使用crypto-js加密密码并通过ajax发送表单(并在java中解密),我得到:类型错误:无法读取未定义的属性“单词

Using crypto-js to encrypt password and send form via ajax (and decrypt in java), I get : TypeError: Cannot read property 'words' of undefined

本文关键字:类型 错误 单词 属性 读取 未定义 解密 密码 crypto-js 加密 ajax      更新时间:2023-09-26

我正在尝试保护我从HTML表单发送到Java Servlet的密码(通过ajax)。我在js中使用crypto-js来加密密码。当代码到达 ajax 调用时,我收到错误:

Uncaught TypeError: Cannot read property 'words' of undefined (aes.js:8)

(我已经确保我发送的密钥不为空)

这是我的代码:

登录.jsp:

<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="css/style.css">
<script src="jquery-1.11.2.min.js"></script>
<script type='text/javascript'>
localStorage.setItem('loggedin', false);
</script>
<script src="login.js"></script>
<script src="http://crypto-    js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/pbkdf2.js"></script>
<script type="text/javascript">
function convertAndSubmit()
{
    var salt = CryptoJS.lib.WordArray.random(128/8);
    var iv = CryptoJS.lib.WordArray.random(128/8);           
    console.log('salt  '+ salt );
    console.log('iv  '+ iv );
    var key128Bits100Iterations = CryptoJS.PBKDF2('1234567890987654', salt,         { keySize: 256/32, iterations: 100 });
    console.log( 'key128Bits100Iterations '+ key128Bits100Iterations);
    var encrypted = CryptoJS.AES.encrypt($("#pwd").val(), key128Bits100Iterations, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7  }).toString();
    checkLogin(encrypted, randkey, salt, iv);
}
    </script>
  </head>
  <body>
<div class="container">
  <div id="login-form">
    <h3>Login</h3>
    <fieldset>
      <form action="javascript:void(0);" method="get" name="login">
        <input type="email" id="email" name="email" required value="Email"      onBlur="if(this.value=='')this.value='Email'" onFocus="if(this.value=='Email')this.value='' ">
        <input type="password" id="pwd" name="pwd" required value="Password" onBlur="if(this.value=='')this.value='Password'" onFocus="if(this.value=='Password')this.value='' "> 
        <input type="submit" value="Login" id="login" onclick="javascript:convertAndSubmit()">
      </form>
    </fieldset>
  </div> <!-- end login-form -->
</div>
<div id="output"></div>
  </body>
</html>

登录.js:

function ajaxLogin(credentials) {
    var retData = null;
    $.ajax({ //this is where the code generates the error
        async: false,
        type: 'GET',
        data: credentials,
        url: "http://localhost:8080/AtlasServices/Login",
        success: function(data) {
            retData = data;
        }
    });
    return retData;
}
function checkLogin(encrypted, key, s, i) {
    var credentials = {
        email: $("#email").val(),
        pass: encrypted,
        key: key,
        salt: s,
        iv: i
    };
    var res = window.ajaxLogin(credentials);
    if (res["userlogged"] !== "true") {
        alert("Failed to log in");
        $("#email").val("");
        $("#pwd").val("");
        localStorage.setItem('loggedin', false);
    } else {
        localStorage.setItem('loggedin', true);
        window.location = "http://localhost:8080/AtlasServices/main.html";
    }
}

我一直在寻找解决方案...真的很喜欢一些帮助,谢谢:)

CryptoJS.lib.WordArray.random(..)创建WordArray对象。

从您的代码: 

var salt = CryptoJS.lib.WordArray.random(128/8);
var iv = CryptoJS.lib.WordArray.random(128/8);

这意味着saltiv是一个对象而不是一个字符串。

您可以记录salt并按编码iv,因为console.log调用toString内部saltiv encodes WordArray

您需要做的就是显式编码这些内容:

checkLogin(encrypted, randkey, salt.toString(), iv.toString());

注意:你得到的错误与JQuery有关;在构建url参数时,JQuery读取所有objectssub-objectsarrays函数等...,当你将WordArray作为对象发送时,jQuery试图调用它的函数来获取url参数的返回值。

在您的情况下,它使用未定义的参数调用 concat 函数,这会导致您得到的错误。您可以通过调用 $.param(salt)(或 iv )简单地重现此错误。

相关文章: