSIST,
    rehydrate: true,
    syncCondition(state) {
      key = state.auth.token;
      return true;
    },
  })(reducer);
}

export function clearState(reducer) {
  return function (state, action) {
    if (action.type === ActionTypes.LOG_OUT) {
      state = undefined;
    }
    return reducer(state, action);
  };
}

export const metaReducers: Array<MetaReducer<StoreState, Action>> = [
  localStorageSyncReducer,
  clearState,
];

CryptoJS throws error when we pass AES key as WordArray. Here is a sample code to get this error.

const CryptoJS = require("crypto-js");

const data = JSON.stringify({ name: "John Doe" });
const key = CryptoJS.enc.Utf8.parse("Example");

const encrypted = CryptoJS.AES.encrypt(data, key);
const decrypted = CryptoJS.AES.decrypt(encrypted, key);

const decryptedString = decrypted.toString(CryptoJS.enc.Utf8);
const decoded = JSON.parse(decryptedString);
console.log(decoded);

And this is what I get

/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:371
                        words[offset + i] ^= block[i];
                                                  ^

TypeError: Cannot read properties of undefined (reading '0')
    at Object.xorBlock (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:371:44)
    at Object.processBlock (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:314:27)
    at Object._doProcessBlock (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:486:25)
    at Object._process (/Users/alex/Desktop/scripts/node_modules/crypto-js/core.js:632:27)
    at Object._doFinalize (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:501:46)
    at Object.finalize (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:163:44)
    at Object.encrypt (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:685:41)
    at Object.encrypt (/Users/alex/Desktop/scripts/node_modules/crypto-js/cipher-core.js:201:59)
    at Object.<anonymous> (/Users/alex/Desktop/scripts/decrypt.js:6:32)
    at Module._compile (node:internal/modules/cjs/loader:1159:14)

Node.js v18.12.0

The simple solution would be to pass key as a string, but in the project I'm working on we can only decrypt when we pass key as CryptoJS.enc.Utf8.parse().

Hi, I am developing a chrome extension with crypto capabilities like aes256, sha256, and some assymetric encryption techniques. Is it possible to use crypto-js in chrome extension. If so can anyone please guide how to import the functions like SHA256 or AES?

There are some data that have been encrypted using CryptoJS v3.1.2 in a Chrome extension, that need to be decrypted once (no encrypting) in an upgrade.

• I would like to import them as standard JavaScript module
• I would like to decrypt with minimal amount of code possible

The decryption process is:

CryptoJS.AES.decrypt(item, key).toString(CryptoJS.enc.Utf8)