0
592
Question Barbara Raviolo · Dec 12, 2023

Problems with AESCBCEncrypt

#InterSystems IRIS for Health #Encryption

Hello all,
we have an encryption problem.

Out partner decode url with AES CBC 256 using crypto-js
https://community.dynatrace.com/t5/Troubleshooting/AES-Encryption-and-D…

with this params value:
var iv = CryptoJS.enc.Hex.parse("0000000000000000");
var stringyouWantToEncrypt = "HelloWorld";
var base64Key = "RXJjb2xpbm9zZW1wcmVpbnBpZWRp";
var encrypted = CryptoJS.AES.encrypt(
    stringyouWantToEncrypt,
    CryptoJS.enc.Base64.parse(base64Key),
    {
        iv: iv,
    }
);
console.log("Key " + CryptoJS.enc.Base64.parse(base64Key));
console.log("Result! " + encrypted.toString());

obtain as result
Result! Pq4RTQSysuCi4ahNLTy+cQ==

We try to obtain the same encrypt using ObjectScript:

set text = "HelloWorld"
set IV = "0000000000000000"
set KEY = "RXJjb2xpbm9zZW1wcmVpbnBpZWRp"
Set text=$ZCONVERT(text,"O","UTF8")
Set sCrypt=$SYSTEM.Encryption.AESCBCEncrypt(text,KEY,IV)
Set sToken=$SYSTEM.Encryption.Base64Encode(sCrypt)
w !,!, "Encoded -> "_sToken

Encoded -> cJ931ZaFdDA7cl2HSgpzQw==

We have ended all ideas.
Anyone has the same problem?

Thank you

Product version: IRIS 2019.1
$ZV: IRIS for UNIX (SUSE Linux Enterprise Server for x86-64) 2019.1 (Build 510_4_20145U) Wed Aug 26 2020 00:34:02 EDT
Discussion (4)3
Log in or sign up to continue

Comments

Ralf Looschen · Dec 12, 2023

Hello Barbara,

I think the cause of this problem is the wrong key length for AESCBCEncrypt, the key must be 32 characters long.

0
Enrico Parisi · Dec 12, 2023

Ciao Barbara,

In your JS code:

var iv = CryptoJS.enc.Hex.parse("0000000000000000");

Convert the HEX sequence to a string, the resulting string made of 8 characters, all with ascii value of zero.
In AES, IV *must" be 16 characters long, I have no idea how your JS library handle this invalid value, IRIS correctly returns an error if IV is not 16 characters long.
The sample in the page you linked uses an IV made of 16 characters, converted from an HEX sequence.

In addition, you are passing to $SYSTEM.Encryption.AESCBCEncrypt() the KEY encoded in base64, in JS th base 64 KEY is decoded before use, so it should be:
Set sCrypt=$SYSTEM.Encryption.AESCBCEncrypt(text,$SYSTEM.Encryption.Base64Decode(KEY),IV)

Moreover, as Ralf pointed out, make sure the key is 16, 24, or 32 characters long

Ciao,
Enrico

0
Enrico Parisi · Dec 12, 2023

Using correct length of 16 characters for IV and 32 characters key.

This Javascript:

var iv CryptoJS.enc.Hex.parse("00000000000000000000000000000000");
var stringyouWantToEncrypt "HelloWorld";
var base64Key "RXJjb2xpbm9zZW1wcmVpbnBpZWRpMDEyMzQ1Nzg5MDE=";
var encrypted CryptoJS.AES.encrypt(
    stringyouWantToEncrypt,
    CryptoJS.enc.Base64.parse(base64Key),
    {
        iv: iv,
    }
)

And this ObjectScript:

Set text="HelloWorld"
Set IV=$c(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)
Set KEY = "RXJjb2xpbm9zZW1wcmVpbnBpZWRpMDEyMzQ1Nzg5MDE="
Set KEY=$SYSTEM.Encryption.Base64Decode(KEY)
Set text=$ZCONVERT(text,"O","UTF8")
Set sCrypt=$SYSTEM.Encryption.AESCBCEncrypt(text,KEY,IV)
Set sToken=$SYSTEM.Encryption.Base64Encode(sCrypt)
Write !,!, "Encoded -> "_sToken

Both return the same:

Encoded -> 2s4qbUJC6romvsp7TP2L4A==

Enrico

0