method to decrypt AES128 in RPGLE

2640 pts.
Tags:
AS400 RPGLE
Hi, How to decrypt AES128 in RPGLE
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 23  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • ToddN2000
    You need the encryption key before you do anything, then basically the code looks like this.
    varchar = decrypt(varchar text, varchar key [, int algorithm 
              [, varchar IV]]);
    nvarchar = decrypt(nvarchar text, nvarchar key [, int algorithm
              [, varchar IV]]);
    For more info check out the IBM link 
    https://www.ibm.com/support/knowledgecenter/en/SSULQD_7.1.0/com.ibm.nz.sqltk.doc/r_sqlext_encrypt_decrypt.html
    133,800 pointsBadges:
    report
  • 6r
    hi
    2,640 pointsBadges:
    report
  • 6r
    error:Msg id  Sv Number Seq     Message text                                        
    RNF7030 30      6 000600  The name or indicator ENCRYPT is not defined.       
    RNF7503 30      6 000600  Expression contains an operand that is not defined. 
    * * * * *   E N D   O F   A D D I T I O N A L   D I A G N O S T I C   M E S S 
    2,640 pointsBadges:
    report
  • 6r
    Line   <---------------------- Source Specifications ------------------------- 
    Number ....1....+....2....+....3....+....4....+....5....+....6....+....7....+. 
                              S o u r c e   L i s t i n g                          
         1                                                                         
         2 dt1               s             50    inz('abcde')                      
         3 dt2               s             50                                      
         4 dk                s             50    inz('16-9d15-ec98bcc81ec4275OIM1T 
         5 d                                     +I')                              
         6 C                   EVAL      T2= ENCRYPT(t1:k:1)                       
         7 C     T2            DSPLY                                               
         8 C                   EVAL      *INLR=*ON                                 
           * * * * *   E N D   O F   S O U R C E   * * * * *                       
    2,640 pointsBadges:
    report
  • 6r
    so above is the code and error for encryption.
    2,640 pointsBadges:
    report
  • 6r
    so could someone please advise how to rectify this error in above code?



    2,640 pointsBadges:
    report
  • 6r
    Experts could you please advised?? 


    2,640 pointsBadges:
    report
  • 6r
    Any updates please? 
    2,640 pointsBadges:
    report
  • 6r
    tried this link but unable to run java code from as400 could somebody please advise as soon as possible?

    https://www.includehelp.com/java-programs/encrypt-decrypt-string-using-aes-128-bits-encryption-algorithm.aspx
    2,640 pointsBadges:
    report
  • ToddN2000
    Your original question was how to decrypt,  Your error and code example are for encrypting. I don't see any cod on how you have T2 defined
    133,800 pointsBadges:
    report
  • 6r
    in t2 we are saving output. and it's defined in my code as a stand alone field with length 50.
    2,640 pointsBadges:
    report
  • TheRealRaven
    Since the error refers to "ENCRYPT", please show the definition of it in your program.

    If you want to 'decrypt', why is ENCRYPT involved?
    35,690 pointsBadges:
    report
  • 6r
    00 denc              s            256                                      
    00 dpsw              s             33    inz('6-9d15-ec98bcc81ec4275OIM1TS 
    00 d                                     -I')                              
    00 Dtext             s             13                                      
    00                                                                         
    00 c                   eval      text = 'whatever text'                    
    00  /free                                                                  
    00    exec SQL Set :enc = encrypt_AES(text,psw);                           
    00    eval *inlr=*on;                                                      
    2,640 pointsBadges:
    report
  • 6r
    trying to do both encyption and decryption but in debug value of enc is coming as blanks only for encryption here.
    2,640 pointsBadges:
    report
  • 6r
    also tried replacing encrypt by decrypt in both the cases debug value of enc is blank only.
    2,640 pointsBadges:
    report
  • 6r
    so it seems nether encryption nor decryption is working here.
    2,640 pointsBadges:
    report
  • 6r
    any updates by experts please?
    2,640 pointsBadges:
    report
  • Splat
    What, if anything, are you seeing in the job log?
    12,905 pointsBadges:
    report
  • 6r
    tried below program to decrypt Base64 encoded data 0001.00 HDFTACTGRP(*NO) BNDDIR('QC2LE') option(*srcstmt : *nodebugio)           
    0002.00 h actgrp(*new)                                                          
    0003.00 ddata             s             89a   inz('u3VtNgfyWU9faZc3Iaa8ZWbE5UZC 
    0004.00 d                                     -7yA4MyW0ghflt9dNQNDpCcgMZiG/kXPE 
    0005.00 d                                     -2CHL93B4iKiODHxxdVA==')          
    0006.00 dsecretkey        s             16a   varying inz('661e275OIM1ULYLJ')   
    0007.00 dencrypted        s             16a                                     
    0008.00 dascharacters     s             32a                                     
    0009.00 dAES_CONTROL      DS                  Qualified                         
    0010.00 dfunctionid                      2a                                     
    0011.00 ddatalen                         5u 0                                   
    0012.00 doperation                       1a                                     
    0013.00 dmode                            1a                                     
    0014.00 dblocklen                        1a                                     
    0015.00 dmaclen                          1a                                     
    0016.00 dinitVector                     32a                            
    0017.00 dreserved                        7a                                    
    0018.00 dkeyoption                       1a                                    
    0019.00 dkeyschedule                      *                                    
    0020.00 dkey                            32a                                    
    0021.00 dcipher           pr                  extproc('_CIPHER')               
    0022.00 dreceiver                         *                                    
    0023.00 dcontrol                        96a                                    
    0024.00 dsource                           *                                    
    0025.00 dcvthc            pr                  extproc('cvthc')                 
    0026.00 drcvhex                           *   VALUE                            
    0027.00 dsrcchr                           *   VALUE                            
    0028.00 drcvlen                         10i 0 VALUE                            
    0029.00 dhex              s              2a                                    
    0030.00 dp_recv           s               *                                    
    0031.00 dp_src            s               *                                    
    0032.00                                                                        
    0033.00  /FREE                                                                 
    0034.00      AES_Control = *ALLx'00';                                          
    0035.00           AES_Control.functionID = x'0015';                            
    0036.00           AES_Control.datalen  = %size(data);                          
    0037.00           AES_Control.operation = x'00';                               
    0038.00           AES_Control.mode = x'00';             // 0=ECB               
    0039.00                     AES_Control.blockLen = x'10';         // 16        
    0040.00                     AES_Control.MACLen   = x'00';         //  0        
    0041.00                     AES_Control.keyOption = x'10';                     
    0042.00                                                                        
    0043.00                     AES_Control.key = secretKey;                       
    0044.00      p_recv = %addr(encrypted);                                        
    0045.00          p_src  = %addr(data);                                         
    0046.00          cipher( p_recv : AES_Control : p_src);                        
    0047.00                                                                        
    0048.00                    p_recv = %addr(asCharacters);                       
    0049.00                    p_src  = %addr(encrypted);                          
    0050.00                    cvthc ( p_recv : p_src : %size(asCharacters));      
    0051.00                    dsply asCharacters;                             
    0052.00         data = *blanks;                                            
    0053.00                                                                    
    0054.00         AES_Control = *ALLx'00';                                   
    0055.00         AES_Control.functionID = x'0015';                          
    0056.00         AES_Control.datalen  = %size(data);                        
    0057.00         AES_Control.operation = x'01';        //                   
    0058.00         AES_Control.mode = x'00';             // 0=ECB             
    0059.00         AES_Control.blockLen = x'10';         // 16                
    0060.00                   AES_Control.MACLen   = x'00';         //  0      
    0061.00                   AES_Control.keyOption = x'10';         // use    
    0062.00                                                                    
    0063.00                   AES_Control.key = secretKey;                     
    0064.00        p_recv = %addr(data);                                       
    0065.00        p_src  = %addr(encrypted);                                  
    0066.00                                                                    
    0067.00        cipher( p_recv : AES_Control : p_src);                      
    0070.00        *inlr = *on;        
    0071.00    /end-free               
    
    **************
    but when comparing decrypted data from this website 
    https://www.devglan.com/online-tools/aes-encryption-decryption

    results can not be compared at all means whatever output of decrypted data from
    abve rpgle program is not equal to data of website*for decryption part we need to focus)
    2,640 pointsBadges:
    report
  • 6r
    The problem is that this code works for      H DFTACTGRP(*NO) BNDDIR('QC2LE') option(*SRCSTMT: *NODEBUGIO)
         H ACTGRP(*NEW)
    
         D data            s             16A   inz('My coded message')
         D secretKey       s             16A   varying inz('Secret Password')
         D encrypted       s             16A
         D asCharacters    s             32A
    
         D AES_Control     ds                  qualified
         D   functionID                   2A
         D   dataLen                      5U 0
         D   operation                    1A
          *    x'00' = Encrypt, x'01' = Decrypt
         D   mode                         1A
          *    x'00' = ECB, x'01' = CBC
         D   blockLen                     1A
         D   MACLen                       1A
         D   initVector                  32A
         D   reserved                     7A
         D   keyOption                    1A		
          *    x'00'=KeySched. x'10'=16-byte, x'18'=24-byte, x'20'=32-byte key
         D   keySchedule                   *
         D   key                         32A
    
         D cipher          PR                  extproc('_CIPHER')
         D  receiver                       *
         D  control                      96A
         D  source                         *
    
         D cvthc           Pr                  ExtProc( 'cvthc' )
         D  RcvHex                         *   Value
         D  SrcChr                         *   Value
         D  RcvLen                       10i 0 Value
    
         D Hex             s              2a
    
         D p_recv          s               *
         D p_src           s               *
    
          /free
    
              //  The following will encrypt "data" using the AES
              //  algorithm with the secret key "key", and place
              //  the result into "encrypted"
    
              AES_Control = *ALLx'00';
              AES_Control.functionID = x'0015';
              AES_Control.datalen  = %size(data);
              AES_Control.operation = x'00';        // 0=Encrypt,1=Decrypt
              AES_Control.mode = x'00';             // 0=ECB
              AES_Control.blockLen = x'10';         // 16
              AES_Control.MACLen   = x'00';         //  0
              AES_Control.keyOption = x'10';         // use 16-byte key
              AES_Control.key = secretKey;
    
              p_recv = %addr(encrypted);
              p_src  = %addr(data);
    
              cipher( p_recv : AES_Control : p_src);
    
              p_recv = %addr(asCharacters);
              p_src  = %addr(encrypted);
              cvthc ( p_recv : p_src : %size(asCharacters));
              dsply asCharacters;
    
              //  The following will decrypt "encrypted" using the AES
              //  algorithm with the secret key "key", and place the
              //  result in "data".  We blank out data ahead of time
              //  to ensure that it's contents aren't carried over from
              //  the code above.
    
              data = *blanks;
    
              AES_Control = *ALLx'00';
              AES_Control.functionID = x'0015';
              AES_Control.datalen  = %size(data);
              AES_Control.operation = x'01';        // 0=Encrypt,1=Decrypt
              AES_Control.mode = x'00';             // 0=ECB
              AES_Control.blockLen = x'10';         // 16
              AES_Control.MACLen   = x'00';         //  0
              AES_Control.keyOption = x'10';         // use 16-byte key
              AES_Control.key = secretKey;
    
              p_recv = %addr(data);
              p_src  = %addr(encrypted);
    
              cipher( p_recv : AES_Control : p_src);
    
              dsply data;
    
              *inlr = *on;
          /end-free
    
    **************
    but does not work for previous data as 'u3VtNgfyWU9faZcIaa8ZWbE5UZCf7yA4MyW0ghflt9dNQNDpCcgMZiG/kXPECHL93B4iKiODHxxdVA=='
    and for this complex key :-661e275OIM1ULYLJ

    Thanks
    2,640 pointsBadges:
    report
  • TheRealRaven
    @6r : Not sure why/how you'd compare anything against that web site. Much more info is needed about exactly what you did step by step. We can't verify anything without that.

    Running under IBM i, you'll very likely be using an EBCDIC character set. The web site is almost certainly using an ASCII-based character set with very different hew representations. You'll need to ensure that your input/output hex representations match appropriately for all relevant parameters.

    Since you probably can't control any encodings for the web site, you'll probably need to do matching character conversions on IBM i for all character data, both input and output. Comparisons will otherwise likely be meaningless.
    35,690 pointsBadges:
    report
  • 6r
    so how to do it in rpgle program my input encoded string is in base64 format and that after decrypting it in rpgle program it\s not matching with that website so how can i match them and verify whether whatever i have decrypted is correct only currently i have this website by which i can verify but it seems like this rpgle program is unable to decrypt the cipher input feed in same format like website is doing.

    how can i ensure that my input/output hex representations match appropriately for all relevant parameters. with respect to as400 program\s output and website input output?
    2,640 pointsBadges:
    report
  • ToddN2000
    @6r: When it comes to reviewing samples of code showing you  encrypting/decrypting, use the code you find as a guide only.  You might never be able to decrypt somebody else sample code. The reason is, its just an example of the logic. They may have changed the data used in the example. Try it with your own data and you own key. This way you know what is expected going in an out of your application. Most users when posting code examples will change things like IP's, Libraries, file names to protect their own systems from hackers.  If we used our real IP, file and library it makes it easier for a data breach. 
    133,800 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: