[CryptoAPI] EncryptAES256 OutSystem and Java Code outside

Forge Component
Published on 3 Mar (3 weeks ago) by Ricardo Silva
18 votes
Published on 3 Mar (3 weeks ago) by Ricardo Silva

i am trying encrypt the parameters in outsystems and receive it in Java via REST. java code of same REST implementation is not matching the key . below is my code

CryptoBackend crypto=new CryptoBackend();
    String encryptedMessage="cgQWOl90x+eZoP7L5KNH37Kgq6NMrSNWrtDw9XOZ8tjxliu7HIQHr34+q9Va+qk7AtyKYeZdcFxMtPXfWa4P/w==";
    System.out.println("Decrypted Message:" + crypto.decrypt("BlindDucksAround".getBytes(), encryptedMessage));

i use the same EncryptionKey "BlindDucksAround"

Stupid question: is the algorithm used the same?

Armando Gomes wrote:

Stupid question: is the algorithm used the same?

Actually, not so "Stupid". We are running a .NET implementation of OutSystems which is passing the encrypted token via CryptoAPI using the .NET extension to an external Java web application. The java implementation code doesn't decrypt the passed value as it should. I did run some tests using the Java implementation on that server and it does encrypt and decrypt correctly when running on the same Java server. So it does work. Just not when passed between the two implementations.


Another "stupid" question :) : When cyphering the same plain text with the same key on those two implementations, the cyphertext is the same?

It has been long since I've dealt closely with cyphering...

EDIT: How about the initialization vector? Maybe that's the issue.


Hello Meenakshi,

Here you can find another thread on exactly the same issue.

Basically what you need to do is not use the password directly as a key, but derive the appropriate key using the derivekey function.

import ardo.crypto;

CryptoBackend.decrypt(CryptoBackend.deriveKey("password"), "ciphertext")

I hope this helps.

Answers to most of the other questions here should be found on the Documentation thread where I explain how encryption is made.