AES CBC encrypted string can't be decrypted using synapse SynaAes or TMS AES component
|
 Author |
AES CBC encrypted string can't be decrypted using synapse SynaAes or TMS AES component |
| Antheunis Marc 2019-01-14 12:55:38 Registered user |
the length of the strings vary
encrypted using encrypt(CBC, key, string) but other implementations do not decrypt correctly for example 'abc' encrypted results in synapse decrypt'abc'#0D#0D#0D#0D#0D#0D.... (after setting IV to #0....) TMS complains about the size not begin 16b blocks so how can i decrypt using other 3rd party? |
| Henrick Wibell Hellström 2019-01-14 13:15:40 Registered user |
I am guessing you are using the SecUtils.EncryptString function, which is declared as follows:
function EncryptString(Alg: TCipherAlg; Mode: TCipherMode; const Key, PlainText: OctetString): OctetString; overload; This function, just like the SecUtils.TCipher.EncryptStr method, uses PKCS padding for the last block, when the cipher mode is e.g. CBC. This is probably the padding mode that is most commonly used in conjunction with CBC mode, so every comprehensive cipher library ought to implement it somehow. You should probably ask TMS why their implementation complains about the size, but my guess is that, somewhere along the line, you have treated the OctetString as a character string, resulting in conversion errors. |
| Antheunis Marc 2019-01-14 14:17:34 Registered user |
well octetstring is ansistring right?
so after encrypting i'm doing a astring:=string(octetstring) and i'm storing it base64 encoded doing the inverse when decrypting works perfectly with streamsec not with TMS or synapse i'll have a look what the octetstring actually gives as result, but if i understand you correctly, casting the octetstring as string will result in data loss? |
| Antheunis Marc 2019-01-14 14:25:08 Registered user |
hi Henrick,
did some further testing and it appears that if i'm converting the encrypted string from streamsec to a hex string and feed that into TMS that it works… |
| Henrick Wibell Hellström 2019-01-14 14:27:18 Registered user |
No, that is obviously not working. The OctetString values are raw bytes. When you cast an AnsiString to a string, an implicit conversion table is used, which assigns a 16 bit character value for each 8 bit character value. The problem is that this conversion table is not necessarily reversible, i.e. you can't assume that you will get the original OctetString when you cast the string value back to an OctetString.
Instead, if you have to represent an OctetString value as printable text, you should convert it using OSToHex or StrToMIME64, before you assign the result to a string variable. [EDIT: I am glad to see you solved the problem yourself.] |