CryptoJS | unmodified copy of Google Code hosted CryptoJS project

The code is mostly OK, there are just a few minor issues:

1. CryptoJS does not automatically disable the default PKCS7 padding for stream cipher modes like CTR. Therefore, PKCS7 padding must be applied in the Go code.
2. Since the CryptoJS code uses the internal PBKDF, the OpenSSL format is required for decryption (i.e. the ASCII encoding of Salted__ followed by the 8 bytes salt and the actual ciphertext), hex encoded. So the Go code must format and encode the data accordingly.
3. CryptoJS derives key and IV when using the internal PBKDF. Therefore, in the CryptoJS code, the specified IV is ignored during decryption. Hence, in the Go code, any IV can be specified.

The following code corresponds to your code, extended by the PKCS#7 padding and the formatting/encoding of the result (consider the comments in the code). Note that, as in your code, a hard-coded salt is used for simplicity, but in practice a randomly generated salt must be applied for security reasons:

You can't pass an Object to the SHA256 Method, you may only pass strings and WordArrays.

When you pass an object, cryptojs will run .toString() on it, which will always give the same output ([object Object]), and thus the same hash.

This is due to the different padding. CryptoJS uses PKCS#7, mcrypt applies zero padding.

You should replace mcrypt on the PHP side as it is deprecated (s. here). An alternative would be PHP/OpenSSL, which uses PKCS#7 by default.

A solution with PHP/OpenSSL which produces the same ciphertext is:

The CryptoJS code is incomaptible because the IV is decoded incorrectly. Instead of the Hex encoder, the Utf8 encoder must be used.
Also, the encrypt library applies the CTR mode by default. Therefore, in the CryptoJS code the CTR mode must be used instead of the CBC mode:

You could return an object in your Service Layer instead of an User or Error object:

so i think you might previously have had "name" as a required field in your UserSchema definition. therefore it is still expecting every user to have a "name" field and value which explains the error. clearing/syncing indexes should sort it. you can manually dro indexes in mongodb for that specific collection or use mongoose to sync the indexes as seen here.

just seen that OP solved the issue by deleting the database... while this for sure fixes it, it's drastic. i'm certain the error was caused by a missing required field. so if the situation comes up again, just removing indexes will be all the help you need, avoiding dropping other collections that aren't affected by the index.

• You are using the wrong encoders for data, key and IV. All three are Base64 encoded (and not hex or Utf8). So apply the Base64 encoder.
• The ciphertext must be passed to CryptoJS.AES.decrypt() as a CipherParams object or alternatively Base64 encoded, which is implicitly converted to a CipherParams object.

When both are fixed, the plain text is: "[\"001\",\"001\"]".

There are some encoding bugs in the code:

• keygen.randomPassword() does not return a hex encoded string, nevertheless the hex encoder is used for parsing. A hex encoded key and IV can be generated e.g. as follows:

Both codes use the OpenSSL proprietary key derivation function EVP_BytesToKey() with an iteration count of 1 and MD5 as digest.
NodeJS does not use a salt, while CryptoJS applies a random salt. For this reason, the NodeJS result is unchanged for each encryption, while the CryptoJS result always changes (assuming the same plaintext and passphrase).

Thus, to get the result of the NodeJS code with the CryptoJS code, you must not use a salt. However, by default, a salt is always applied. This can only be circumvented by explicitly determining key and IV with the key derivation function EvpKDF and then using both in the encryption: