AES/ECB/PKCS#5 encryption

dbarstis has asked for the wisdom of the Perl Monks concerning the following question:

I need to send an encrypted code to a web server where it will be decrypted with a java script. I have a script that creates the token and another that can decrypt it. The problem is when I send it to the java script, it throws an exception because of the padding. PKCS#5 pads with the number of bytes that should be truncated. So, if blocksize is 8, then "0A0B0C" will be padded with "05", resulting in "0A0B0C0505050505". If the final block is a full block of 8 bytes, then a whole block of "0808080808080808" is appended. In my script I can pad with nulls but how would I do PKCS#5? If someone could rewrite this (even using Crypt::CBC) and get the 32 character token with the correct padding, I would be forever grateful

In my haste to post the code, I didn't complete the scrubbing. I've made the corrections.

#!/usr/bin/perl

use Crypt::Rijndael;

my $key = "1A2B3C4D5E6FA1B2C3D4E5F61A2B3C4D";
$key = pack("H*",$key);

$crypt = Crypt::Rijndael->new( $key, Crypt::Rijndael::MODE_ECB() );

my $vers = 1;
my $rand = 1002247;
my $time = 1317072992;
my $empid = 123;
my $sum = 103;

$packed = pack( "CLLLC", $vers, $rand, $time, $empid, $sum );

my $token = $crypt->encrypt($packed^("\0"x16));
$token = unpack("H*",$token);

print "---------+---------+---------+--\n";
print $token,"\n";

exit;
[download]

Comment on AES/ECB/PKCS#5 encryption Download Code

Replies are listed 'Best First'.
Re: AES/ECB/PKCS#5 encryption by zentara (Cardinal) on Sep 29, 2011 at 08:16 UTC
Here is a running version of your code, with a legitimate key. It takes your values, makes a token, then decrypts the token. Can you describe in more detail what you need with the padding? Here is a commonly used sub for padding. Substitute your padding for the null bytes "\0", with a similar length($data) method. `sub get16 { my $data = shift; # return "\0" x ( 16 - length($data) % 16 ) . $data; return $data . "\0" x ( 16 - length($data) % 16 ); }` [download] Here is your code, working with a legitimate key with debugging steps along the way. #!/usr/bin/perl use warnings; use strict; use Crypt::Rijndael; my $key = "1A2B3C4D5E6Fabcd"; #$key = pack("H",$key); print "$key\n"; my $crypt = Crypt::Rijndael->new( $key, Crypt::Rijndael::MODE_ECB() ); my $vers = 1; my $rand = 1002247; my $time = 1317072992; my $empid = 123; my $sum = 103; my $ndid = 42; my $packed = pack( "CLLLC", $vers, $rand, $time, $ndid, $sum ); print "$packed\n"; my @unpacked = unpack("CLLLC",$packed) ; print "@unpacked\n"; my $token = $crypt->encrypt($packed^("\0"x16)); print "\n$token\n"; $token = unpack("H",$token); print "---------+---------+---------+--\n"; print $token,"\n"; # do decryption my $z = pack("H*", $token); print "$z\n"; my $cbc1 = new Crypt::Rijndael $key, Crypt::Rijndael::MODE_CBC; my $decrypted = $cbc1->decrypt($z); print "decrypted->$decrypted\n"; my @values = unpack("CLLLC",$decrypted) ; print "@values\n"; exit; [download] I'm not really a human, but I play one on earth. Old Perl Programmer Haiku ................... flash japh	[reply] [d/l] [select]
Re: AES/ECB/PKCS#5 encryption by zentara (Cardinal) on Sep 29, 2011 at 07:49 UTC
First your $key is invalid for Crypt::Rijndael wrong key length: key must be 128, 192 or 256 bits long at ./928418.pl line 8 `# keys must be 128, 192 or 256 "bits" long, # 8 bits in a letter, so 8 x 16 = 128 #my $key = 'abcdefgghjkloiuy'; #128 bits or 8 x 16 my $key = 'abcdefgghjkloiuyabcdefgghjkloiuy'; #256 bits or 8 x 32 print "key->$key\n";` [download] Second, you didn't use warnings; and use strict; so $ndid is undefined What do you want us to do with broken and incomplete code? I'm not really a human, but I play one on earth. Old Perl Programmer Haiku ................... flash japh	[reply] [d/l]
Re: AES/ECB/PKCS#5 encryption by dbarstis (Novice) on Sep 29, 2011 at 14:05 UTC
Figured it out. Calculated by using the following: my $pad = 16 - length($packed) % 16; my $padded = $packed . pack("C*",($pad)x$pad); my $token = $crypt->encrypt($padded);	[reply]
Re: AES/ECB/PKCS#5 encryption by dbarstis (Novice) on Sep 29, 2011 at 12:29 UTC
I indicated the padding needed in the original post. Null and Space padding isn't a problem. I can code and decode the token no problem. The java script requires the padding above only I don't know how to generate it.	[reply]