Difference between CryptoJS.enc.Base64.stringify() and normal Base64 encryption

Bobface picture Bobface · Aug 24, 2015 · Viewed 12.3k times · Source

I'm trying to encrypt the following hash to base64:

6bb984727b8c8c8017207e54b63976dc42ea9d24ad33bd5feeaa66869b650096

It's needed to access the API of a website. The website shows an example script in JavaScript using the CryptoJS.enc.Base64.stringify() method to encrypt the hash. The result with this method is

a7mEcnuMjIAXIH5Utjl23ELqnSStM71f7qpmhptlAJY=

However, every online base64 encryption tool I tried gives me the following result:

NmJiOTg0NzI3YjhjOGM4MDE3MjA3ZTU0YjYzOTc2ZGM0MmVhOWQyNGFkMzNiZDVmZWVhYTY2ODY5YjY1MDA5Ng==

I need to create the encoded string in C++. I've also already tried 4 different base64encode implementations (OpenSSL and custom codes), but also there I get the above result and the API always answers my string is not correctly encoded.

So where is the difference, and does somebody know a C++ implementation for CryptoJS.enc.Base64.stringify()?

Answer

Artjom B. picture Artjom B. · Aug 24, 2015

Let's call

a = "6bb984727b8c8c8017207e54b63976dc42ea9d24ad33bd5feeaa66869b650096";
b = "a7mEcnuMjIAXIH5Utjl23ELqnSStM71f7qpmhptlAJY=";
c = "NmJiOTg0NzI3YjhjOGM4MDE3MjA3ZTU0YjYzOTc2ZGM0MmVhOWQyNGFkMzNiZDVmZWVhYTY2ODY5YjY1MDA5Ng==";

Both conversions are correct, but depend on what you actually want.

For example the following two equations hold

toBase64FromBytes(toBytesFromUtf8(a)) == c
toBase64FromBytes(toBytesFromHex(a)) == b

It's a bad idea to trust some kind of online calculator, because they usually don't disclose how they encode stuff, so you will get arbitrary results. If you program it yourself, you get the expected results if you follow the documentation.

I suspect you got a by printing a hash or encryption result to the console like this:

console.log(result.toString()); // a

Most result objects in CryptoJS are WordArray types. When you call the toString() function on such an object, you get a Hex-encoded string of that binary object.

If you print result.toString(CryptoJS.enc.Base64) then you get the Base64-encoded string of the binary result.

If you take a and directly encode it to Base64, then it is probably assumed that a is already a string (e.g. UTF-8 encoded). An online calculator doesn't know that it is Hex-encoded.