I have the followind piece of code that encrypts and decrypts the message.
QString AesUtils::encrypt(QString message, QString aesKey)
{
string plain = message.toStdString();
qDebug() << "Encrypt" << plain.data() << " " << plain.size();
string ciphertext;
// Hex decode symmetric key:
HexDecoder decoder;
string stdAesKey = aesKey.toStdString();
decoder.Put((byte*)stdAesKey.data(), aesKey.size());
decoder.MessageEnd();
word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
// Generate Cipher, Key, and CBC
byte key[ AES::MAX_KEYLENGTH ], iv[ AES::BLOCKSIZE ];
StringSource( reinterpret_cast<const char *>(decodedKey), true,
new HashFilter(*(new SHA256), new ArraySink(key, AES::MAX_KEYLENGTH)) );
memset( iv, 0x00, AES::BLOCKSIZE );
CBC_Mode<AES>::Encryption Encryptor( key, sizeof(key), iv );
StringSource( plain, true, new StreamTransformationFilter( Encryptor,
new HexEncoder(new StringSink( ciphertext )) ) );
return QString::fromStdString(ciphertext);
}
QString AesUtils::decrypt(QString message, QString aesKey)
{
string plain;
string encrypted = message.toStdString();
// Hex decode symmetric key:
HexDecoder decoder;
string stdAesKey = aesKey.toStdString();
decoder.Put( (byte *)stdAesKey.data(), aesKey.size() );
decoder.MessageEnd();
word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
// Generate Cipher, Key, and CBC
byte key[ AES::MAX_KEYLENGTH ], iv[ AES::BLOCKSIZE ];
StringSource( reinterpret_cast<const char *>(decodedKey), true,
new HashFilter(*(new SHA256), new ArraySink(key, AES::MAX_KEYLENGTH)) );
memset( iv, 0x00, AES::BLOCKSIZE );
try {
CBC_Mode<AES>::Decryption Decryptor
( key, sizeof(key), iv );
StringSource( encrypted, true,
new HexDecoder(new StreamTransformationFilter( Decryptor,
new StringSink( plain )) ) );
}
catch (Exception &e) { // ...
qDebug() << "Exception while decrypting " << e.GetWhat().data();
}
catch (...) { // ...
}
qDebug() << "decrypt" << plain.data() << " " << AES::BLOCKSIZE;
return QString::fromStdString(plain);
}
The problem is that I randomly get:
StreamTransformationFilter: invalid PKCS #7 block padding found
When decrypting the content. The encryption should fully support QString,
since it may contain some Unicode data. But it doesn't work even with a basic,
string which contains only [A-z][a-z][0-9]
The aesKey size is 256.
Following some answers on Stack Overflow, somebody suggested the use of HexDecoder / HexEncoder, but it does not solve the problem in my case.
The fist problem with my code was that I was feeding normal string in aesKey QString.
So instead of "1231fsdf$5r4" you need to give a key in hex format: [0-9][A-F]
Then, the problem was here:
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
I guess the string was full 64 bytes and there was no space for NULL at the end. The problem dissapeared after I changed to:
char *decodedKey = new char[size+2];
Now the code works fine. Hope this will help somebody in the future.
Related
So I have this piece of C# code:
void Decrypt(Stream input, Stream output, string password, int bufferSize) {
using (var algorithm = Aes.Create()) {
var IV = new byte[16];
input.Read(IV, 0, 16);
algorithm.IV = IV;
var key = new Rfc2898DeriveBytes(password, algorithm.IV, 100);
algorithm.Key = key.GetBytes(16);
using(var decryptor = algorithm.CreateDecryptor())
using(var cryptoStream = new CryptoStream(input, decryptor, CryptoStreamMode.Read)) {
CopyStream(cryptoStream, output, bufferSize);
}
}
}
and I am trying to translate this into C++ with CryptoPP.
So this is what I have written:
void decrypt(std::ifstream& in_file, std::ofstream& out_file, std::string_view password, size_t bufSize) {
using namespace CryptoPP;
// Get IV
byte iv[16];
in_file.read(reinterpret_cast<char*>(iv), sizeof(iv));
// Read cypher
std::string cypher;
while (in_file && cypher.size() != bufSize) {
char c;
in_file.read(&c, 1);
cypher.push_back(c);
}
// Get key
byte key[16];
PKCS5_PBKDF2_HMAC<SHA1> pbkdf2;
pbkdf2.DeriveKey(key, sizeof(key), 0, reinterpret_cast<const byte*>(password.data()), password.size(), iv, sizeof(iv), 100);
// Decrypt
CTR_Mode<AES>::Decryption decrypt(key, sizeof(key), iv);
std::string output;
StringSource(cypher, true, new StreamTransformationFilter(decrypt, new StringSink(output)));
// Write output to file
out_file.write(output.data(), output.size());
}
However, from this function, I am only getting back trash data. What could I be doing wrong?
Thanks
Tuxifan!
So I found the solution! First of all, as #mbd mentioned, C# uses CBC by default. Additionally, I need to cut away the rest of the data like this:
while ((cipher.size() % 16) != 0) {
cipher.pop_back();
}
I have a string hashed using SHA256 to use as a key but how would I use this key to encrypt a string with AES in CBC mode and crypto++?
Thanks.
I ended up achieving the desired outcome with the below code.
QString qhash = "hash";
std::string plain = "message";
std::string ciphertext;
std::string stdhash = qhash.toStdString();
CryptoPP::HexDecoder decoder;
decoder.Put((byte*)stdhash.data(),qhash.size());
decoder.MessageEnd();
CryptoPP::word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
byte hash[CryptoPP::AES::MAX_KEYLENGTH], iv[ CryptoPP::AES::BLOCKSIZE ];
CryptoPP::StringSource(reinterpret_cast<const char *>(decodedKey), true,new CryptoPP::ArraySink(hash, CryptoPP::AES::MAX_KEYLENGTH));
memset(iv, 0x00, CryptoPP::AES::BLOCKSIZE);
CryptoPP::CBC_Mode<CryptoPP::AES>::Encryption Encryptor(hash,sizeof(hash),iv);
CryptoPP::StringSource( plain, true, new CryptoPP::StreamTransformationFilter( Encryptor, new CryptoPP::HexEncoder(new CryptoPP::StringSink( ciphertext )) ) );
return ciphertext;
I have a Java code for encryption in place as follows!
private static byte[] encrypt(byte[] raw, byte[] clear) throws
Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = null;
if(isIVUsedForCrypto) {
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(IV));
}
else
{
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
}
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
public static byte[] toByte(String hexString) {
int len = hexString.length()/2;
byte[] result = new byte[len];
try{
for (int i = 0; i < len; i++) {
result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2),16).byteValue();
}
}catch (Exception e) {
}
return result;
}
public static String toHex(byte[] buf) {
if (buf == null)
return "";
StringBuffer result = new StringBuffer(2*buf.length);
for (int i = 0; i < buf.length; i++) {
appendHex(result, buf[i]);
}
return result.toString();
}
private final static String HEX = "0123456789ABCDEF";
private static void appendHex(StringBuffer sb, byte b) {
sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
}
From Java main method:
byte[] result = encrypt(toByte(rawKey), plaintext.getBytes());
I need to write the C++ equivalent for the above methods (in java). I am not aware of the C++ classes for Cryptography and would like someone to please provide an example showing the same.
Thanks in advance
EDIT
My raw key would be in hexadecimal like -> 729308A8E815F6A46EB3A8AE6D5463CA7B64A0E2E11BC26A68106FC7697E727E
and my final encrypted password is --> 812DCE870D82E93DB62CDA66AAF37FB2
This works in Java but I need a similar solution for C++
Try this:
#include <crypto++/aes.h>
#include <crypto++/modes.h>
#include <crypto++/filters.h>
#include <crypto++/hex.h>
#include <crypto++/sha.h>
#include <crypto++/md5.h>
QString Foo::decrypt(const QString &password)
{
string plain;
string encrypted = password.toStdString();
// Hex decode symmetric key:
HexDecoder decoder;
decoder.Put( (byte *)PRIVATE_KEY,32*2 );
decoder.MessageEnd();
word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
// Generate Cipher, Key, and CBC
byte key[ AES::MAX_KEYLENGTH ], iv[ AES::BLOCKSIZE ];
StringSource( reinterpret_cast<const char *>(decodedKey), true,
new HashFilter(*(new SHA256), new ArraySink(key, AES::MAX_KEYLENGTH)) );
memset( iv, 0x00, AES::BLOCKSIZE );
try {
CBC_Mode<AES>::Decryption Decryptor
( key, sizeof(key), iv );
StringSource( encrypted, true,
new HexDecoder(new StreamTransformationFilter( Decryptor,
new StringSink( plain ) ) ) );
}
catch (Exception &e) { // ...
}
catch (...) { // ...
}
return QString::fromStdString(plain);
}
QString Foo::encrypt(const QString &password)
{
string plain = password.toStdString();
string ciphertext;
// Hex decode symmetric key:
HexDecoder decoder;
decoder.Put( (byte *)PRIVATE_KEY, 32*2 );
decoder.MessageEnd();
word64 size = decoder.MaxRetrievable();
char *decodedKey = new char[size];
decoder.Get((byte *)decodedKey, size);
// Generate Cipher, Key, and CBC
byte key[ AES::MAX_KEYLENGTH ], iv[ AES::BLOCKSIZE ];
StringSource( reinterpret_cast<const char *>(decodedKey), true,
new HashFilter(*(new SHA256), new ArraySink(key, AES::MAX_KEYLENGTH)) );
memset( iv, 0x00, AES::BLOCKSIZE );
CBC_Mode<AES>::Encryption Encryptor( key, sizeof(key), iv );
StringSource( plain, true, new StreamTransformationFilter( Encryptor,
new HexEncoder(new StringSink( ciphertext ) ) ) );
return QString::fromStdString(ciphertext);
}
Update:
Use above code as follows:
//...
#define PRIVATE_KEY "729308A8E815F6A46EB3A8AE6D5463CA7B64A0E2E11BC26A68106FC7697E727E37011"
QString encrypted = Foo::encryptPassword("test");
// use encrypted
Personally I don't like to reveal private key in source code. So I'll pass it to compiler in command line:
g++ -DPRIVATE_KEY \"\"\"123...\"\"\" ...
Where PRIVATE_KEY is your private key in plain text. If you have the key in HEX encode, just remove Hex decode symmetric key step.
I have this code to try decryption:
byte key[AES::DEFAULT_KEYLENGTH];
string key_s = "essasenhaehfraca";
for (int i = 0; i < key_s.size(); i++)
key[i] = (byte) key_s[i];
string ciphertext = "A506A19333F306AC2C62CBE931963AE7DFCFFA940360A40FFD5DC69B9C2E53AD"
string decryptedtext;
try
{
ECB_Mode< AES >::Decryption decryptor;
decryptor.SetKey(key, sizeof(key));
CryptoPP::StringSource(ciphertext, true,
new CryptoPP::StreamTransformationFilter( decryptor,
new CryptoPP::StringSink( decryptedtext )
)
);
}
catch(const CryptoPP::Exception& e)
{
cerr << e.what() << endl;
system("pause");
exit(1);
}
return 0;
When I execute it, I get the exception
StreamTransformationFilter: invalid pkcs #7 block padding found.
I searched and didn't find anything. Someone knows why I get this error? Every example I found in the internet is in this same way and none of them mention this error.
It looks like your Cipher text is hex-encoded. You need to add a HexDecoder to your decryption stream:
CryptoPP::StringSource ss(ciphertext, true,
new CryptoPP::HexDecoder(
new CryptoPP::StreamTransformationFilter( decryptor,
new CryptoPP::StringSink( decryptedtext ) ) ) );
In my experience, I think it's because you don't create your key correctly:
byte* key_s = (byte*)"essasenhaehfraca";
SecByteBlock key( key_s, AES::DEFAULT_KEYLENGTH );
And after that:
ECB_Mode< AES >::Decryption d;
d.SetKey( key, key.size() );
I want to make program that encrypts (later decrypts) user inputted string.
Here is beginning for encryption:
QString getData = ui->text->toPlainText(); //Data to process
std::string output; //Result will be Base32 encoded string, so std::string is fine.
Now, I have to convert QString to char* or std::string so it can be accepted with Crypto++. I thought that QByteArray would be fine, as it has .data() function, which returns char *. (getData always 17 or more bytes long: CryptoPP requires at least 17 bytes for AES encryption).
So, I have used following code:
QByteArray data;
data.append(getData);
//Creating key and iv:
//Creating AES encryptor:
//Encrypting AES and Base32:
CryptoPP::StringSource ss((const byte*)data.data(), data.size() , true,
new CryptoPP::StreamTransformationFilter( Encryptor,
new CryptoPP::Base32Encoder(
new CryptoPP::StringSink(output)
) // Base32Encoder
) // StreamTransformationFilter
); // StringSource
ui->text->clear();
getData = output.c_str();
ui->text->setText(getData);
Everything is seems to be fine. But I want it to support non-ASCII characters (I mean russian, lithuanian etc.). After decryption they change to ?. How could I fix this? I understand, that std::string doesn`t support them.
EDIT: Here is updated code:
Encryption:
QString getData = ui->text->toPlainText(); //Data to process
std::string output;
QByteArray data = getData.toUtf8();
//Creating key and iv: <..>
//Creating AES encryptor: <..>
//Encrypting AES and Base32:
CryptoPP::StringSource ss((const byte*) data.data(),getData.size()*2, true,
new CryptoPP::StreamTransformationFilter( Encryptor,
new CryptoPP::Base32Encoder(
new CryptoPP::StringSink(output)
) // Base32Encoder
) // StreamTransformationFilter
); // StringSource
ui->text->clear();
getData = output.c_str();
ui->text->setText(getData);
And decryption:
QString getData = ui->text->toPlainText();
QByteArray data;
data.append(getData);
std::string output;
//Creating key and iv:
byte key[ CryptoPP::AES::DEFAULT_KEYLENGTH ],
iv[ CryptoPP::AES::BLOCKSIZE ];
//Memsetting them: (randomization needed)
::memset( key, 0x01, CryptoPP::AES::DEFAULT_KEYLENGTH );
::memset( iv, 0x01, CryptoPP::AES::BLOCKSIZE );
//Creating AES decryptor:
CryptoPP::CBC_Mode<CryptoPP::AES>::Decryption decryptor( key, sizeof(key), iv );
//Decrypting Base32 and AES
CryptoPP::StringSource ss((const byte*) data.data(), data.size(), true,
new CryptoPP::Base32Decoder(
new CryptoPP::StreamTransformationFilter( Decryptor,
new CryptoPP::StringSink(output)
) // StreamTransformationFilter
) // Base32Encoder
); // StringSource
ui->text->clear();
getData = QString::fromUtf8(output.c_str());
ui->text->setText(getData);
Does it have any bugs I have missed?
I think you're losing data when converting from QString to QByteArray. Try this:
QByteArray data = getData.toUtf8();
...
getData = QString::fromUtf8( output.c_str() );
Use reinterpret_cast<byte*>(QString::data()) instead. Don't try to actually do code page conversion here -- AES does not care. Use an ArraySink instead of a StringSink.
Keep in mind that the size of the actual QString::data() buffer is twice the number of characters contained there, because it uses UTF-16.