Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. Decrypt AES with OpenSSL & Qt 5.5.1 Win32 VS2013
Forum Updated to NodeBB v4.3 + New Features

Decrypt AES with OpenSSL & Qt 5.5.1 Win32 VS2013

Scheduled Pinned Locked Moved Solved General and Desktop
opensslqt 5.5.1windowsvs 2013decrypt
42 Posts 3 Posters 23.1k Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • SGaistS Offline
    SGaistS Offline
    SGaist
    Lifetime Qt Champion
    wrote on last edited by
    #31

    And what iv did you use to encrypt the string ?

    Interested in AI ? www.idiap.ch
    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

    1 Reply Last reply
    0
    • Q Offline
      Q Offline
      qDebug
      wrote on last edited by
      #32

      If you scroll up a few posts, there is the source code.

      1 Reply Last reply
      0
      • SGaistS Offline
        SGaistS Offline
        SGaist
        Lifetime Qt Champion
        wrote on last edited by
        #33

        Do you mean the VB code ? Then you generate an IV in there, and use a different one when decrypting your string or am I missing something there ?

        Interested in AI ? www.idiap.ch
        Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

        1 Reply Last reply
        0
        • Q Offline
          Q Offline
          qDebug
          wrote on last edited by
          #34

          It is the same iv. There is no problem with the iv i believe, it does work to decrypt in openssl and VB. It is a common way to use the first 16 bytes of a string for iv. Like salting passwords, kind of, not really but i'm no expert and can't explain it better. Defending on the software and api you may have to remove the iv from the string before decrypting but i don't thing it is the case in qca - but i did try it anyways - no luck.

          Maybe i don't use the API correctly. The example code:

          cipher.setup( QCA::Decode, key, iv );
          
          QCA::SecureArray cipherText = u.append(f);
          QCA::SecureArray plainText = cipher.update(cipherText);
          if (!cipher.ok()) {
          	printf("Update failed\n");
          }
          
          printf("Decryption using AES128 of [0x%s] is %s\n",
          	   qPrintable(QCA::arrayToHex(cipherText.toByteArray())), plainText.data());
          
          plainText = cipher.final();
          if (!cipher.ok()) {
          	printf("Final failed\n");
          }
          
          printf("Final decryption block using AES128 is %s\n", plainText.data());
          printf("One step decryption using AES128: %s\n",
          	   QCA::SecureArray(cipher.process(cipherText)).data() );
          

          So cipherText here is u.append(f); the update and the final results together.

          Or maybe i found a bug. Who knows? But chances are i'm doing it wrong, somehow.

          1 Reply Last reply
          0
          • SGaistS Offline
            SGaistS Offline
            SGaist
            Lifetime Qt Champion
            wrote on last edited by
            #35

            That's what I'm trying to clear up with you.

            What you wrote is that you were using a part of your already encoded string as IV when setting up decoding and that's that part that is puzzling me. AFAIK, you should use the same IV that you generated, whatever the means, when you encoded that string. So basically (pseudo code):

            Get secret key as sk
            Get password
            Generate IV as iv: 16 first chars of md5 of password
            Encode "Dr. Test" with sk + iv as encoded_str
            

            and later:

            Get secret key as sk
            Get password
            Generate IV as iv: 16 first char of md5 of password
            Decode encoded_str with sk + iv
            Get Dr. Test
            

            What I understand of what you wrote for the decoding part is:

            Get secret key as sk
            Get password
            Generate IV as iv: 16 first char of encoded_str
            Decode encoded_str with sk + iv
            Get garbage + Dr. Test
            

            Interested in AI ? www.idiap.ch
            Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

            1 Reply Last reply
            0
            • Q Offline
              Q Offline
              qDebug
              wrote on last edited by
              #36

              I did not wrote the VB code nor the encoder or decoder for this part. I just try to decrypt strings in XML files encoded using this VB code. For now i use a bash script on Linux but i fail to implement it in my Qt app so far.

              Bash:

              passmd5="$(echo -n "$1" | md5sum | cut -d '-' -f1 | tr -d '[[:space:]]')"
              theiv="$(echo $2 | xxd -l 16 -ps)"
              echo $2 | openssl enc -d -a -A -aes-128-cbc -iv $theiv -K $passmd5 | tail -c +17
              

              Works perfectly. No luck in Qt.

              1 Reply Last reply
              0
              • SGaistS Offline
                SGaistS Offline
                SGaist
                Lifetime Qt Champion
                wrote on last edited by
                #37

                Can you give a sample of input you pass to that script and what you should have as output ?

                Interested in AI ? www.idiap.ch
                Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                1 Reply Last reply
                0
                • Q Offline
                  Q Offline
                  qDebug
                  wrote on last edited by
                  #38

                  Of course:

                  #!/bin/bash
                  password="test" # the password
                  cstring="PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=" # the aes-128-cbc and base64 encoded string
                  passmd5="$(echo -n "$password" | md5sum | cut -d '-' -f1 | tr -d '[[:space:]]')" # md5 hash the password
                  theiv="$(echo $cstring | xxd -l 16 -ps)" # get the iv
                  decoded="$(echo $cstring | openssl enc -d -a -A -aes-128-cbc -iv $theiv -K $passmd5 | tail -c +17)" # decode in openssl
                  
                  # expected: Dr. Test
                  echo decoded: $decoded
                  
                  1 Reply Last reply
                  0
                  • SGaistS Offline
                    SGaistS Offline
                    SGaist
                    Lifetime Qt Champion
                    wrote on last edited by
                    #39

                    Based on your script

                    QByteArray data = "PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=";
                    QByteArray iv = data.left(16).toHex();
                    QCA::Hash hash( "md5" );
                    hash.update("test");
                    QCA::SecureArray key = hash.final();
                    QCA::Cipher cipher(QString("aes128"),QCA::Cipher::CBC,
                                                     // use Default padding, which is equivalent to PKCS7 for CBC
                                                    QCA::Cipher::DefaultPadding,
                                                    // this object will encrypt
                                                    QCA::Decode,
                                                    key, iv);
                    
                            QCA::SecureArray decryptedData = cipher.process(QByteArray::fromBase64(data));
                            if (!cipher.ok()) {
                                qDebug() << "Decryption failed !  ";
                            }
                            qDebug() << decryptedData.toByteArray().mid(16);
                    

                    Note however that using tail like that looks suspicious. I'm still not convinced of your initial vector handling. It should be the same used when encoding the string. Here it clearly is not.

                    Interested in AI ? www.idiap.ch
                    Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                    Q 1 Reply Last reply
                    2
                    • SGaistS SGaist

                      Based on your script

                      QByteArray data = "PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=";
                      QByteArray iv = data.left(16).toHex();
                      QCA::Hash hash( "md5" );
                      hash.update("test");
                      QCA::SecureArray key = hash.final();
                      QCA::Cipher cipher(QString("aes128"),QCA::Cipher::CBC,
                                                       // use Default padding, which is equivalent to PKCS7 for CBC
                                                      QCA::Cipher::DefaultPadding,
                                                      // this object will encrypt
                                                      QCA::Decode,
                                                      key, iv);
                      
                              QCA::SecureArray decryptedData = cipher.process(QByteArray::fromBase64(data));
                              if (!cipher.ok()) {
                                  qDebug() << "Decryption failed !  ";
                              }
                              qDebug() << decryptedData.toByteArray().mid(16);
                      

                      Note however that using tail like that looks suspicious. I'm still not convinced of your initial vector handling. It should be the same used when encoding the string. Here it clearly is not.

                      Q Offline
                      Q Offline
                      qDebug
                      wrote on last edited by
                      #40

                      @SGaist Perfekt, thank you!

                      I was total stuck. Password hash, update and final before. Thanks again!

                      1 Reply Last reply
                      0
                      • SGaistS Offline
                        SGaistS Offline
                        SGaist
                        Lifetime Qt Champion
                        wrote on last edited by
                        #41

                        But again and I insist the IV handling is wrong. You should use the same IV for both encoding and decoding and following your code it's clearly not the case.

                        The IV should change each time you encode your data though to avoid repeat attack.

                        Interested in AI ? www.idiap.ch
                        Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                        1 Reply Last reply
                        1
                        • Q Offline
                          Q Offline
                          qDebug
                          wrote on last edited by
                          #42

                          I am not involved in the encoding part. I did not write one single code for encoding. I get 3rd party XML files and i just want to decode them. To be very clear on this: I can't change the encoding, it is not my software, i do not develop it and i never had. I just got the source code for the de and encrypt part, so i may be able to import the XML files. I never wrote a single line VB code in my life. To be honest, i don't believe security is the issue, the developer just don't want anyone to be able to open it. That may not be an excuse for bad code but so far, i can't change it, i'm just happy now to be able to decode.

                          1 Reply Last reply
                          0

                          • Login

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • Users
                          • Groups
                          • Search
                          • Get Qt Extensions
                          • Unsolved