[CryptoAPI] Can’t decrypt encrypted value using Java 8

[CryptoAPI] Can’t decrypt encrypted value using Java 8

  
Forge Component
(13)
Published on 17 Oct (5 days ago) by Ricardo Silva
13 votes
Published on 17 Oct (5 days ago) by Ricardo Silva

I can’t seem to be able to decrypt the value I am passing from my OutSystems app to my external Java application.

This is what I am passing from OutSystems:

EncryptAES256(GetUserId() +"," + CurrDateTime(), "Bar12345Bar12345")


Could you provide a simple example of how I could successfully decrypt to get its original value using Java 8?

Thanks!

You should be able to create your own code to decrypt that using the description I made of the encryption schema I'm using in ardoCrypto, here.

However, and as you shouldn't really implement your own crypto, here's the class I use to implement ardoCrypto. You can use it as such:

import ardo.crypto;

CryptoBackend.decrypt(CryptoBackend.deriveKey("password"), "ciphertext")


There's a dependency to Bouncy Castle crypto library there.

I implemented the CryptoBackend class as is noted from previous reply. While I can successfully (encrypt/decrypt) within my Java app using this class I can not decrypt the token sent from my OutSystem app using the same password.

Here is my code and its output:

Java:

// encryptedToken = token from OutSystems using CryptoAPI function  EncryptAES256("ThreeBlindRabbits", "Bar12345Bar12345")

System.out.println("encryptedToken:" + encryptedToken);

String cryptoBackendTest = CryptoBackend.encrypt("Bar12345Bar12345".getBytes(), "ThreeBlindRabbits");

System.out.println("cryptoBackendTest encrypted:" + cryptoBackendTest);

System.out.println("cryptoBackendTest encrypted = encryptedToken:" + (cryptoBackendTest == encryptedToken);

System.out.println(

"cryptoBackendTest decrypted:"

+ CryptoBackend.decrypt("Bar12345Bar12345".getBytes(), cryptoBackendTest));


System.out.println(

"encryptedToken decrypted:"

+ CryptoBackend.decrypt(CryptoBackend.deriveKey("Bar12345Bar12345"), encryptedToken));


System.out.println(

                "encryptedToken decrypted:"

                    + CryptoBackend.decrypt("Bar12345Bar12345".getBytes(), encryptedToken));


OUTPUT: --------------------------------------------------------------------------------

encryptedToken:4r1JmuMvseGKQg8UH8BYtu41liSiYejFA7IdVHU+/caKVxgUv+AQyxOEC8+OSjbIMLQlGd3IXTsPdb6dgNv5jPdS9afpWrudhR8yyYrds6s=

cryptoBackendTest encrypted:DN+Sb00lXfGVq7/UjSWXSOhPtzEO6Dy68oOVHlQSibRCag/mhMftg+1bBr8g3P4Cq6bhx5Kpt+WZ1aaIE/3/iESdDtmYZhK8KeFV5E2tDhQ=

false

cryptoBackendTest decrypted:ThreeBlindRabbits


java.security.InvalidKeyException: Illegal key size...


java.lang.Exception: Decryption Failed

at com._____._____.web.mobile.inspection.CryptoBackend.decrypt(CryptoBackend.java:121)...


Any ideas what I may be doing wrong?

From the "Illegal Key Size" error that you're getting, what's happening is: US laws are shit and are hindering encryption all over the world.

Solution: fetch the unlimited strength java policy for Java 8, install it and you should be fine.



Long story: Java has been hindered for a long time because of some US cryptography strength export laws which make it that you can't use keys longer than 128 bit. In order to turn off this silly limitation you need to install those policy files and agree that you are not a terrorist trying to blow up America.