aes encryption

package.json

@@ -5,6 +5,7 @@
   "dependencies": {
     "alertify.js": "^1.0.12",
     "browser-detect": "^0.2.28",
+    "crypto-js": "^3.1.9-1",
     "firebase": "^5.4.2",
     "history": "^4.7.2",
     "jss": "^9.8.7",

src/pages/Login.js

@@ -147,6 +147,11 @@ const Login = inject("rootStore") ( observer(
                 <li>
                   <b>Copy</b> the password by just one button click
                 </li>
+                <br />
+                <li>
+                  <b>For nerds: </b><a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank" rel="noopener noreferrer">AES (Rijndael cipher) </a>
+                  encrypted with a 128 bits key, 10 rounds and a blocksize of 128 bits. Established by the U.S. NIST in 2001 and approved by the NSA for "top secret" information.
+                </li>
               </ul>
               <img alt="" className={this.classes.ninja} src={require('../files/images/ninja.svg')} />
             </Segment>

src/pages/passwordManager/PasswordManager.js

@@ -14,7 +14,7 @@ import { decrypt } from '../../stores/functions/encryption';
 /*
 * Component imports
 */
-import New from './New';
+import New from '../../components/PasswordManager/New';
 import Headline from '../../components/Headline';
 
 jss.setup(preset());
@@ -289,6 +289,11 @@ const PasswordManager = inject("rootStore") ( observer(
           <p>
             <b>I advise you to choose one encryption key and use it for all your passwords in your list.</b> Why? Using the same key makes decrypting easier for you because <b>all</b> entries are being decrypted correctly at the same time by using one single key.
           </p>
+          <hr />
+          <p>
+            <b>For nerds: </b><a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank" rel="noopener noreferrer">AES (Rijndael cipher) </a>
+            encrypted with a 128 bits key, 10 rounds and a blocksize of 128 bits. Established by the U.S. NIST in 2001 and approved by the NSA for "top secret" information.
+          </p>
         </div>
       );
     }

src/stores/functions/encryption.js

@@ -1,13 +1,24 @@
-function norm_to_ascii(string){return unescape(encodeURIComponent(string))};
-function norm_to_unicode(string){return decodeURIComponent(escape(string))};
-function crypt_sym(string,k){return String.fromCharCode.apply(undefined,string.split("").map(function(c){return c.charCodeAt(0)^(k||13)}))};
+import CryptoJS from 'crypto-js';
 
 export function encrypt(string, key) {
   //Encrypt a string
-  return btoa(crypt_sym(norm_to_ascii(string), key));
+  return CryptoJS.AES.encrypt(string, key).toString();
 }
 
-export function decrypt(string, key) {
+export function decrypt(ciphertext, key) {
   //Decrypt a string
-  return crypt_sym(norm_to_unicode(atob(string)), key);
+  var bytes  = CryptoJS.AES.decrypt(ciphertext, key);
+  var originalText;
+
+  try {
+    originalText = bytes.toString(CryptoJS.enc.Utf8);
+
+    if(originalText === '') {
+      originalText = CryptoJS.HMACMD5(key + ciphertext).toString(CryptoJS.enc.Hex).substring(0, 15);
+    }
+  } catch(ex) {
+    originalText = CryptoJS.SHA256(key + ciphertext).toString(CryptoJS.enc.Hex).substring(0, 15);
+  }
+  
+  return originalText;
 }

yarn.lock

@@ -1889,6 +1889,10 @@ crypto-browserify@^3.11.0:
     randombytes "^2.0.0"
     randomfill "^1.0.3"
 
+crypto-js@^3.1.9-1:
+  version "3.1.9-1"
+  resolved "https://registry.yarnpkg.com/crypto-js/-/crypto-js-3.1.9-1.tgz#fda19e761fc077e01ffbfdc6e9fdfc59e8806cd8"
+
 crypto-random-string@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-1.0.0.tgz#a230f64f568310e1498009940790ec99545bca7e"