Calling all Cryptography knowledgeable people...
Calling all Cryptography knowledgeable people...
I am try to decrypt what MySQL does with AES_ENCRYPT, (https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_aes-encrypt) but on the client side (yes, I know there is AES_DECRYPT but that means passing the key across the wire, something which would be prefer not to happen).
It seems that MySQL uses AES-128, ECB, and that Java's Cipher.GetInstance("AES/ECB/PKCS5Padding") can decrypt it... but I want a Delphi version.
I did find this answer of StackOverflow (http://stackoverflow.com/a/9298728), which I changed CRYPT_MODE_CBC to CRYPT_MODE_ECB = 2; but that fails also (with "System Error. Code: -2146893819. Bad Data" )
I have tried LockBox 3 (https://github.com/TurboPack/LockBox3, with some (incorrect?) corrections for XE), with the following code (which seems to return empty string every time):
// http://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_aes-encrypt (but we are using 5.6 version of the function)
LCodec := TCodec.Create(nil);
try
LCryptographicLibrary := TCryptographicLibrary.Create(nil);
try
LCodec.CryptoLibrary := LCryptographicLibrary;
//LCodec.Encoding := TEncoding.ASCII;
LCodec.StreamCipherId := uTPLb_Constants.BlockCipher_ProgId;
// MySQL source code: mysql_config_editor.cc : AES-128 ECB
LCodec.BlockCipherId := 'native.AES-128';
LCodec.ChainModeId := uTPLb_Constants.ECB_ProgId;
LCodec.Password := "MyKey";
LValue := dsPerson.FieldByName('data_to_decrypt').AsString;
// LValue is a HEX string that needs reversed
SetLength(LBinBytes (TBytes), Length(LValue) shr 1);
HexToBin(PWideChar(LValue), @LBinBytes[0], Length(LValue) shr 1);
LCipherTextStream := TBytesStream.Create(LBinBytes);
try
LPlainTextStream := TStringStream.Create();
try
LCipherTextStream.Position := 0;
LCodec.DecryptStream(LPlainTextStream, LCipherTextStream);
LPlainTextStream.Position := 0;
LValue := LPlainTextStream.DataString;
finally
LPlainTextStream.Free;
end;
finally
LCipherTextStream.Free;
end;
finally
LCryptographicLibrary.Free;
end;
finally
LCodec.Free;
end;
MySQL equilvant is: AES_DECRYPT(UNHEX(data_to_decrypt), "MyKey")
I am try to decrypt what MySQL does with AES_ENCRYPT, (https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_aes-encrypt) but on the client side (yes, I know there is AES_DECRYPT but that means passing the key across the wire, something which would be prefer not to happen).
It seems that MySQL uses AES-128, ECB, and that Java's Cipher.GetInstance("AES/ECB/PKCS5Padding") can decrypt it... but I want a Delphi version.
I did find this answer of StackOverflow (http://stackoverflow.com/a/9298728), which I changed CRYPT_MODE_CBC to CRYPT_MODE_ECB = 2; but that fails also (with "System Error. Code: -2146893819. Bad Data" )
I have tried LockBox 3 (https://github.com/TurboPack/LockBox3, with some (incorrect?) corrections for XE), with the following code (which seems to return empty string every time):
// http://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_aes-encrypt (but we are using 5.6 version of the function)
LCodec := TCodec.Create(nil);
try
LCryptographicLibrary := TCryptographicLibrary.Create(nil);
try
LCodec.CryptoLibrary := LCryptographicLibrary;
//LCodec.Encoding := TEncoding.ASCII;
LCodec.StreamCipherId := uTPLb_Constants.BlockCipher_ProgId;
// MySQL source code: mysql_config_editor.cc : AES-128 ECB
LCodec.BlockCipherId := 'native.AES-128';
LCodec.ChainModeId := uTPLb_Constants.ECB_ProgId;
LCodec.Password := "MyKey";
LValue := dsPerson.FieldByName('data_to_decrypt').AsString;
// LValue is a HEX string that needs reversed
SetLength(LBinBytes (TBytes), Length(LValue) shr 1);
HexToBin(PWideChar(LValue), @LBinBytes[0], Length(LValue) shr 1);
LCipherTextStream := TBytesStream.Create(LBinBytes);
try
LPlainTextStream := TStringStream.Create();
try
LCipherTextStream.Position := 0;
LCodec.DecryptStream(LPlainTextStream, LCipherTextStream);
LPlainTextStream.Position := 0;
LValue := LPlainTextStream.DataString;
finally
LPlainTextStream.Free;
end;
finally
LCipherTextStream.Free;
end;
finally
LCryptographicLibrary.Free;
end;
finally
LCodec.Free;
end;
MySQL equilvant is: AES_DECRYPT(UNHEX(data_to_decrypt), "MyKey")
Henrick Hellström I understand what you are saying but I have been directed to remove the reliance of the SQL AES_* functions. Anything else is above my pay grade.
ReplyDeleteSo can you help me?
You have the TMS Cryptography Pack, with AES ECB-128-PKCS7 mode tmssoftware.com - TMS Software
ReplyDeleteNicholas Ring Sorry for the delay. Yes, as Andrea Raimondi already noted, using StreamSec Tools for this would be pretty straight forward, and it should be possible for you to solve it perhaps with a little level 1 support. However, my general recommendation would be to take it up with a decision maker, but if the organization/company you work for doesn't operate that way, I can relate to why you want the kind of resolution you are asking for.
ReplyDelete