Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AES encrypt and decrypt #9

Open
gogolxdong opened this issue Aug 29, 2018 · 11 comments
Open

AES encrypt and decrypt #9

gogolxdong opened this issue Aug 29, 2018 · 11 comments

Comments

@gogolxdong
Copy link

gogolxdong commented Aug 29, 2018

decrypt from encrypted message doesn't restore.

import nimcrypto/rijndael
import nimcrypto/bcmode
import base64, strutils
var cbc : CBC[aes128]
var key:string = "1234123412ABCDEF"
var iv: string = "ABCDEF1234123412"
var message: cstring="hello"
var decrypted:cstring = cast[cstring](alloc0(100))
var encrypted:cstring = cast[cstring](alloc0(100))
cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))

cbc.encrypt(cast[ptr byte]( message), cast[ptr byte]( encrypted), 100)
echo encrypted
echo cbc.decrypt(cast[ptr byte](encrypted), cast[ptr byte]( decrypted), 100)
echo decrypted
dealloc decrypted
dealloc encrypted
@cheatfate
Copy link
Owner

cheatfate commented Aug 29, 2018

@gogolxdong you can't reuse one CBC[aes128] context for encryption and decryption at the same time, because this context is changing all the time you call encrypt and decrypt. So for decryption you need to initialize context one more time.

import nimcrypto/rijndael
import nimcrypto/bcmode
import base64, strutils
var cbc : CBC[aes128]
var key:string = "1234123412ABCDEF"
var iv: string = "ABCDEF1234123412"
var message: cstring="hello"
var decrypted:cstring = cast[cstring](alloc0(100))
var encrypted:cstring = cast[cstring](alloc0(100))
cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))
cbc.encrypt(cast[ptr byte]( message), cast[ptr byte]( encrypted), 100)
echo encrypted
## Initialization of context one more time
cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))
echo cbc.decrypt(cast[ptr byte](encrypted), cast[ptr byte]( decrypted), 100)
echo decrypted
dealloc decrypted
dealloc encrypted
## Do not forget to clear `CBC[aes128]` context
cbc.clear()

@gogolxdong
Copy link
Author

gogolxdong commented Aug 29, 2018

import nimcrypto/rijndael
import nimcrypto/bcmode
import base64, strutils
var cbc : CBC[aes128]
var key:string = "1234123412ABCDEF"
var iv: string = "ABCDEF1234123412"
var message: cstring="106593A41D2C0E8453AC2043D3E1860FA30984A594063B002349FBF72B602727"
var decrypted:cstring = cast[cstring](alloc0(100))

cbc.init(key.toOpenArrayByte(0, key.len-1), iv.toOpenArrayByte(0, iv.len-1))
echo cbc.decrypt(cast[ptr byte](message), cast[ptr byte]( decrypted), 100)
echo decrypted
dealloc decrypted
cbc.clear()

cannot restore the encrypted message from js , using CBC and PkcsPadding7

@cheatfate
Copy link
Owner

@gogolxdong could you please show original message you are trying to decrypt in hexadecimal format.
Because here i can only see that you are trying to decrypt/encrypt strings not actual binary data. Also you need to implement PKCS#7 padding by yourself.

@gogolxdong
Copy link
Author

message is 1022218369@qq.com. Isn't the message in hexadecimal format? I though it was.
But I am not familiar with cryptography , does this mean it cannot be decrypted if using PKCS#7?

@cheatfate
Copy link
Owner

@gogolxdong your key and iv must be at least 16 bytes (octets) long.
Your message length must be aligned to 16 bytes too.

@gogolxdong
Copy link
Author

what does message aligned to 16 bytes mean? Will you show me?

@cheatfate
Copy link
Owner

AES encoding processing data via blocks of 128 bits (16 bytes). So you can't actually encode/decode safely 1 byte sequence or 15 bytes sequence, you need to have at least 16 bytes sequence. Its why PKCS#7 padding is used to pad data to 16 bytes. So len(message) mod 16 must be 0.

@gogolxdong
Copy link
Author

what's the padding mode nimcrypto using?

@cheatfate
Copy link
Owner

@gogolxdong there no padding schemes in nimcrypto yet, currently its just a library of primitives and operations. So you need to pad it by yourself.

@gogolxdong
Copy link
Author

gogolxdong commented Aug 30, 2018

Got it , but I'm afraid I'm not competent enough to write such a padding implementation. You should make some notes or write example codes to remind user these gotchas.

@vieruuuu
Copy link

@gogolxdong any luck with those padding examples ?

cheatfate added a commit that referenced this issue Sep 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants