next »

[Mathew R.]

We're attempting to decrypt values (in Python) that were encrypted in Genero with logic along the lines of

Code

let key = xml.CryptoKey.create("http://www.w3.org/2001/04/xmlenc#aes128-cbc")
call ket.setKey(secretKeyValue)
let ciphertext = xml.Encryption.encryptString(key, plaintext)

The problem is that there is no way, that I've found, to set or view the IV used in the encryption process. This is preventing me from decrypting elsewhere, yet other Genero code has no problem decrypting my ciphertext.

How does Genero manage the IV and how can I decrypt Genero-encrypted values elsewhere?

[Mathew R.]

SOLVED

Setting the scene again: I have a BASE64 encoded string that came from a Genero AES128-CBC encryption and I'm attempting to decrypt in Python (though this will apply to other languages as well).

The first step is to BASE64 decode, as suggested by http://4js.com/online_documentation/fjs-fgl-manual-html/#fgl-topics/c_gws_XmlEncryption_EncryptString.html This I was already doing when I originally posted.

After some experimentation with random IVs, I discovered the first 16 bytes of the decrypted plaintext seemed irrelevant: you could use any IV and the data starting at byte 17 was the plaintext I was looking for (after removing some additional trailing padding bytes).

The trailing 16 bytes were random: I learned that these are the result of padding using the withdrawn ISO10126 method.

Therefore, after removing the first and last 16 bytes of the decrypted plaintext, I could use any IV to decrypt.

I experimented by removing the leading block before decryption. When using a random IV, the first 16 bytes of my decrypted value was incorrect, but the rest of the string was correct. This lines up with a comment I read that the IV only affects the first block of a value during encryption.

Finally, I read a StackOverflow comment that sometimes the IV is prepended to the encrypted value. When I removed the the first 16 bytes from the ciphertext, used those as the IV, and did the normal ISO10126 un-padding after decryption, I got _exactly_ my plaintext I was looking for.

Only after discovering this for myself did I notice and understand this line in the specs (https://www.w3.org/TR/xmlenc-core/#sec-Alg-Block)

The IV is encoded with and before the cipher text for the algorithms below for ease of availability to the decryption code and to emphasize its association with the cipher text.

SUGGESTION FOR DOCUMENTATION:
http://4js.com/online_documentation/fjs-fgl-manual-html/#fgl-topics/c_gws_XmlEncryption_EncryptString.html
- Add note that mentions the IV's existence in the encrypted string.
- Add note that value is ISO10126 padded



Formula for those looking to do what I'm doing:
1. BASE64-decode the ciphertext
2. Remove first block from decoded ciphertext - save this for your IV value
3. Create AES CBC cipher, using your secret key and the IV from the previous step
4. Use cipher to decrypt remaining ciphertext
5. Use ISO10126 to un-pad decrypted text

[Reuben B.]

Thanks for keeping us updated.  It is always good to have the Solution to the Issue in forum posts.

Just on the subject of Suggestions for Documentation, if you are using the online documentation or the documentation in Genero Studio you should see a Feedback Button through which you can give such suggestions.  This button includes the page link on what it sends through to Scott and his team.