William Vorhees · Aug 4, 2017

AES Encryption

Trying to use AES encryption for a url.  I have a plain text string, a 16-byte key and a initialization vector.  I am trying to match a C# implementation that uses RijndaelManaged class with a  BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7.  The output of the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV), doesn't match what is coming out of C#.  All inputs into the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) are converted to UTF8 as in the documentation.

I can encrypt / decrypt in Caché as specified in the documentation, but the string is differet from the C#, so the url fails.

Thanks in advance.

0 1,134
Discussion (5)2
Log in or sign up to continue

Can you post some examples of input and expected output?

Edit: here's an example from StackOverflow that gets the same output:

USER>s (key,iv)="0123456789ABCDEF"

USER>zzdump $system.Encryption.AESCBCEncrypt("1234567890",key,iv)

0000: 60 2C AE 14 35 8D 0A C5 C9 6E 2D 46 D1 7E 58 E3

where do you verify the result and where do you see the error ?

ok, sorry guys was on a brief vacation.  

The C# console shows this:

stringkey: Svp3r_S3cr3t_K3y_F0r_t3st1ng_AST
stringvector: V3ry_r@nd0m_1n1t
stringToEncrypt: ad=snoopy&m=123456789&datetime=
Temp Vector 64: VjNyeV9yQG5kMG1fMW4xdA==
​Encrypted: VgBqAE4AeQBlAFYAOQB5AF0OfBtivy19pV1vc5oNZ5supNdtQ0yrZ70V5GS9iFmbcQHwdL37LND0ugFFYekwwg==


However the Cache

xaes() ;
    s stringToEncrypt="ad=snoopy&m=123456789&datetime="
    s stringKey="Svp3r_S3cr3t_K3y_F0r_t3st1ng_AST" ;
    s stringvector="V3ry_r@nd0m_1n1t" ;
    s key=$ZCONVERT(stringKey,"O","UTF8") W !,"key: ",?12,key
    s IV=$ZCONVERT(stringvector,"O","UTF8") W !,"IV: ",?12,IV
    s text=$ZCONVERT(stringToEncrypt,"O","UTF8") W !,"text: ",?12,text
    s BinaryText=$ZCONVERT(stringvector,"O","UTF8")
    s Base64Encoded=$system.Encryption.Base64Encode($ZCONVERT(stringvector,"O","UTF8")) w !,"Base64Encoded: ",?12,Base64Encoded
    s enctext=$SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) w !,"enctext: ",?12,enctext
    s ciphertext=$SYSTEM.Encryption.Base64Encode($ZCONVERT(enctext,"O","UTF8"),1) W !,"ciphertext: ",?12,ciphertext

will output:


key:        Svp3r_S3cr3t_K3y_F0r_t3st1ng_AST
IV:         V3ry_r@nd0m_1n1t
text:       ad=snoopy&m=123456789&datetime=
Base64Encoded: VjNyeV9yQG5kMG1fMW4xdA==
enctext:    ˆúÅbªK·¨–V

ciphertext: y4bDusOFYsKqS8K3wqjigJNWAEPCthjCusOWGsO1Uw1aw5Digqw4VcKkwqzigJkgw6XDpTw=


The Base64Encoded and the Temp Vector 64 from C# match.  However if I try to put the Base64Encoded into $SYSTEM.Encryption.AESCBCEncrypt, I get an ILLEGAL VALUE as that function requires UTF8.  It still fails if I convert it to UTF8 before the AESCBCEncrypt.

I notice two things:

  1. The C# ciphertext is 64 bytes, which is twice as long as I'd expect for a 31-byte input.
  2. In the first sixteen bytes of the C# ciphertext, alternating bytes are NUL.

I thought maybe C# is using UTF-16, but I I haven't managed to replicate its output using $zconvert with "UnicodeLittle" or "UnicodeBig".

Edit: the first sixteen bytes of the output appear to be the first eight bytes of the initialization vector converted to Base-64, then UTF-16.

You are UTF-8 encoding the binary ciphertext, which scrambles it, before Base64 encoding it:

   s ciphertext=$SYSTEM.Encryption.Base64Encode($ZCONVERT(enctext,"O","UTF8"),1) W !,"ciphertext: ",?12,ciphertext