Cipher modes, padding schemes, and formatters for customizing encryption behavior and output formats. These configuration options provide fine-grained control over cryptographic operations and compatibility with different systems.
Block cipher modes of operation that determine how plaintext blocks are processed during encryption.
/**
* Cipher Block Chaining mode (default for block ciphers)
* Each plaintext block is XORed with the previous ciphertext block
*/
CryptoJS.mode.CBC
/**
* Cipher Feedback mode
* Turns block cipher into stream cipher
*/
CryptoJS.mode.CFB
/**
* Counter mode
* Turns block cipher into stream cipher using counter
*/
CryptoJS.mode.CTR
/**
* Counter mode (Gladman variant)
* Alternative CTR implementation
*/
CryptoJS.mode.CTRGladman
/**
* Electronic Codebook mode
* Each block encrypted independently (not recommended for most uses)
*/
CryptoJS.mode.ECB
/**
* Output Feedback mode
* Turns block cipher into stream cipher
*/
CryptoJS.mode.OFBUsage Examples:
var CryptoJS = require("crypto-js");
var message = "Hello World";
var key = "secret-key";
var iv = CryptoJS.lib.WordArray.random(128/8);
// CBC mode (default)
var cbcEncrypted = CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CBC,
iv: iv
});
// CTR mode (stream cipher behavior)
var ctrEncrypted = CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CTR,
iv: iv
});
// ECB mode (no IV needed, but less secure)
var ecbEncrypted = CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.ECB
});
console.log("CBC:", cbcEncrypted.toString());
console.log("CTR:", ctrEncrypted.toString());
console.log("ECB:", ecbEncrypted.toString());Padding algorithms used to fill incomplete blocks in block cipher modes.
/**
* PKCS#7 padding (default)
* Pads with bytes whose value equals the padding length
*/
CryptoJS.pad.Pkcs7
/**
* ANSI X.923 padding
* Pads with zeros, last byte indicates padding length
*/
CryptoJS.pad.AnsiX923
/**
* ISO 10126 padding
* Pads with random bytes, last byte indicates padding length
*/
CryptoJS.pad.Iso10126
/**
* ISO/IEC 9797-1 Padding Method 2
* Pads with single 1 bit followed by zeros
*/
CryptoJS.pad.Iso97971
/**
* No padding strategy
* Input must be multiple of block size
*/
CryptoJS.pad.NoPadding
/**
* Zero padding strategy
* Pads with zero bytes
*/
CryptoJS.pad.ZeroPaddingUsage Examples:
var CryptoJS = require("crypto-js");
var message = "Hello World";
var key = "secret-key";
// PKCS#7 padding (default)
var pkcs7Encrypted = CryptoJS.AES.encrypt(message, key, {
padding: CryptoJS.pad.Pkcs7
});
// ANSI X.923 padding
var ansiEncrypted = CryptoJS.AES.encrypt(message, key, {
padding: CryptoJS.pad.AnsiX923
});
// Zero padding
var zeroEncrypted = CryptoJS.AES.encrypt(message, key, {
padding: CryptoJS.pad.ZeroPadding
});
// No padding (requires exact block size)
var blockAligned = "1234567890123456"; // Exactly 16 bytes
var noPadEncrypted = CryptoJS.AES.encrypt(blockAligned, key, {
padding: CryptoJS.pad.NoPadding
});
console.log("PKCS#7:", pkcs7Encrypted.toString());
console.log("ANSI X.923:", ansiEncrypted.toString());
console.log("Zero padding:", zeroEncrypted.toString());
console.log("No padding:", noPadEncrypted.toString());Formatters control how encrypted data is serialized to string format.
/**
* OpenSSL-compatible format (default)
* Produces OpenSSL-compatible output with salt
*/
CryptoJS.format.OpenSSL
/**
* Hexadecimal format
* Outputs only the ciphertext as hexadecimal string
*/
CryptoJS.format.HexUsage Examples:
var CryptoJS = require("crypto-js");
var message = "Hello World";
var key = "secret-key";
// OpenSSL format (default) - includes salt and other metadata
var opensslFormatted = CryptoJS.AES.encrypt(message, key, {
format: CryptoJS.format.OpenSSL
});
// Hex format - only ciphertext as hex
var hexFormatted = CryptoJS.AES.encrypt(message, key, {
format: CryptoJS.format.Hex
});
console.log("OpenSSL format:", opensslFormatted.toString());
console.log("Hex format:", hexFormatted.toString());
// Decrypt with specific format
var decrypted1 = CryptoJS.AES.decrypt(opensslFormatted, key, {
format: CryptoJS.format.OpenSSL
});
var decrypted2 = CryptoJS.AES.decrypt(hexFormatted, key, {
format: CryptoJS.format.Hex
});
console.log("Decrypted 1:", decrypted1.toString(CryptoJS.enc.Utf8));
console.log("Decrypted 2:", decrypted2.toString(CryptoJS.enc.Utf8));var CryptoJS = require("crypto-js");
var message = "Sensitive information";
var password = "strong-password";
// Generate salt and derive key
var salt = CryptoJS.lib.WordArray.random(256/8);
var key = CryptoJS.PBKDF2(password, salt, {
keySize: 256/32,
iterations: 10000
});
// Generate random IV
var iv = CryptoJS.lib.WordArray.random(128/8);
// Encrypt with full configuration
var encrypted = CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
iv: iv,
format: CryptoJS.format.OpenSSL
});
console.log("Encrypted:", encrypted.toString());
console.log("Key:", key.toString());
console.log("Salt:", salt.toString());
console.log("IV:", iv.toString());
// Decrypt with same configuration
var decrypted = CryptoJS.AES.decrypt(encrypted, key, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
iv: iv,
format: CryptoJS.format.OpenSSL
});
console.log("Decrypted:", decrypted.toString(CryptoJS.enc.Utf8));var CryptoJS = require("crypto-js");
// Create custom JSON formatter
var JsonFormatter = {
stringify: function (cipherParams) {
var jsonObj = {
ct: cipherParams.ciphertext.toString(CryptoJS.enc.Base64)
};
if (cipherParams.iv) {
jsonObj.iv = cipherParams.iv.toString();
}
if (cipherParams.salt) {
jsonObj.s = cipherParams.salt.toString();
}
return JSON.stringify(jsonObj);
},
parse: function (jsonStr) {
var jsonObj = JSON.parse(jsonStr);
var cipherParams = CryptoJS.lib.CipherParams.create({
ciphertext: CryptoJS.enc.Base64.parse(jsonObj.ct)
});
if (jsonObj.iv) {
cipherParams.iv = CryptoJS.enc.Hex.parse(jsonObj.iv);
}
if (jsonObj.s) {
cipherParams.salt = CryptoJS.enc.Hex.parse(jsonObj.s);
}
return cipherParams;
}
};
// Usage with custom formatter
var message = "Custom formatted data";
var key = "format-key";
var encrypted = CryptoJS.AES.encrypt(message, key, {
format: JsonFormatter
});
console.log("JSON formatted:", encrypted.toString());
var decrypted = CryptoJS.AES.decrypt(encrypted.toString(), key, {
format: JsonFormatter
});
console.log("Decrypted:", decrypted.toString(CryptoJS.enc.Utf8));var CryptoJS = require("crypto-js");
var message = "Mode-specific encryption";
var key = CryptoJS.lib.WordArray.random(256/8);
// CTR mode configuration
function encryptCTR(message, key) {
var iv = CryptoJS.lib.WordArray.random(128/8);
return {
encrypted: CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CTR,
iv: iv,
padding: CryptoJS.pad.NoPadding // CTR doesn't need padding
}),
iv: iv
};
}
// CFB mode configuration
function encryptCFB(message, key) {
var iv = CryptoJS.lib.WordArray.random(128/8);
return {
encrypted: CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CFB,
iv: iv,
padding: CryptoJS.pad.NoPadding // CFB doesn't need padding
}),
iv: iv
};
}
// ECB mode (no IV needed)
function encryptECB(message, key) {
return {
encrypted: CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7 // ECB needs padding
})
};
}
// Test different modes
var ctrResult = encryptCTR(message, key);
var cfbResult = encryptCFB(message, key);
var ecbResult = encryptECB(message, key);
console.log("CTR:", ctrResult.encrypted.toString());
console.log("CFB:", cfbResult.encrypted.toString());
console.log("ECB:", ecbResult.encrypted.toString());var CryptoJS = require("crypto-js");
// Configuration for OpenSSL compatibility
function opensslCompatibleEncrypt(message, password) {
return CryptoJS.AES.encrypt(message, password, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
format: CryptoJS.format.OpenSSL
});
}
// Configuration for Node.js crypto compatibility
function nodeCryptoCompatible(message, key, iv) {
return CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
iv: iv,
format: CryptoJS.format.Hex
});
}
// Configuration for Java AES/CBC/PKCS5Padding compatibility
function javaCompatible(message, key, iv) {
return CryptoJS.AES.encrypt(message, key, {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7, // PKCS5 is subset of PKCS7
iv: iv
});
}
var message = "Cross-platform data";
var key = CryptoJS.enc.Utf8.parse("1234567890123456"); // 16-byte key
var iv = CryptoJS.enc.Utf8.parse("abcdefghijklmnop"); // 16-byte IV
console.log("OpenSSL:", opensslCompatibleEncrypt(message, "password").toString());
console.log("Node.js:", nodeCryptoCompatible(message, key, iv).toString());
console.log("Java:", javaCompatible(message, key, iv).toString());// Cipher Configuration
CipherConfig {
mode?: Object; // Cipher mode (default: CBC)
padding?: Object; // Padding scheme (default: Pkcs7)
iv?: WordArray; // Initialization vector
format?: Object; // Output formatter (default: OpenSSL)
}
// Mode Interface
CipherMode {
processBlock(words, offset): void; // Process a block of data
createEncryptor(cipher, iv): Object; // Create encryptor
createDecryptor(cipher, iv): Object; // Create decryptor
}
// Padding Interface
PaddingScheme {
pad(data, blockSize): void; // Add padding to data
unpad(data): void; // Remove padding from data
}
// Formatter Interface
CipherParamsFormatter {
stringify(cipherParams): string; // Serialize to string
parse(str): CipherParams; // Parse from string
}
// Cipher Parameters
CipherParams {
ciphertext: WordArray; // Encrypted data
key?: WordArray; // Encryption key
iv?: WordArray; // Initialization vector
salt?: WordArray; // Salt value
algorithm?: Object; // Algorithm reference
mode?: Object; // Cipher mode
padding?: Object; // Padding scheme
blockSize?: number; // Block size in words
formatter?: Object; // Output formatter
toString(formatter?): string; // Serialize to string
}