I am using CryptoJS in my angular app to implement AES encryption but I am keep getting TypeError: Cannot read property '0' of undefined error when I try to send empty 16 byte array in IV

Here's my typescript code:

aesEncrypt(keys: string, value: string) { // encrypt api request parameter with aes secretkey

    var key = CryptoJS.enc.Utf8.parse(keys);
    //var iv = CryptoJS.enc.Utf8.parse(keys);
    var iv = new Uint16Array(16);
    var encrypted = CryptoJS.AES.encrypt(JSON.stringify(value), key,
        {
            //keySize: 256,
            keySize: 128,
            iv: iv,
            mode: CryptoJS.mode.CBC,
            padding: CryptoJS.pad.Pkcs7,
        });

    return encrypted.toString();
}

But same thing works fine in .NET, android, ios when I send empty 16 byte array in IV

.NET code:

private static AesCryptoServiceProvider AesCryptoServiceProvider(string key)
{
    AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
    aes.KeySize = 128;
    aes.BlockSize = 128;
    aes.Mode = CipherMode.CBC;
    aes.Padding = PaddingMode.PKCS7;
    aes.Key = Encoding.UTF8.GetBytes(key);
    //aes.IV = Encoding.UTF8.GetBytes(key);
    aes.IV = new byte[16];
    return aes;
}

android code:

public static String encryptURLEncoding(byte[] key, String encryption) throws GeneralSecurityException 
{
    if (key.length != 16) 
    {
        throw new IllegalArgumentException("Invalid key size.");
    }

    // Setup AES tool.

    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[16]));
    byte[] dstBuff = cipher.doFinal(encryption.getBytes());
    String encryptedStringData = android.util.Base64.encodeToString(dstBuff, android.util.Base64.DEFAULT);
    return encryptedStringData;
}

I want to implement AES encrypt decrypt by providing empty 16 byte array because this app is interconnected with my other apps which are on android, ios platform with same encryption setup but I am getting error in my angular app, How can I resolve this issue?

I am using CryptoJS in my angular app to implement AES encryption but I am keep getting TypeError: Cannot read property '0' of undefined error when I try to send empty 16 byte array in IV

Here's my typescript code:

aesEncrypt(keys: string, value: string) { // encrypt api request parameter with aes secretkey

    var key = CryptoJS.enc.Utf8.parse(keys);
    //var iv = CryptoJS.enc.Utf8.parse(keys);
    var iv = new Uint16Array(16);
    var encrypted = CryptoJS.AES.encrypt(JSON.stringify(value), key,
        {
            //keySize: 256,
            keySize: 128,
            iv: iv,
            mode: CryptoJS.mode.CBC,
            padding: CryptoJS.pad.Pkcs7,
        });

    return encrypted.toString();
}

But same thing works fine in .NET, android, ios when I send empty 16 byte array in IV

.NET code:

private static AesCryptoServiceProvider AesCryptoServiceProvider(string key)
{
    AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
    aes.KeySize = 128;
    aes.BlockSize = 128;
    aes.Mode = CipherMode.CBC;
    aes.Padding = PaddingMode.PKCS7;
    aes.Key = Encoding.UTF8.GetBytes(key);
    //aes.IV = Encoding.UTF8.GetBytes(key);
    aes.IV = new byte[16];
    return aes;
}

android code:

public static String encryptURLEncoding(byte[] key, String encryption) throws GeneralSecurityException 
{
    if (key.length != 16) 
    {
        throw new IllegalArgumentException("Invalid key size.");
    }

    // Setup AES tool.

    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[16]));
    byte[] dstBuff = cipher.doFinal(encryption.getBytes());
    String encryptedStringData = android.util.Base64.encodeToString(dstBuff, android.util.Base64.DEFAULT);
    return encryptedStringData;
}

I want to implement AES encrypt decrypt by providing empty 16 byte array because this app is interconnected with my other apps which are on android, ios platform with same encryption setup but I am getting error in my angular app, How can I resolve this issue?

• javascript
• arrays
• typescript
• aes
• cryptojs

Share Improve this question Follow edited Jun 23, 2020 at 6:26 Shreyas Pednekar asked Jun 23, 2020 at 6:18 Shreyas PednekarShreyas Pednekar 1,30588 gold badges3333 silver badges5454 bronze badges 8

• 1 In the JavaScript code the IV must be passed as WordArray. In C# code, a 0-IV is used (a byte[] with 16 0-values). The corresponding WordArray would be e.g. var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000"); – Topaco Commented Jun 23, 2020 at 6:41
• @Topaco I need to pass 16 0 in WordArray for 16 byte array? – Shreyas Pednekar Commented Jun 23, 2020 at 6:45
• 1 Because of the Hex encoder used the IV is encoded as hex string, i.e. 32 zeros denote 16 zero bytes. – Topaco Commented Jun 23, 2020 at 6:50
• 1 Furthermore CryptoJS does not know the parameter keySize. The used AES variant is determined by the key size, e.g. for a 32 bytes key AES-256 is used. – Topaco Commented Jun 23, 2020 at 6:51
• @Topaco Thank you so much for your information. The error is gone, now it's working fine in angular and api, now I need to cross verify with other apps on android and ios – Shreyas Pednekar Commented Jun 23, 2020 at 7:09

 |  Show 3 more ments

4 Answers 4

Sorted by: Reset to default 2

In the JavaScript code the IV must be passed as WordArray. Since a 0-IV was used in the C# code, this must also be done in the JavaScript code. The corresponding WordArray could be e.g.

var iv = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");

Note that the Hex encoder is used so that the 16 bytes 0-IV correspond to 32 0-values.

Also be aware that generally a 0-IV should only be used for testing purposes. In practice, for security reasons, a random IV has to be generated for each encryption. Additionally, a key / IV pair may only be used once.

Furthermore CryptoJS does not know the parameter keySize and ignores it. The used AES variant is determined by the key size, e.g. for a 32 bytes key AES-256 is applied, here.

For those who faced a similar error in typescript for encrypting a string, you just need to import the package this way

import * as Crypto from 'crypto-js';

I faced the same problem. Including the iv option solved it.

var iv = CryptoJS.enc.Hex.parse("101112131415161718191a1b1c1d1e1f"); var ciphertext = CryptoJS.AES.encrypt("msg", CryptoJS.enc.Hex.parse("000102030405060708090a0b0c0d0e0f"),{ iv: iv, mode: CryptoJS.mode.CTR, padding: CryptoJS.pad.AnsiX923 });

I have faced the same problems. When I need to use AES.encrypt with hexed key, I always need to pass iv, If I use string key, iv is not needed due to the iv is infered from the string key as password.

See also https://github./brix/crypto-js/issues/439#issuement-2172055554.