Why doesn't Googles Javascript code for AES Encryption work in this code?

Question

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script>
var toEncMes = "This is a secret message.";
var secPas = "myPassword";
var encrypted = CryptoJS.AES.encrypt(toEncMes, secPas);

alert (encrypted);
var decrypted = CryptoJS.AES.decrypt(encrypted, secPas);
alert (decrypted);
</script>

I probably just don't understand the concept but I have no idea.

The end result from my code is still just a jumbled mess when I display decrypted result.

I found this here: https://code.google.com/p/crypto-js/

The original entry looks like this:

The Advanced Encryption Standard (AES) is a U.S. Federal Information Processing Standard (FIPS). It was selected after a 5-year process where 15 competing designs were evaluated.

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js">    </script>
<script>
    var encrypted = CryptoJS.AES.encrypt("Message", "Secret Passphrase");

    var decrypted = CryptoJS.AES.decrypt(encrypted, "Secret Passphrase");
</script>

CryptoJS supports AES-128, AES-192, and AES-256. It will pick the variant by the size of the key you pass in. If you use a passphrase, then it will generate a 256-bit key.

Answer 1

You are alerting the raw decrypted object - the default encoding for such is hex. It needs to be converted to a string using the appropriate human-readable encoding:

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script>
var toEncMes = "This is a secret message.";
var secPas = "myPassword";
var encrypted = CryptoJS.AES.encrypt(toEncMes, secPas);

alert (encrypted);
var decrypted = CryptoJS.AES.decrypt(encrypted, secPas);
alert (decrypted.toString(CryptoJS.enc.Utf8)); // <---- note specified encoding
</script>

Of course, the usual cryptographic warning signs still apply: this doesn't ensure your message has not been tampered with, etc.