(Node.js) AES 256-bit CBC using PBKDF2 Generated Secret Key

See more Encryption Examples

First generates a 32-byte secret key using PBKDF2 (with HMAC-SHA256), and then uses the secret key to do 256-bit AES CBC mode decryption.

(Duplicates the following Java code)

public String decrypt(String strToDecrypt) {
        try  {
            // Read the initialization vector from the first bytes for the data
            byte [] rawData = Base64.getDecoder().decode(strToDecrypt);
            byte [] iv = new byte[Config.get().encryptionIVLength()];
            byte [] encryptedData = new byte[rawData.length - iv.length];
            System.arraycopy(rawData, 0, iv, 0, iv.length);
            System.arraycopy(rawData, iv.length, encryptedData, 0, encryptedData.length);
 
            IvParameterSpec ivspec = new IvParameterSpec(iv);
 
            SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
            KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
            SecretKey tmp = factory.generateSecret(spec);
            SecretKeySpec secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
 
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
            cipher.init(Cipher.DECRYPT_MODE, secretKey, ivspec);
            return new String(cipher.doFinal(encryptedData));
        }
        catch (Exception e) {
            log.error("Could not decrypt the string.", e);
        }
        return null;
    }

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    var crypt = new chilkat.Crypt2();

    var password = "some arbitrary length password";
    // We have 8 bytes of salt encoded using hex.
    // (The salt can be any number of bytes, in any desired encoding such as base64, hex, etc.)
    var saltHex = "0102030405060708";

    // Generate the 256-bit (32-byte) AES secret key we'll use to decrypt.
    var iterationCount = 65536;
    var outputKeyBitLen = 256;
    var secretKeyHex = crypt.Pbkdf2(password,"utf-8","sha256",saltHex,iterationCount,outputKeyBitLen,"hex");

    // Setup for 256-bit AES CBC decryption.
    crypt.CryptAlgorithm = "aes";
    crypt.KeyLength = 256;
    crypt.CipherMode = "cbc";
    crypt.PaddingScheme = 0;

    // The IV for AES is 16 bytes.
    var iv = "000102030405060708090A0B0C0D0E0F";
    crypt.SetEncodedIV(iv,"hex");

    // Set the secret key for 256-bit AES.
    crypt.SetEncodedKey(secretKeyHex,"hex");

    // AES decrypt
    // assume our string to decrypt is base64
    var strToDecrypt = "....";
    crypt.EncodingMode = "base64";
    var decryptedStr = crypt.DecryptStringENC(strToDecrypt);

    console.log(decryptedStr);

}

chilkatExample();