AES Encryption

Question

Question

William Vorhees · Aug 4, 2017

Trying to use AES encryption for a url. I have a plain text string, a 16-byte key and a initialization vector. I am trying to match a C# implementation that uses RijndaelManaged class with a BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7. The output of the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV), doesn't match what is coming out of C#. All inputs into the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) are converted to UTF8 as in the documentation.

I can encrypt / decrypt in Caché as specified in the documentation, but the string is differet from the C#, so the url fails.

Thanks in advance.

Discussion (5)1

Log in or sign up to continue

Jon Willeke Aug 14, 2017 to William Vorhees

I notice two things:

The C# ciphertext is 64 bytes, which is twice as long as I'd expect for a 31-byte input.
In the first sixteen bytes of the C# ciphertext, alternating bytes are NUL.

I thought maybe C# is using UTF-16, but I I haven't managed to replicate its output using $zconvert with "UnicodeLittle" or "UnicodeBig".

Edit: the first sixteen bytes of the output appear to be the first eight bytes of the initialization vector converted to Base-64, then UTF-16.

0 0

score 0 · Answer 1 · 2017-08-04T13:23:24-04:00

Can you post some examples of input and expected output?

Edit: here's an example from StackOverflow that gets the same output:

USER>s (key,iv)="0123456789ABCDEF"

USER>zzdump $system.Encryption.AESCBCEncrypt("1234567890",key,iv)

0000: 60 2C AE 14 35 8D 0A C5 C9 6E 2D 46 D1 7E 58 E3

https://stackoverflow.com/questions/28592989/aes-pkcs7-padding

score 0 · Answer 2 · 2017-08-06T12:30:14-04:00

Robert Cemper · Aug 6, 2017

where do you verify the result and where do you see the error ?

0 0

score 0 · Answer 3 · 2017-08-14T14:46:00-04:00

ok, sorry guys was on a brief vacation.

The C# console shows this:

stringkey: Svp3r_S3cr3t_K3y_F0r_t3st1ng_AST
stringvector: V3ry_r@nd0m_1n1t
stringToEncrypt: ad=snoopy&m=123456789&datetime=
Temp Vector 64: VjNyeV9yQG5kMG1fMW4xdA==
Encrypted: VgBqAE4AeQBlAFYAOQB5AF0OfBtivy19pV1vc5oNZ5supNdtQ0yrZ70V5GS9iFmbcQHwdL37LND0ugFFYekwwg==

However the Cache

xaes() ;
    ;
    n
    s stringToEncrypt="ad=snoopy&m=123456789&datetime="
    s stringKey="Svp3r_S3cr3t_K3y_F0r_t3st1ng_AST" ;
    s stringvector="V3ry_r@nd0m_1n1t" ;
    ;
    s key=$ZCONVERT(stringKey,"O","UTF8") W !,"key: ",?12,key
    s IV=$ZCONVERT(stringvector,"O","UTF8") W !,"IV: ",?12,IV
    s text=$ZCONVERT(stringToEncrypt,"O","UTF8") W !,"text: ",?12,text
    ;
    ;
    s BinaryText=$ZCONVERT(stringvector,"O","UTF8")
    s Base64Encoded=$system.Encryption.Base64Encode($ZCONVERT(stringvector,"O","UTF8")) w !,"Base64Encoded: ",?12,Base64Encoded
    ;
    ;
    s enctext=$SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) w !,"enctext: ",?12,enctext
    s ciphertext=$SYSTEM.Encryption.Base64Encode($ZCONVERT(enctext,"O","UTF8"),1) W !,"ciphertext: ",?12,ciphertext
    ;
    q

will output:

key:        Svp3r_S3cr3t_K3y_F0r_t3st1ng_AST
IV:         V3ry_r@nd0m_1n1t
text:       ad=snoopy&m=123456789&datetime=
Base64Encoded: VjNyeV9yQG5kMG1fMW4xdA==
enctext:    ˆúÅbªK·¨–V

ciphertext: y4bDusOFYsKqS8K3wqjigJNWAEPCthjCusOWGsO1Uw1aw5Digqw4VcKkwqzigJkgw6XDpTw=

The Base64Encoded and the Temp Vector 64 from C# match. However if I try to put the Base64Encoded into $SYSTEM.Encryption.AESCBCEncrypt, I get an ILLEGAL VALUE as that function requires UTF8. It still fails if I convert it to UTF8 before the AESCBCEncrypt.

score 0 · Answer 4 · 2017-08-28T19:30:54-04:00

You are UTF-8 encoding the binary ciphertext, which scrambles it, before Base64 encoding it:

   s ciphertext=$SYSTEM.Encryption.Base64Encode($ZCONVERT(enctext,"O","UTF8"),1) W !,"ciphertext: ",?12,ciphertext