I have to do the encryption with AES 256 , CBC and without padding . I have an code which do simple AES256 but requirement is different .
I have an JSON string which i need to pass to the server with AES256/CBC/Nopadding.
Any Help will be appreciated
You can use CommonCrypto to achieve this.
In CCCryptorCreate there is CCOptions parameter, where you should pass 0 (instead of PKCS7Padding constant).
Related
I am trying to decrypt a message with pgcrypto that is encrypted with AES GCM 256.
Specifications of the encryption:
Encryption algorithm AES
Key [secret of listener] (64-character-long hexadecimal string in configuration)
Key length 256 bits (32 bytes)
Block mode GCM
Padding None
Initialization vector In HTTP header (X-Initialization-Vector)
Authentication tag In HTTP header (X-Authentication-Tag)
So I receive a:
body
key
iv_header
auth_tag
I tried the below
with base as (
select
'F8E2F759E528CB69375E51DB2AF9B53734E393' as body,
'000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F' as key,
'3D575574536D450F71AC76D8' as iv_header,
'19FDD068C6F383C173D3A906F7BD1D83' as auth_tag
),
out as (
select
decrypt_iv(
convert_to(concat(decode(body,'hex'),decode(auth_tag,'hex')),'LATIN1'),
decode(key, 'hex'),
decode(iv_header, 'hex'),
'aes/pad:none'
)
from base
)
select * from out
I keep getting the error decrypt_iv error: Data not a multiple of block size while I would expect to get the encoded message {"type": "PAYMENT"}
I expect that something goes wrong in the decoding and concatenating of body and auth_tag, but can't figure out what.
Some notes on what/why I did that
I concat the auth_tag to the body as several sources describe it that way.
I use the convert_to function as it seems the only way to concatenate two bytea values
I manage to decrypt this message in other languages (i.e. Snowflake or Python)
If anyone sees what I am doing wrong or has some directions it is highly appreciated.
pgcrypto only says it supports cbc and ecb. I'm not a cryptographer, but I don't think either of those is the same thing as GCM. So I don't think you can do this with pgcrypto. I don't know why it leads to the exact error you get, but it also doesn't surprise me.
If I really needed to do this inside the database, I think I do it by writing a function using pl/python3u.
We are developing and using the Ionic 3 Native AES 256 algorithm to encrypt the data, the out put of encrypted data is not valid format of ciphertext format(24 byte). so that we can't able to decrypt in java programme side. also our middleware team using AES/GCM/NoPadding but ionic native plugin using AES/CBC/PKCS5PADDING so that we could not able to decrypt the data in java based middleware side. please advise, how do we handle this.
ionic docs : https://ionicframework.com/docs/v3/native/aes256/
As commented in your first question regarding this topic
(ionic v3 AES 256 algorithm to using encrypted not able to decrypt in java AES/GCM/noPadding algorithm) I run the ionic encryption with these data:
password = "test#123"
plaintext = "Test1234"
and received a Base64-encoded ciphertext string like "izMYpAIMvsCKIVjiNztsrA=="
(as the encryptionKey & iv is generated with random elements your results will differ).
Decoding this ciphertext string back to a byte array I get a (byte array) length of 16 and NOT 24 (it has to be always a multiple of 16) so your encryption isn't running well when getting a length of 24!
Second: there is no way to work with different AES modes - ionic does only support CBC mode that has to be used on your middleware decryption as well. If you need to use an authenticated encryption like "GCM" mode you have to use an additional library.
I am generating RSA signature using RSA_PKCS1_PSS_PADDING. I am setting digest algorithm as SHA256 using EVP_get_digestbyname() and EVP_DigestSignInit(). And salt length parameter as -1 using EVP_PKEY_CTX_set_rsa_pss_saltlen().
I have EVP_MD_CTX, EVP_MD and EVP_PKEY_CTX structures used for signature generation.
How can I get the name of Mask generation algorithm name used by OpenSSL by default? Is there any API provided for getting it?
Edit: OpenSSL version used: 1.1.0g.
RSASSA-PSS is in practice always used with MGF1 as the Mask Generation Function. The only variation is which Message Digest is used internally by MGF1.
Sometime that's the same Message Digest as the one used for hashing the message and building the tag in PSS, because that makes the most sense. Other times it is SHA-1 because that used to be the default MD for early RSASSA-PSS APIs, thus for the associated MGF1.
In an ideal world, some attribute (in the signature, or/and in the public key certificate used to check the signature) would tell MGF1-with-such-MD, perhaps by way of some Object IDentifier like we have to specify PSS. But crypto APIs are hell.
In order to control what Message Digest is used by MGF1, we want something on the tune of what -sigopt rsa_mgf1_md:sha256 does in the openssl dgst command.
My best guess is to set the MGF1 digest using
assert(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256)>=0);
or get it using EVP_PKEY_CTX_get_rsa_mgf1_md() as documented:
The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.
Can anyone help with the code how to decrypt with private key ,As in server side they are using OAEP encryption method .I tried decrypting using private key but the decrypted text is Null,I am getting the Error code as -9809 as decryption code result
When you say "with a private key" I assume you mean you're using SecKeyDecrypt() for asymmetric encryption rather than CommonCryptor for symmetric encryption.
SecKeyDecrypt() does not support OAEP. It only supports PKCS1 v1.5 padding (kSecPaddingPKCS1). It can also technically handle ASN.1 padding + PKCS1 padding, but this isn't usually relevant to decryption. You should have noticed this when you passed the SecPadding parameter. What did you pass?
That error number is errSSLCrypto which is a generic "something went wrong in crypto" message.
I am new to Encryption/ Decryption. I want to encrypt a NSString variable value using key. Also I want to decrypt the encrypted data . I want to apply AES -128 Algorithm.
Please suggest sample code or useful link.
I found this through a Google search on the terms aes nsstring site:stackoverflow.com:
AES Encryption for an NSString on the iPhone