Decrypt AES with OpenSSL & Qt 5.5.1 Win32 VS2013

SGaist · 1 Apr 2016, 03:58

Your code doesn't match all the openssl line options. -a -A means that you must first decode your Base64 encoded string.

qDebug · 4 Jan 2016, 04:05

@SGaist Thanks! I don't know why but i did forget about the base64 decode. After changing from toLatin1 to toUtf8 and decode the base64 string i don't get the final error anymore. But i won't get the expected plain text only

o????:??????a?s?]??Iy?[W6???l??(f?$?I{??^ ????Cï5?

same result if i use

qDebug() << "process: " << QCA::SecureArray(cipher.process(decodedBase64.toUtf8())).data();

Maybe the utf8 conversion is the problem but it won't take a QString. I get the same result if i append the string to a QByteArray. Btw. noting changes if i use QByteArray to decode base64 or QCA::Base64 decoder(QCA::Decode);

At least the final error is gone, that's some progress! ;)

Edit: And i added "md5" as crypto service provider because it was encoded this way. md5 is in the list of providers, so i hope i implemented this correctly.

QCA::Cipher cipher(QString("aes128"), QCA::Cipher::CBC, QCA::Cipher::NoPadding, QCA::Decode, key, iv, "md5");

But cipher.provider()->name(); returns "qca-ossl".

SGaist · wrote on 1 Apr 2016, 20:41

Do you mean that you passed your original string through md5 before encrypting it ?

qDebug · 4 Feb 2016, 14:43

The password / key was md5 hashed.

key = md5(utf8(password));

and the iv are the first 16 bytes from the base64 string.

Edit: Not the key of course, the iv are the first 16 bytes from the base64 string.

SGaist · wrote on 2 Apr 2016, 20:59

Can you show the complete procedure ?

qDebug · wrote on 3 Apr 2016, 19:14

Thanks for asking. This is the VB code to encrypt the string:

Dim AES As New RijndaelManaged

Dim md5 As New MD5CryptoServiceProvider
Dim key() As Byte = md5.ComputeHash(Encoding.UTF8.GetBytes(password))

md5.Clear()
AES.Key = key
AES.GenerateIV()
Dim iv() As Byte = AES.IV
Dim ms As New MemoryStream

ms.Write(iv, 0, iv.Length)

Dim cs As New CryptoStream(ms, AES.CreateEncryptor, CryptoStreamMode.Write)
Dim data() As Byte = System.Text.Encoding.UTF8.GetBytes(string)

cs.Write(data, 0, data.Length)
cs.FlushFinalBlock()

Dim encoded() As Byte = ms.ToArray()
Return (Convert.ToBase64String(encoded))
cs.Close()
AES.Clear()

As far as i can tell is the password and the string are utf8 bytes and the password is the md5 hash of it. I did try to pass it through

QCA::SecureArray key = QCA::SecureArray::SecureArray(password);

before and after utf8 and md5. So far no luck.

Thank you!

qDebug · wrote on 5 Apr 2016, 20:08

And this is my attempt:

QString MainWindow::decryptString(QString password, QString encodedString)
{
    // final decodec string
    QString decodedString;

    // get the iv
    QByteArray array(encodedString.left(16).toStdString().c_str(), encodedString.left(16).size());
    QCA::SecureArray iv = array.toHex();

    // decode base64
    QCA::Base64 decoder(QCA::Decode);
    const char* decoded = decoder.decodeString(encodedString).toStdString().c_str();

    QCA::SecureArray key = QByteArray(QCryptographicHash::hash(password.toUtf8(), QCryptographicHash::Md5).toHex());
    QCA::SecureArray arg = decoded;

    QCA::Cipher cipher(QString("aes128"), QCA::Cipher::CBC, QCA::Cipher::NoPadding, QCA::Decode, key, iv);
    QCA::SecureArray plainText = cipher.update(arg);

    if(!cipher.ok())
    {
        qDebug() << "update Fail";
    }

    cipher.final();
    if(!cipher.ok())
    {
        qDebug() << "final fail";
    }

    qDebug() << "process: " << QCA::SecureArray(cipher.process(decoded)).data();

    decodedString = plainText.data();
    qDebug() << "Decoded: " << decodedString;

    return decodedString;
}

I call it like:

qDebug() << "decoded: " << decryptString("test", "PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=");

The only step i masted was getting rid of the final fail, but i don't know if that was really the case. Not sure how, i changed this so often, i don't even know how much time i spend on this. I didn't think it can be that difficult to use it.

So far i still did not fine one single example code using qca with aes128cbc and custom iv and key. Very, very strange.

Any ideas?

Thanks!

SGaist · wrote on 5 Apr 2016, 20:27

Do you mean this example ?

qDebug · wrote on 5 Apr 2016, 20:32

Yes. It is the only one i found so far. But the iv and key are random generated, it does not show how to use an already existing key and iv correctly. I really don't know what i am missing here.

SGaist · wrote on 5 Apr 2016, 20:34

Just replace the random key and iv by yours.

qDebug · wrote on 5 Apr 2016, 20:51

I did. That was my first idea, did not work. Id did check the key and iv output, same as i use with openssl, does work in openssl, does not work in Qt / QCA - at least not the way i do it. I don't know, maybe i miss something in general or just just a tiny mistake, but after days and hours, i can confirm, it won't work for me.

SGaist · wrote on 5 Apr 2016, 21:22

I took the example as is, replaced key and iv by

QByteArray key("098f6bcd4621d373cade4e832627b4f6");
QByteArray iv("d8e8fca2dc0f896fd7cb4cb0031ba249");

and it's working fine.

qDebug · 4 Jun 2016, 10:46

If you can tell me why this code

QString decodedString;
QCA::Initializer init;
QByteArray array(encodedString.left(16).toStdString().c_str(), encodedString.left(16).size());
QCA::SecureArray iv = array.toHex();
QCA::Base64 decoder(QCA::Decode);
QCA::SecureArray decoded = decoder.decodeString(encodedString).toStdString().c_str();
QCA::SecureArray key = QByteArray(QCryptographicHash::hash(password.toUtf8(), QCryptographicHash::Md5).toHex());
QCA::Cipher cipher(QString("aes128"), QCA::Cipher::CBC, QCA::Cipher::NoPadding, QCA::Decode, key, iv);
QCA::SecureArray plainText = cipher.update(decoded);
if(!cipher.ok())
{
	qDebug() << "update Fail";
}
plainText  = cipher.final();
if(!cipher.ok())
{
	qDebug() << "final fail";
}
qDebug() << "process: " << QCA::SecureArray(cipher.process(decoded)).data();
QString decodedString = plainText.data();
qDebug() << "Decoded: " << decodedString;

is not working, it may help me. If you tell me some code is working for you, it does not. This is btw. taken from the example, i did not change anything beside adding key and iv.

SGaist · wrote on 6 Apr 2016, 20:49

The first thing that looks strange is your iv creation. You take 16 bytes of your encoded string and turn it to hexadecimal. Why ?

Also, why all the conversions ? Just use QByteArray.

qDebug · wrote on 6 Apr 2016, 21:22

098f6bcd4621d373cade4e832627b4f6 is "test" in md5. all the strings i have to decode are encoded with a different iv, the iv is always the first 16 bytes in hex from the encoded string, d8e8fca2dc0f896fd7cb4cb0031ba249 in this case.

So i have to hash the key "test" and get the iv from the encoded string.

And of course, i did test the key and iv just as QByteArray, before and after you posted the example, but the decoding so far did always fail.

SGaist · wrote on 6 Apr 2016, 21:47

That's something that is really not clear. You are telling me that you are using as iv for the decoding a part of the alrey encoded string ? So what did you use as iv for the encoding part ?

qDebug · 4 Jun 2016, 22:07

The iv is taken from the still encrypted and base64 encoded string, first 16 bytes hex. iv 507055722b4c4d4876614b6d66307136 is QByteArray array(encodedString.left(16).toStdString().c_str(), encodedString.left(16).size()); qDebug() << "iv: " << array.toHex();

Proof:

echo PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM= | openssl enc -d -a -A -aes-128-cbc -iv 507055722b4c4d4876614b6d66307136 -K 098f6bcd4621d373cade4e832627b4f6
8°&¦=YaÌ?{Äa+Dr. Test

SGaist · wrote on 6 Apr 2016, 22:21

And what iv did you use to encrypt the string ?

qDebug · wrote on 6 Apr 2016, 22:34

If you scroll up a few posts, there is the source code.

SGaist · wrote on 7 Apr 2016, 19:56

Do you mean the VB code ? Then you generate an IV in there, and use a different one when decrypting your string or am I missing something there ?