Accurate decryption logstash data in Javascript

I used logstash to encrypt my data using the cipher filter.
My logstash.conf file are like so

cipher {
            algorithm => "aes-256-cbc"
            cipher_padding => 1
            mode => "encrypt"
            source => <source _column_name>
            target => <target _column_name>
            iv_random_length => 16
            base64 => true
            max_cipher_reuse => 1
            key => MY_SECRET_KEY
            key_size => 32

This is correct because my encrypted data looks like this in elasticsearch :
<target _column_name> : "+D0VukshqIG72XeOCwp8tCO3K4rqAhVjJ8fbOV4bzZY=",

Now in my project I need to decrypt this in a react app, the solution I found was to use CryptoJS,
here's my code:

import CryptoJS from "crypto-js";
const decrypt = (encryptedText: any) => {

        const iv = CryptoJS.enc.Utf8.parse(encryptedText.slice(0, 16));
        const key = CryptoJS.enc.Utf8.parse(MY_SECRET_KEY);
        const ciphertext: any = CryptoJS.enc.Base64.parse(encryptedText); 
        const encryptedCP = CryptoJS.lib.CipherParams.create({
            ciphertext: ciphertext,
            formatter: CryptoJS.format.OpenSSL

        try {
            const deciphered = CryptoJS.AES.decrypt(encryptedCP, key, { iv: iv, });
            const decryptedText = deciphered.toString(CryptoJS.enc.Latin1);
        } catch (err: any) {

What I don't understand is why does "decryptedText" always return my decrypted data with random characters:

"eÃM‚š¿bb›M˜Kä*t06"

My real data is at the end of the random characters, no matter what kind of data is encrypted, the decryption always return these random characters at the front.
I want the decryption to be more accurate, meaning the decryption process completely removes the random chars, only the real data is left.

I hope anyone has find a way to solve this issue with CryptoJS, because I've been stuck at it for a while now.

I think it is because your decrypted text has characters that cannot be encoded in Latin1, so the replacement character is used.

Thank your for your reply, previously I was encoding it into utf8 which gave me the error "Malformed UTF-8 data" everytime.
Latin1 was the only one that gave me my actual data so that's why I'm opting for it, from what I read from stack overflow, random chars are because the IV is incorrect.
I'm looking further into it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.