Page 1 of 1
Encryption Web
Posted: Tue Apr 26, 2016 9:38 pm
by avescovi
Hi,
I need to encrypt some information client-side, send them to the server and decrypt them.
I am using the encrypt function on the client:
Code: Select all
#encrypted := #varXY.Encrypt(#myKey)
but I am not able to recover my data using the Decrypt Built-in function on the server-side
Code: Select all
Use Builtin(DECRYPT) With_Args(#encrypted 16 #myKey YES) To_Get(#decrypted #RETCODE)
Where am I wrong?
The idea is to be able also to do the transmission in the opposite direction, hence encrypt server-side and decrypt client-side.
Thanks
Andrea
Re: Encryption Web
Posted: Wed Apr 27, 2016 1:20 pm
by dannyoorburg
Hi,
for the DECRYPT bif to match the Encrypt intrinsic, make sure the length is specified correctly.
It needs the expected number of bytes, which is half the length of the (hexadecimal) encoded string that came from the client.
Code: Select all
Use Builtin(DECRYPT) With_Args(#STD_STRNG (#STD_STRNG.CurChars / 2) "A234567890123456" 'Yes') To_Get(#STD_STRNG)
If you're reading this after 14 SP1 has been released, you'll be able to use the Encrypt/Decrypt intrinsics on both Client and Server.
Danny
Re: Encryption Web
Posted: Wed Apr 27, 2016 2:32 pm
by MarkD
What sort of computer are you executing the Use Builtin(DECRYPT) With_Args(#encrypted 16 #myKey YES) To_Get(#decrypted #RETCODE) on?
Re: Encryption Web
Posted: Wed Apr 27, 2016 4:42 pm
by avescovi
Hi Danny,
Hi MarkD,
Thank you
I tried your approach but still not working.
I provide you exactly my example:
Client
Code: Select all
#myString := 'hello'
#encrypted := #myString.Encrypt( '1jd7RME984jnBGol' )
Where #myString is a #STD_STRING, and the encrypted string computed has value: 'D70FE402154340B5'
Then, in the Server side ( MarkD the Builtin function is running on IBM i )
Code: Select all
Use Builtin(DECRYPT) With_Args(#encrypted (#encrypted.CurChars / 2) '1jd7RME984jnBGol' YES) To_Get(#decrypted #RETCODE)
The decrypted value is: ']R4Ù¦ÝÉ' . Not at all my starting string.
I also tried to encrypt and decrypt the string ('hello') with the builtin function only (Server-side):
Code: Select all
#myString := 'hello'
Use Builtin(ENCRYPT) With_Args(#myString (8) '1jd7RME984jnBGol' YES) To_Get(#crypted #RETCODE)
Use Builtin(DECRYPT) With_Args(#crypted (#crypted.CurChars / 2) '1jd7RME984jnBGol' YES) To_Get(#decrypted #RETCODE)
Crypted value: '5411CB87F874B0F6'
Decrypted valude: 'hello'
As we can see, in this second example the crypted value doesn't match at all with the client-side crypted value.
Someone of you has other suggestions for me?
Thanks
Andrea
Re: Encryption Web
Posted: Wed Apr 27, 2016 4:46 pm
by MarkD
IBM i is an EBCDIC system - the client side encrypted data would be ASCII (or UTF8).
So after decryption you need to convert to EBCDIC?
Re: Encryption Web
Posted: Wed Apr 27, 2016 5:29 pm
by MarkD
You could try these as a quick confirmation - noting they are limited to things <= 256 characters:
Code: Select all
* ---------------------------------------------------------------------------------
Mthroutine Name(ConvertToEBCDIC)
Define_Map For(*input) Class(#prim_alph) Name(#Input)
Define_Map For(*Result) Class(#prim_alph) Name(#Output)
* Defined as fields because they are used as a 3GL interface
Define Field(#QDC_CONVERT_TO_ASCII) Type(*CHAR) Length(10) Default(QASCII)
Define Field(#QDC_CONVERT_TO_EBCDIC) Type(*CHAR) Length(10) Default(QEBCDIC)
Define Field(#QDC_TABLE_Library) Type(*CHAR) Length(10) Default(QSYS)
Define Field(#QDCX_TempLength) Type(*DEC) Length(5) Decimals(0) Default(256)
Define Field(#QDCX_TempWorkString) Type(*char) Length(256)
#QDCX_TempWorkString := #Input
Call Pgm(QDCXLATE) Parm(#QDCX_TempLength #QDCX_TempWorkString #QDC_CONVERT_TO_EBCDIC #QDC_TABLE_Library) Num_Len(*DEFINED)
#Output := #QDCX_TempWorkString
Endroutine
* ---------------------------------------------------------------------------------
Mthroutine Name(ConvertToASCII)
Define_Map For(*input) Class(#prim_alph) Name(#Input)
Define_Map For(*Result) Class(#prim_alph) Name(#Output)
#QDCX_TempWorkString := #Input
Call Pgm(QDCXLATE) Parm(#QDCX_TempLength #QDCX_TempWorkString #QDC_CONVERT_TO_ASCII #QDC_TABLE_Library) Num_Len(*DEFINED)
#Output := #QDCX_TempWorkString
Endroutine
Re: Encryption Web
Posted: Wed Apr 27, 2016 6:03 pm
by avescovi
Watching the variables value in debug mode, still not working also converting the decrypted string in EBCDIC
Re: Encryption Web
Posted: Wed Apr 27, 2016 6:10 pm
by MarkD
What about your key? eg: If you use ASCII key "abc" on the client to encrypt you would need to convert EBCDIC key "abc" (on the server) to ASCII before passing to to the decryption routine. You'd probably also need to be careful that the key lengths are exactly the same - maybe use something declared as *char 16 and completely fill it up?
Re: Encryption Web
Posted: Wed Apr 27, 2016 6:35 pm
by avescovi
I have to try.
Now I am working for understand why the encryption - client and server side - provide two different hex string using the same same key and the same starting text (as written in my second post after your reply)
Re: Encryption Web
Posted: Thu Apr 28, 2016 8:00 am
by MarkD
Could you post the code or code fragments you are using on the client and the server? Please include the part that sets up the encryption key.
Re: Encryption Web
Posted: Thu Apr 28, 2016 3:40 pm
by dannyoorburg
Hi,
the only way I can get it all to be consistent, Client/Server(Windows/IBM i), is to make sure I use Unicode fields for both KEY and VALUE when invoking the BIFs.
I've attached a QuickExport with my test case:
- a Web Page called MYPAGE
- a Server Module called MYSRVM
The key to it is the Server Module code:
Code: Select all
Begin_Com Role(*EXTENDS #PRIM_SRVM)
Define Field(#ENCRYPTION_KEY) Type(*NVARCHAR)
Define Field(#ORIGINAL_VALUE) Type(*NVARCHAR)
Define Field(#ENCRYPTED_VALUE) Type(*VARCHAR)
Srvroutine Name(ENCRYPT)
Field_Map For(*INPUT) Field(#ORIGINAL_VALUE) Parameter_Name(OriginalValue)
Field_Map For(*OUTPUT) Field(#ENCRYPTED_VALUE) Parameter_Name(EncryptedValue)
Dowhile (#ORIGINAL_VALUE.CurSize.Mod( 8 ) *NE 0)
#ORIGINAL_VALUE += " "
Endwhile
#ENCRYPTION_KEY := '1jd7RME984jnBGol'
Use Builtin(ENCRYPT) With_Args(#ORIGINAL_VALUE #ORIGINAL_VALUE.CurSize #ENCRYPTION_KEY YES) To_Get(#ENCRYPTED_VALUE)
Endroutine
Srvroutine Name(DECRYPT)
Field_Map For(*INPUT) Field(#ENCRYPTED_VALUE) Parameter_Name(EncryptedValue)
Field_Map For(*OUTPUT) Field(#ORIGINAL_VALUE) Parameter_Name(OriginalValue)
#ENCRYPTION_KEY := '1jd7RME984jnBGol'
Use Builtin(DECRYPT) With_Args(#ENCRYPTED_VALUE (#ENCRYPTED_VALUE.CurSize / 2) #ENCRYPTION_KEY YES) To_Get(#ORIGINAL_VALUE)
Endroutine
End_Com
The Web Page is just a little tester:
Code: Select all
Begin_Com Role(*EXTENDS #PRIM_WEB) Layoutmanager(#TableLayout1)
Define_Com Class(#PRIM_TBLO) Name(#TableLayout1)
Define_Com Class(#PRIM_TBLO.Column) Name(#Column1) Displayposition(1) Parent(#TableLayout1) Width(0.89)
Define_Com Class(#PRIM_TBLO.Column) Name(#Column2) Displayposition(2) Parent(#TableLayout1) Width(1.11)
Define_Com Class(#PRIM_TBLO.Column) Name(#Column3) Displayposition(3) Parent(#TableLayout1)
Define_Com Class(#PRIM_TBLO.Row) Name(#Row1) Displayposition(1) Parent(#TableLayout1)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem1) Alignment(TopCenter) Column(#Column1) Manage(#Label1) Parent(#TableLayout1) Row(#Row1) Flow(Down) Sizing(FitToWidth) Marginleft(10) Marginright(10) Margintop(10)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem2) Alignment(TopCenter) Column(#Column1) Manage(#OriginalValue) Parent(#TableLayout1) Row(#Row1) Sizing(FitToWidth) Flow(Down) Marginleft(10) Marginright(10) Margintop(10)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem3) Alignment(TopCenter) Column(#Column3) Manage(#Label2) Parent(#TableLayout1) Row(#Row1) Flow(Down) Sizing(FitToWidth) Marginleft(10) Marginright(10) Margintop(10)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem4) Alignment(TopCenter) Column(#Column3) Manage(#EncryptedValue) Parent(#TableLayout1) Row(#Row1) Sizing(FitToWidth) Flow(Down) Marginleft(10) Marginright(10) Margintop(10)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem5) Column(#Column2) Manage(#ButtonEncryptLocal) Parent(#TableLayout1) Row(#Row1) Sizing(FitToWidth) Alignment(TopCenter) Marginleft(10) Marginright(10) Margintop(10) Flow(Down)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem6) Column(#Column2) Manage(#ButtonDecryptLocal) Parent(#TableLayout1) Row(#Row1) Sizing(FitToWidth) Alignment(TopCenter) Marginleft(10) Marginright(10) Margintop(10) Flow(Down)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem7) Column(#Column2) Manage(#ButtonEncryptServer) Parent(#TableLayout1) Row(#Row1) Sizing(FitToWidth) Alignment(TopCenter) Marginleft(10) Marginright(10) Margintop(10) Flow(Down)
Define_Com Class(#PRIM_TBLO.Item) Name(#LayoutItem8) Column(#Column2) Manage(#ButtonDecryptServer) Parent(#TableLayout1) Row(#Row1) Sizing(FitToWidth) Alignment(TopCenter) Marginleft(10) Marginright(10) Margintop(10) Flow(Down)
Define_Com Class(#PRIM_PHBN) Name(#ButtonEncryptLocal) Caption('Encrypt Local') Displayposition(3) Parent(#COM_OWNER) Tabposition(4) Width(424) Height(30) Left(366)
Define_Com Class(#PRIM_EDIT) Name(#OriginalValue) Displayposition(2) Parent(#COM_OWNER) Showselection(False) Showselectionhilight(False) Tabposition(6) Top(61) Width(336)
Define_Com Class(#PRIM_LABL) Name(#Label1) Caption('Original Value') Displayposition(1) Ellipses(Word) Height(41) Parent(#COM_OWNER) Tabposition(8) Tabstop(False) Verticalalignment(Center) Width(336)
Define_Com Class(#PRIM_LABL) Name(#Label2) Caption('Encrypted Value') Displayposition(4) Ellipses(Word) Height(41) Left(810) Parent(#COM_OWNER) Tabposition(7) Tabstop(False) Verticalalignment(Center) Width(380)
Define_Com Class(#PRIM_EDIT) Name(#EncryptedValue) Displayposition(5) Left(810) Parent(#COM_OWNER) Showselection(False) Showselectionhilight(False) Tabposition(5) Top(61) Width(380)
Define_Com Class(#PRIM_PHBN) Name(#ButtonDecryptLocal) Caption('Decrypt Local') Displayposition(6) Parent(#COM_OWNER) Tabposition(2) Width(424) Height(30) Left(366) Top(50)
Define_Com Class(#PRIM_PHBN) Name(#ButtonEncryptServer) Caption('Encrypt Server') Displayposition(7) Parent(#COM_OWNER) Tabposition(3) Width(424) Height(30) Left(366) Top(90)
Define_Com Class(#PRIM_PHBN) Name(#ButtonDecryptServer) Caption('Decrypt Server') Displayposition(8) Parent(#COM_OWNER) Tabposition(1) Width(424) Height(30) Left(366) Top(130)
Evtroutine Handling(#ButtonEncryptLocal.Click)
#EncryptedValue := #OriginalValue.Value.Encrypt( '1jd7RME984jnBGol' )
#OriginalValue := #BLANKS
Endroutine
Evtroutine Handling(#ButtonDecryptLocal.Click)
#OriginalValue := #EncryptedValue.Value.Decrypt( '1jd7RME984jnBGol' )
#EncryptedValue := #BLANKS
Endroutine
Evtroutine Handling(#ButtonEncryptServer.Click)
Define_Com Class(#MYSRVM.ENCRYPT) Name(#Encrypt)
#Encrypt.ExecuteAsync Originalvalue(#OriginalValue) Encryptedvalue(#EncryptedValue)
#OriginalValue := #BLANKS
Endroutine
Evtroutine Handling(#ButtonDecryptServer.Click)
Define_Com Class(#MYSRVM.DECRYPT) Name(#Decrypt)
#Decrypt.ExecuteAsync Encryptedvalue(#EncryptedValue) Originalvalue(#OriginalValue)
#EncryptedValue := #BLANKS
Endroutine
End_Com
Cheers,
Danny
Re: Encryption Web
Posted: Thu Apr 28, 2016 6:28 pm
by avescovi
Hi Danny,
Thank you very much!
As you said, the problem was the unicode. It works as expected with NVARCHAR variables.
Have a nice day
Andrea