Replies:

Hello Marc,

I saw the same, but after adjusting I get the same error when decrypting (Padding is invalid and cannot be removed)

Latest Objectscript code:

Class TEST.ENCRYPT
{

// Symmetric Keys sample to encrypt
ClassMethod DoAESCBCEncrypt() As %Status
{
	Set key="pZR8qfrz7t47G+dboyJCH4NnJRrF+dJbvxq37y/cLUo="
	Write "Key="_key,!
	Set keyBase64=$SYSTEM.Encryption.Base64Encode(key,1)
	Write "KeyBase64="_keyBase64,!
	
	Set iv=$system.Encryption.GenCryptRand(16)
	Write "IV="_iv,!
	Set ivBase64 = $SYSTEM.Encryption.Base64Encode(iv,1)
	Write "IVBase64="_ivBase64,!
	
	Set text="This is just an encryption test with AES256, blocksize 128, padding PKCS7, mode, CBC with an IV of 16 bytes"
	Write "Plain Text: "_text,!
	
	Set encrypted=$SYSTEM.Encryption.AESCBCEncrypt($zcvt(text,"O","UTF8"),keyBase64,iv)
	Set EncryptedBase64=$SYSTEM.Encryption.Base64Encode(encrypted,1)
	Write "EncryptedBase64: "_EncryptedBase64,!
	
	Set encryptedComplete = ivBase64_EncryptedBase64
	Write "EncryptedBase64WithIV: "_encryptedComplete,!
	
	Set ciphertext = $$$URLENCODE(encryptedComplete)

	write "URL Encoded:"_ciphertext,!
	return $$$OK
}

}

Hi Julius,

Thank you again. I agree with you that $system.Encryption.GenCryptRand(length) should be a nicer option to generate the random IV.

About the IV, this a random IV to make every message unique. The sender will generate the IV and the receiver gets the first 24 characters and this is the IV and will be used in the decryption.

//get IV
string ivString = deEscape.Substring(0, 24);
Console.WriteLine("IV String: " + ivString);

The IV is used in the decryption. The part after the IV is the part thats need to be decrypted:

string toDecryptWithoutIV = deEscape.Substring(24);
Console.WriteLine("To Decrypt without IV: " + toDecryptWithoutIV);

I can't find what's the problem in Objectscript. So i've switched to Python and in Python it works right away. See example code below:

import base64
from base64 import b64encode
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
import urllib.parse

keyBase64="pZR8qfrz7t47G+dboyJCH4NnJRrF+dJbvxq37y/cLUo="
key = base64.b64decode(keyBase64)

toEncrypt = "This is just an encryption test with AES256, blocksize 128, padding PKCS7, mode, CBC with an IV of 16 bytes"
toEncryptBytes = str.encode(toEncrypt)

cipher = AES.new(key, AES.MODE_CBC)
ct_bytes = cipher.encrypt(pad(toEncryptBytes, AES.block_size))
iv = b64encode(cipher.iv).decode('utf-8')
ct = b64encode(ct_bytes).decode('utf-8')
complete=iv+ct
complete = urllib.parse.quote(complete)
print(complete)

In our used version of IRIS,  Python is embedded so I think this will be the first functionality where we're going to use Python.

Hi Julius,

Thank you for your response. I've tried your suggestions. See modified code below:

Class TEST.ENCRYPT
{

// Symmetric Keys sample to encrypt
ClassMethod DoAESCBCEncrypt() As %Status
{
	set key="pZR8qfrz7t47G+dboyJCH4NnJRrF+dJbvxq37y/cLUo="
	set iv=##class(%PopulateUtils).StringMin(16,16)	
	Write "Key="_key,!
	Write "IV="_iv,!
	Set ivBase64 = $SYSTEM.Encryption.Base64Encode(iv,1)
	Write "IVBase64="_ivBase64,!
	
	set text="This is just an encryption test with AES256, blocksize 128, padding PKCS7, mode, CBC with an IV of 16 bytes"
	Write "Plain Text: "_text,!
	
	Set encrypted=$SYSTEM.Encryption.AESCBCEncrypt($zcvt(text,"O","UTF8"),key,iv)
	Set EncryptedBase64=$SYSTEM.Encryption.Base64Encode(encrypted,1)
	Write "EncryptedBase64: "_EncryptedBase64,!
	
	Set encryptedComplete = ivBase64_EncryptedBase64
	Write "EncryptedBase64WithIV: "_encryptedComplete,!
	
	Set ciphertext = $$$URLENCODE(encryptedComplete)

	write "URL Encoded:"_ciphertext,!
	return $$$OK
}

}

Unfortunately when decrypted with the C# code I'm getting the error ''padding is invalid and cannot be removed". Is this about the PaddingMode.PKCS7?

Followers:
Menno has no followers yet.
Following:
Menno has not followed anybody yet.
Global Masters badges:
Menno has no Global Masters badges yet.