I'm working on uploading file encrypted on the client side using Node.js, and I use SJCL (Stanford Javascript Crypto Library) to encrypt the file with Javascript.
But i noticed that the output or the result of the encryption is always different even with the same PassPhrase.
After few research i found that it's because the salt is random each time and i need to do a 'nosalt' (sorry I'm new to everything here cryptographie, Node.js)
How can I change my code (or SJCL code) to generate the exact encrypt output each time when the password is the same.
My app is based on "Cryptloader" project, you can find it here: https://github.com/Kryil/Cryptloader
Encrypt:
var part = file_queue[data["id"]].slice(start, end)
var reader = new FileReader()
reader.onload = function(e)
{
var passwd = document.getElementById("password").value
console.log("Uploading arraybuffer of size " + e.target.result.byteLength)
var i32a = new Int32Array(e.target.result)
var out = i32a.toJSONArray()
console.log("crypting: " + out)
var crypted = sjcl.encrypt(passwd, out)
ws.send(JSON.stringify({
"type": "fileslice",
"data": {"id": data["id"], "slice": slice, "data": crypted}
}))
}
reader.readAsArrayBuffer(part)
Decrypt:
var decrypted = sjcl.decrypt(passwd, data["data"])
file_contents[file]["data"].push(new Int32Array(JSON.parse(decrypted)))
This is irrelevant question, but not all files upload correctly, some of them produce an error, but when i Change Int32Array to either Int16Array or Int8Array, it works for them but produce error for other files, what causes that and how to fix it. The error:
Uncaught RangeError: ArrayBuffer length minus the byteOffset is not a multiple of the element size.
(Chrome Latest version, Win 7)
It's not just the salt that makes the cipher text different each time it's the iv too. But these are both security features that provide semantic security that you really should not disable and also shouldn't need to disable, because the salt and iv can be included with the cipher text there isn't anything keeping you from decryption at a later time by using a random salt or iv.
That said the encrypt function you are using lets you pass your own filled out parameters for the crypto including salt and iv, but to hard-code those to a fixed value (I would like to strongly point out) is not the api intention and an abuse of the api.