dbarstis has asked for the wisdom of the Perl Monks concerning the following question:

A 3rd party vendor wants us to send HTML data that includes a generated token. I'm in way over my head here and am desperately in need of help since they want it now.

The token contains:
a. The encryption key version number. In case the key is changed later.
b. A random number
c. The time the token was generated (in seconds)
d. The identity of the user. This is the employee ID for that user (ie. 912345678).
e. A computed check byte that can be used to verify the token hasn’t been tampered with.

The generated token is encrypted with the shared encryption key. The key has already been generated and shared.

The token layout:

Byte     Description
index

0    Version number of the layout of this token. The version number inside of the token should match the plaintext version number in the HTML form

1..4 A random number.

5..8 The creation time of this token, which must be within a short window of time when the token is consumed. The timestamp is an unsigned 32-bit count of time since January 1, 1970 UTC (standard for time in the java api). The acceptable time window is 2 minutes by default, but may be adjusted by mutual agreement.

9..12    The identity of the user as a 32 bit unsigned number. (This can be the organizations employee id).

13 A check byte computed from the exclusive-or (“xor”) of all the previous bytes of the token. The service provider must verify that this field matches the value computed by the service provider against all the previous bytes in this token

Encryption details

Encryption is performed with the following parameters:
a. AES algorithm
b. ECB mode
c. PKCS#5 padding
d. 128-bit (16 byte) key

Encoding to hexadecimal characters is performed such that the byte at index 0 is encoded to the first character pair of the hex string, with successive bytes at higher indexes encoding into successive characters.

If anyone is up to the challenge, I would be forever grateful. Any and all help is appreciated.

Replies are listed 'Best First'.
Re: pack and AES help needed
by AnomalousMonk (Archbishop) on Sep 21, 2011 at 16:12 UTC
[reply]
Re: pack and AES help needed
by zentara (Cardinal) on Sep 21, 2011 at 16:23 UTC
[reply]
Re: pack and AES help needed
by onelesd (Pilgrim) on Sep 21, 2011 at 17:50 UTC
[reply]
Re: pack and AES help needed
by Anonymous Monk on Sep 21, 2011 at 21:11 UTC

    Other monks already gave advice for documents and CPAN modules. Enough to start coding and to present code samples just in case you get stuck.

    I would also try to get test cases and sample data from the 3rd party vendor. That helps you check if you're on track.

[reply]
Re: pack and AES help needed
by dbarstis (Novice) on Sep 22, 2011 at 13:24 UTC

    Am I even close here? The example I got from the vendor shows a value like:
    3e982f218e1872d269e53b980cc1a58d which is not what I'm getting. 

    #!/usr/bin/perl

use Crypt::ECB;

my $key = "1DC88FF231C6DB42A29F55EF1AB6D8DD";

$crypt = Crypt::ECB->new;
$crypt->padding(PADDING_AUTO);
$crypt->cipher('OpenSSL::AES') || die $crypt->errstring;
$crypt->key($key);

my $vers = 1;
my $rand = rand();
my $time = time;
my $empid = 912345678;

my $packed = pack( "CLLL", $vers, $rand, $time, $empid );
my $sum = substr $packed, 0, 1;
$sum ^= substr $packed, $_, 1 for 1 .. 7;

$packed .= $sum;

# encrypt the token
my $token = $crypt->encrypt($packed);
print "$token\n";

    [download]
[reply]
[d/l]
Re: pack and AES help needed
by dbarstis (Novice) on Sep 29, 2011 at 21:32 UTC
    Figured it out. See post called "AES/ECB/PKCS#5 encryption".
[reply]

Back to Seekers of Perl Wisdom