Comments (18)
The encryption/decryption basically works between binaries. Besides that, we will also need to convert back and forth between String and binary, which is encoding specific.
When you use some encoding to convert String to binary/xstring (UTF-8 for example), you will need to use the same encoding to convert it back to string.
I am not sure about how OpenSSL encryption works exactly, but you I think you can try the two steps above:
decrypt -> convert to String using some encoding
Please let me whether it helps.
from aes.
Ok, so here is what I am trying. First we get the key of a password using OpenSSL:
openssl aes-128-cbc -nosalt -P -pass pass:unserGeheimesPasswort
key=445C778701C4DE527283AA00BF1BD0BA
iv =0B86DAC67E3B11A76CD672667A8224F1
Then I encrypt a string using OpenSSL, incl. base64 encoding:
echo "geheime_Kundenaten" | openssl enc -aes-128-cbc -a -nosalt -pass pass:unserGeheimesPasswort
Then in ABAP I convert both the data and the key to xstring:
"Convert encrypted payload string to binary xstring format
CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
EXPORTING
text = 'Q6lCAevFmyNfuyFG4nd9vUqo4twoU2u3x80nYfWS+lE=' "geheime_Kundenaten
IMPORTING
buffer = lv_x_value.
"Convert the OpenSSL encryption key string to binary xstring format
CALL FUNCTION 'SCMS_STRING_TO_XSTRING'
EXPORTING
text = '445C778701C4DE527283AA00BF1BD0BA' "unserGeheimesPasswort
IMPORTING
buffer = lv_x_key.
Then I decrypt the string using your class:
CALL METHOD lr_aes_util->decrypt_xstring(
EXPORTING
i_data = lv_x_value
i_key = lv_x_key
IMPORTING
e_data = lv_x_result ).
Then I convert the xstring back to a string:
DATA lo_conv TYPE REF TO cl_abap_conv_in_ce.
CALL METHOD cl_abap_conv_in_ce=>create
EXPORTING
encoding = 'UTF-8'
endian = 'L'
ignore_cerr = 'X'
replacement = '#'
input = lv_x_result
RECEIVING
conv = lo_conv.
CALL METHOD lo_conv->read
IMPORTING
data = lv_result.
And finally I base64 decode the result again:
DATA: base64 TYPE REF TO cl_http_utility.
CREATE OBJECT base64.
CALL METHOD base64->decode_base64
EXPORTING
encoded = lv_result
RECEIVING
decoded = lv_result.
However, that result is not the original string I have encrypted via OpenSSL.
Any ideas?
from aes.
First, Base64 and Hex are both representations of binaries:
Hex: each character (0 - F, 2 ^ 4) represents 4 bits
Bases64 is a little more complicated: It uses 4 characters (out of 64, 2 ^ 6, every 6 bits is a unit) to represent 3 bytes (6 * 4 = 8 * 3)
Here is what I thought:
When you use openssl to encrypt:
PlainText ---(encoding, UTF-8?)--> Binaries representing the String ---encrypt--> Ciphertext (Binaries) ---Base64 Encoding--> Ciphertext (readable, binaries represented by Base64)
To decrypt it in ABAP, we need the ciphertext and the key
Ciphertext is in the format of Base64, and it needs to be converted to Hex. There might be some ABAP Function Module / Class doing that already, I assume.
Key is already in the format of Hex: key=445C778701C4DE527283AA00BF1BD0BA
32 characters of 0-F: 4 bit * 32 = 128 bit, it is already the 128 bit binary key represented by Hex.
We can decrpt now, should be getting another Hex String, representing the binaries of the plain text. However, to convert this binary to String, we will need to know the encoding openssl is using. Hopefully it is UTF-8.
That's all, it should be exactly the opposite process of openssl encryption.
from aes.
But I only get garbage after the process I described above, What step(s) am I missing from your point of view?
from aes.
I can see 3:
- The key (445C778701C4DE527283AA00BF1BD0BA) is already Xstring (Hex), No need to convert it.
- The ciphertext (Q6lCAevFmyNfuyFG4nd9vUqo4twoU2u3x80nYfWS+lE=) is in Base64, and it needs to be converted to Xstring (Hex).
- After decryption, no need to do Base64 decoding, just use String decoding (Probably UTF-8, This one I am not sure, depending on what openssl uses to convert string to binary, use the same)
from aes.
Ok thanks, I will give that a try and let you know!
from aes.
Did some research and found something I did not know before:
The encryption uses cbc:
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_.28CBC.29
My code does not support this, and it is a special way to use AES:
Take your situation for example:
- Base64 to Hex
Q6lCAevFmyNfuyFG4nd9vUqo4twoU2u3x80nYfWS+lE= ->
43A94201EBC59B235FBB2146E2777DBD4AA8E2DC28536BB7C7CD2761F592FA51 - Split Hex into blocks, 128 bit in this case
43A94201EBC59B235FBB2146E2777DBD
4AA8E2DC28536BB7C7CD2761F592FA51 - Decrypt each block using the key
29E1BFAE1B527CC2339D07081EE74A90
37CC2C23CBC8912A56B2284FEB7E74B4 - Make an XOR to each decrypted block using previous encrypted block, The first decrypted block, using the IV:
29E1BFAE1B527CC2339D07081EE74A90 XOR 0B86DAC67E3B11A76CD672667A8224F1 =>
2267656865696D655F4B756E64656E61
37CC2C23CBC8912A56B2284FEB7E74B4 XOR 43A94201EBC59B235FBB2146E2777DBD =>
74656E22200D0A090909090909090909 - You got the Hex of the original String:
2267656865696D655F4B756E64656E6174656E22200D0A090909090909090909 - Convert it to String
"geheime_Kundenaten"
from aes.
So do I understand you correctly, that it is not possible to decrypt using your code in ABAP of a string encrypted with OpenSSL?
from aes.
Yes, you can.
But you will need to some additional work yourself, it is not hard at all.
- Slice the encrypted Hex into blocks
- decrypt each block separately, using the same key
- Apply the XOR conversion back.
You are welcome to extend my codes here, so that others could use it later :)
I would love to add it myself too, but I have to take care of some other weird code at work first :P
from aes.
I am not sure whether you have finished your work, but I just added more encryption mode into this class, including CBC.
from aes.
Ohh that sounds great, thanks. So does it work with my example now?
from aes.
It does, but only to the decryption part.
Before that, you will need to convert from BASE64 to HEX
After that, you will need to convert from HEX to String
DECRYPT_XSTRING
Import parameter
I_KEY 445C778701C4DE527283AA00BF1BD0BA
I_DATA 43A94201EBC59B235FBB2146E2777DBD4AA8E2DC28536BB7C7CD2761F592FA51
I_INITIALIZATION_VECTOR 0B86DAC67E3B11A76CD672667A8224F1
I_ENCRYPTION_MODE CBC
Export params
E_DATA 2267656865696D655F4B756E64656E6174656E22200D0A090909090909090909
from aes.
I see, thanks. For converting from Base64 to HEX, and then from HEX to String, do you use SAP standard functions?
from aes.
Base64 -> xstring
SCMS_BASE64_DECODE_STR
xstring to string
SCMS_XSTRING_TO_BINARY
SCMS_BINARY_TO_STRING, This one you will need to know what encoding openssl is using
from aes.
That's aweseome, thanks a lot!
I will give it a try next week and let you know then.
from aes.
Hey, now it works well, also with data from OpenSSL using AES-CBC:
Thanks a lot for your quick fix, helped me a lot.
Only one question left: Any chance that you could also implement to support a salt for AES, as used in OpenSSL? Or should I open another ticket for that?
from aes.
Salt is not really something related to encryption, it is some conversion to the plaintext to introduce randomness. Since aes can reversely decrypt, you don't even need to know what the salt is exactly, but only how salt is added. After decryption, you can just remove the salt from the result.
There might be multiple ways to add salt, and if you can figure out how openssl adds salt, the reverse operation should be fairly easy, probably just some substring operation.
from aes.
Ok thanks.
from aes.
Related Issues (18)
- Help Is appreciated HOT 4
- Bug in decryption algorithm? HOT 10
- Use built-in ABAP types instead of DDIC HOT 2
- Exception CX_ME_ILLEGAL_ARGUMENT
- AES result is not matching with online tools HOT 5
- Base class ZCL_RIJNDAEL_UTILITY might have problems encrypting data after first block HOT 1
- Working Example HOT 2
- Encryption Issue HOT 8
- AES 盐值 解密。怎么调用呢? HOT 1
- Last bytes of AES encryption result is not matching with online tools HOT 2
- Decrypt file from SAP app.server HOT 2
- Some "garbage" as suffix left after decrypting via AES-CBC HOT 4
- Incorrect padding x00 , it should be PKCS#7 HOT 7
- abapGit repository format HOT 2
- Renaming classes HOT 3
- Introduce factory class
- Public methods in ZCL_AES_UTILITY
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aes.