Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VfpEncryption71 - AES256: How to get pure hex like result 1

Status
Not open for further replies.
Rajesh Karunakaran

Rajesh Karunakaran

Programmer
Sep 29, 2016
542
MU
Hi Team!

I am trying to encrypt a password using VfpEncryption71 library.
Encryption type We need AES256.

Below is sample of what I am doing.

Code: 
lcStr = 'mykey123456'
lcKey = 'BeY7nZ1HL5Sdl0POADQACw=='
Encrypt(lcStr, lcKey, 2, 1, 0, 24, 16)
* 2= Type AES256, 1= Mode ECB, 0=Padd null
* 24= length of key being used
* 16= Block size
Then I get an encrypted key like below
Code: 
 O4¨n)Ks³â÷„

But, the client documentation shows encrypted sample like
Code: 
biXhp3Ha1fgxVEp48zHrvVoXMStmxPuAPHo3TVz5lHU=

Whatever I try, I am not getting an encryption like the above.
How do we achieve that?

Thanks in advance
Rajesh




 
Sort by date Sort by votes
Hi Rajesh,

in short there's so much wrong in your parameterization that it doesn't work.

There are lots of sets of test vectors to see, whether an encryption library gets the expected results from the algorithm used. The download of vfpencryption comes with source examples. Look into the directory "test-vectors". Go from there

------------------------------

If you're interested to see what's all wrong with your try:

What you want ([tt]biXhp3Ha1fgxVEp48zHrvVoXMStmxPuAPHo3TVz5lHU=[/tt]) is base64, which is not hex or hexadecimal.
What you have as result of Encrypt ([tt]O4¨n)Ks ³â÷„[/tt] ) is binary. You get from binary to base64 with STRCONV(), see the help. But don't try just using STRCONV() on the result, as there are lots of further errors.

Maybe because you have that misconception you're also feeding in a wrong lcKey and overall a lot of wrong parameter values.

The Encrypt function of the VfpEncryption library asks for a specific key length when you use it for AES:

Read what the documentation says:
docs said:
keys may need to be of a particular length for certain types of encryption
Click to expand...

docs said:
2 = Rijndael\AES 256 (requires a 32 character Key) *Default
Click to expand...

There are some of your parameterization errors:

1. Your parameterization says you want to use AES 256 but a 24 character key. The algorithm determines the key length. And for AES356 you need a 32 character (32 bytes) key.

Your lcKey='BeY7nZ1HL5Sdl0POADQACw==' is 24 chars, and the characters used and the trailing with "==" tells me this is base64. And if you convert that back to a binary string, not only limited to letters and digits, this would become even shorter, a 16 byte key.

2. Your description is you want to encrypt a key. Well, to the Encrypt function it doesn't matter that lcStr='mykey1232456' is your key, to the AES256 encryption that is the message to encrypt and the key used to encrypt this message is lcKey and that's too short no matter if you take it as is or convert it back to a 16byte long binary key.

3. Your parameterization is mode 1 for CBC, your comment says you want ECB, but ECB is mode 0, not mode 1.

So just read the documentation and follow it correctly.

Encryption isn't a beginner topic if you still even struggle with understanding what binary, hexadecimal, bas64 are and then make it hard to wrap your head around what you need to provide as parameters by wanting to encrypt a key, which makes it easy to confuse message and key, it's just natural your first trials lead to errors.

You can also blame Craig S. Boyd for having a parameterization that suggests more freedom than you really have. You can't mix AES type and key length as you like, so actually only using encryption types 4 (Blowfish) and 1024 for RC4 would enable more freedom of choices in key lengths, the other modes determine what has to be the key length and so the nKeySize parameter has to be that and not what you want.

Bye, Olaf.

Olaf Doschke Software Engineering
 
Upvote 0 Downvote
Olaf,
Thank you so much. As usual, there are so much to learn from in your suggestions!

a. Mentioning of 1 for mode was a mistake. In fact, we want ECB.
b. Writing 'key' in my string to be encrypted doesn't have any context. I just assumed a text.
What I am encrypting is a password. Difference of the string being encrypted and the key being used is obviously clear to me.

Let me go through your text thoroughly. Will get back soon.

Thanks a lot
Rajesh
 
Upvote 0 Downvote
Hi team!

I am just continuing with this. Below is the code from the encryption library sample prg file

Code: 
m.lcPlainText = STRCONV("6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",16)

*!* F.1.5 ECB-AES256.Encrypt
m.lcKey = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"
m.lcCiphertext = "f3eed1bdb5d2a03c064b5a7e3db181f8591ccb10d410ed26dc5ba74a31362870b6ed21b99ca6f4f9f153e7b1beafed1d23304b7a39f9f3ff067d8d8f9e24ecc7"
?IIF(Encrypt(m.lcPlainText, STRCONV(m.lcKey,16), 2, 0, 0, 32, 16) == STRCONV(m.lcCiphertext,16), "PASSED!", "FAILED!")
*!* F.1.6 ECB-AES256.Decrypt
?IIF(Decrypt(STRCONV(m.lcCiphertext,16), STRCONV(m.lcKey,16), 2, 0, 0, 32, 16) == m.lcPlainText, "PASSED!", "FAILED!")

Here (above sample code) the lcPlainText is decoded from a hexBinary string. If I have to encrypt my password, say 'myPass@123456', should I encode it into hexBinary first and then pass it to the Encrypt function by decoding it back into normal string (using STRCONV function) ?
Similary, the lcKey (the secret key) is also decoded from a hexBinary?
Are these conversions done to avoid any special characters issues?

Please advice.
Thanks in advance.
Rajesh

 
Upvote 0 Downvote
In short:

Test suites work on very specific binary data that's easiest to specify and also verify in hexadecimal representation. For example to test an own implementation of an encryption algorithn or checking a library works as intended on your computer.

When the message you want to encrypt is composed of enterable characters (which overlaps with printable, readable) there is no need to go through hexadecimal.

And obviously, as a random password will not be part of a test suite you can check, your best check of getting back the same password from decrypt is simply to decrypt. But to encrypt a password, especially as entered by a user, you have to do nothing, you could directly Encrypt(Thisform.txtPassword.Value,...) and decrypt also gets back straight to that.

Bye, Olaf.

Olaf Doschke Software Engineering
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheLazyPig
  • Question
LISTAGG code like
Replies
6
Views
408
Chris Miller
Chris Miller
tom10
  • Locked
  • Question
Vfpencryption71.fll
Replies
3
Views
178
Chris Miller
Chris Miller
Mandy_crw
  • Locked
  • Question
How to get contents of notepad file? 8
2
Replies
26
Views
462
Mandy_crw
Mandy_crw
german12
  • Locked
  • Question
How to filter a list like this sample 3
Replies
2
Views
138
Chris Miller
Chris Miller
SitesMasstec
  • Question
How to order a column of data in a Grid
Replies
3
Views
330
EinTerraner
EinTerraner

Part and Inventory Search

Sponsor

Back
Top