Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. Decrypt AES with OpenSSL & Qt 5.5.1 Win32 VS2013
QtWS25 Last Chance

Decrypt AES with OpenSSL & Qt 5.5.1 Win32 VS2013

Scheduled Pinned Locked Moved Solved General and Desktop
opensslqt 5.5.1windowsvs 2013decrypt
42 Posts 3 Posters 22.9k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Q Offline
    Q Offline
    qDebug
    wrote on last edited by
    #22

    Yes. It is the only one i found so far. But the iv and key are random generated, it does not show how to use an already existing key and iv correctly. I really don't know what i am missing here.

    1 Reply Last reply
    0
    • SGaistS Offline
      SGaistS Offline
      SGaist
      Lifetime Qt Champion
      wrote on last edited by
      #23

      Just replace the random key and iv by yours.

      Interested in AI ? www.idiap.ch
      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

      1 Reply Last reply
      0
      • Q Offline
        Q Offline
        qDebug
        wrote on last edited by
        #24

        I did. That was my first idea, did not work. Id did check the key and iv output, same as i use with openssl, does work in openssl, does not work in Qt / QCA - at least not the way i do it. I don't know, maybe i miss something in general or just just a tiny mistake, but after days and hours, i can confirm, it won't work for me.

        1 Reply Last reply
        0
        • SGaistS Offline
          SGaistS Offline
          SGaist
          Lifetime Qt Champion
          wrote on last edited by
          #25

          I took the example as is, replaced key and iv by

          QByteArray key("098f6bcd4621d373cade4e832627b4f6");
          QByteArray iv("d8e8fca2dc0f896fd7cb4cb0031ba249");
          

          and it's working fine.

          Interested in AI ? www.idiap.ch
          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

          1 Reply Last reply
          0
          • Q Offline
            Q Offline
            qDebug
            wrote on last edited by qDebug
            #26

            If you can tell me why this code

            QString decodedString;
            QCA::Initializer init;
            QByteArray array(encodedString.left(16).toStdString().c_str(), encodedString.left(16).size());
            QCA::SecureArray iv = array.toHex();
            QCA::Base64 decoder(QCA::Decode);
            QCA::SecureArray decoded = decoder.decodeString(encodedString).toStdString().c_str();
            QCA::SecureArray key = QByteArray(QCryptographicHash::hash(password.toUtf8(), QCryptographicHash::Md5).toHex());
            QCA::Cipher cipher(QString("aes128"), QCA::Cipher::CBC, QCA::Cipher::NoPadding, QCA::Decode, key, iv);
            QCA::SecureArray plainText = cipher.update(decoded);
            if(!cipher.ok())
            {
            	qDebug() << "update Fail";
            }
            plainText  = cipher.final();
            if(!cipher.ok())
            {
            	qDebug() << "final fail";
            }
            qDebug() << "process: " << QCA::SecureArray(cipher.process(decoded)).data();
            QString decodedString = plainText.data();
            qDebug() << "Decoded: " << decodedString;
            

            is not working, it may help me. If you tell me some code is working for you, it does not. This is btw. taken from the example, i did not change anything beside adding key and iv.

            1 Reply Last reply
            0
            • SGaistS Offline
              SGaistS Offline
              SGaist
              Lifetime Qt Champion
              wrote on last edited by
              #27

              The first thing that looks strange is your iv creation. You take 16 bytes of your encoded string and turn it to hexadecimal. Why ?

              Also, why all the conversions ? Just use QByteArray.

              Interested in AI ? www.idiap.ch
              Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

              1 Reply Last reply
              0
              • Q Offline
                Q Offline
                qDebug
                wrote on last edited by
                #28

                098f6bcd4621d373cade4e832627b4f6 is "test" in md5. all the strings i have to decode are encoded with a different iv, the iv is always the first 16 bytes in hex from the encoded string, d8e8fca2dc0f896fd7cb4cb0031ba249 in this case.

                So i have to hash the key "test" and get the iv from the encoded string.

                And of course, i did test the key and iv just as QByteArray, before and after you posted the example, but the decoding so far did always fail.

                1 Reply Last reply
                0
                • SGaistS Offline
                  SGaistS Offline
                  SGaist
                  Lifetime Qt Champion
                  wrote on last edited by
                  #29

                  That's something that is really not clear. You are telling me that you are using as iv for the decoding a part of the alrey encoded string ? So what did you use as iv for the encoding part ?

                  Interested in AI ? www.idiap.ch
                  Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                  1 Reply Last reply
                  0
                  • Q Offline
                    Q Offline
                    qDebug
                    wrote on last edited by qDebug
                    #30

                    The iv is taken from the still encrypted and base64 encoded string, first 16 bytes hex. iv 507055722b4c4d4876614b6d66307136 is QByteArray array(encodedString.left(16).toStdString().c_str(), encodedString.left(16).size()); qDebug() << "iv: " << array.toHex();

                    Proof:

                    echo PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM= | openssl enc -d -a -A -aes-128-cbc -iv 507055722b4c4d4876614b6d66307136 -K 098f6bcd4621d373cade4e832627b4f6
                    8°&¦=YaÌ?{Äa+Dr. Test
                    
                    1 Reply Last reply
                    0
                    • SGaistS Offline
                      SGaistS Offline
                      SGaist
                      Lifetime Qt Champion
                      wrote on last edited by
                      #31

                      And what iv did you use to encrypt the string ?

                      Interested in AI ? www.idiap.ch
                      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                      1 Reply Last reply
                      0
                      • Q Offline
                        Q Offline
                        qDebug
                        wrote on last edited by
                        #32

                        If you scroll up a few posts, there is the source code.

                        1 Reply Last reply
                        0
                        • SGaistS Offline
                          SGaistS Offline
                          SGaist
                          Lifetime Qt Champion
                          wrote on last edited by
                          #33

                          Do you mean the VB code ? Then you generate an IV in there, and use a different one when decrypting your string or am I missing something there ?

                          Interested in AI ? www.idiap.ch
                          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                          1 Reply Last reply
                          0
                          • Q Offline
                            Q Offline
                            qDebug
                            wrote on last edited by
                            #34

                            It is the same iv. There is no problem with the iv i believe, it does work to decrypt in openssl and VB. It is a common way to use the first 16 bytes of a string for iv. Like salting passwords, kind of, not really but i'm no expert and can't explain it better. Defending on the software and api you may have to remove the iv from the string before decrypting but i don't thing it is the case in qca - but i did try it anyways - no luck.

                            Maybe i don't use the API correctly. The example code:

                            cipher.setup( QCA::Decode, key, iv );
                            
                            QCA::SecureArray cipherText = u.append(f);
                            QCA::SecureArray plainText = cipher.update(cipherText);
                            if (!cipher.ok()) {
                            	printf("Update failed\n");
                            }
                            
                            printf("Decryption using AES128 of [0x%s] is %s\n",
                            	   qPrintable(QCA::arrayToHex(cipherText.toByteArray())), plainText.data());
                            
                            plainText = cipher.final();
                            if (!cipher.ok()) {
                            	printf("Final failed\n");
                            }
                            
                            printf("Final decryption block using AES128 is %s\n", plainText.data());
                            printf("One step decryption using AES128: %s\n",
                            	   QCA::SecureArray(cipher.process(cipherText)).data() );
                            

                            So cipherText here is u.append(f); the update and the final results together.

                            Or maybe i found a bug. Who knows? But chances are i'm doing it wrong, somehow.

                            1 Reply Last reply
                            0
                            • SGaistS Offline
                              SGaistS Offline
                              SGaist
                              Lifetime Qt Champion
                              wrote on last edited by
                              #35

                              That's what I'm trying to clear up with you.

                              What you wrote is that you were using a part of your already encoded string as IV when setting up decoding and that's that part that is puzzling me. AFAIK, you should use the same IV that you generated, whatever the means, when you encoded that string. So basically (pseudo code):

                              Get secret key as sk
                              Get password
                              Generate IV as iv: 16 first chars of md5 of password
                              Encode "Dr. Test" with sk + iv as encoded_str
                              

                              and later:

                              Get secret key as sk
                              Get password
                              Generate IV as iv: 16 first char of md5 of password
                              Decode encoded_str with sk + iv
                              Get Dr. Test
                              

                              What I understand of what you wrote for the decoding part is:

                              Get secret key as sk
                              Get password
                              Generate IV as iv: 16 first char of encoded_str
                              Decode encoded_str with sk + iv
                              Get garbage + Dr. Test
                              

                              Interested in AI ? www.idiap.ch
                              Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                              1 Reply Last reply
                              0
                              • Q Offline
                                Q Offline
                                qDebug
                                wrote on last edited by
                                #36

                                I did not wrote the VB code nor the encoder or decoder for this part. I just try to decrypt strings in XML files encoded using this VB code. For now i use a bash script on Linux but i fail to implement it in my Qt app so far.

                                Bash:

                                passmd5="$(echo -n "$1" | md5sum | cut -d '-' -f1 | tr -d '[[:space:]]')"
                                theiv="$(echo $2 | xxd -l 16 -ps)"
                                echo $2 | openssl enc -d -a -A -aes-128-cbc -iv $theiv -K $passmd5 | tail -c +17
                                

                                Works perfectly. No luck in Qt.

                                1 Reply Last reply
                                0
                                • SGaistS Offline
                                  SGaistS Offline
                                  SGaist
                                  Lifetime Qt Champion
                                  wrote on last edited by
                                  #37

                                  Can you give a sample of input you pass to that script and what you should have as output ?

                                  Interested in AI ? www.idiap.ch
                                  Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                  1 Reply Last reply
                                  0
                                  • Q Offline
                                    Q Offline
                                    qDebug
                                    wrote on last edited by
                                    #38

                                    Of course:

                                    #!/bin/bash
                                    password="test" # the password
                                    cstring="PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=" # the aes-128-cbc and base64 encoded string
                                    passmd5="$(echo -n "$password" | md5sum | cut -d '-' -f1 | tr -d '[[:space:]]')" # md5 hash the password
                                    theiv="$(echo $cstring | xxd -l 16 -ps)" # get the iv
                                    decoded="$(echo $cstring | openssl enc -d -a -A -aes-128-cbc -iv $theiv -K $passmd5 | tail -c +17)" # decode in openssl
                                    
                                    # expected: Dr. Test
                                    echo decoded: $decoded
                                    
                                    1 Reply Last reply
                                    0
                                    • SGaistS Offline
                                      SGaistS Offline
                                      SGaist
                                      Lifetime Qt Champion
                                      wrote on last edited by
                                      #39

                                      Based on your script

                                      QByteArray data = "PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=";
                                      QByteArray iv = data.left(16).toHex();
                                      QCA::Hash hash( "md5" );
                                      hash.update("test");
                                      QCA::SecureArray key = hash.final();
                                      QCA::Cipher cipher(QString("aes128"),QCA::Cipher::CBC,
                                                                       // use Default padding, which is equivalent to PKCS7 for CBC
                                                                      QCA::Cipher::DefaultPadding,
                                                                      // this object will encrypt
                                                                      QCA::Decode,
                                                                      key, iv);
                                      
                                              QCA::SecureArray decryptedData = cipher.process(QByteArray::fromBase64(data));
                                              if (!cipher.ok()) {
                                                  qDebug() << "Decryption failed !  ";
                                              }
                                              qDebug() << decryptedData.toByteArray().mid(16);
                                      

                                      Note however that using tail like that looks suspicious. I'm still not convinced of your initial vector handling. It should be the same used when encoding the string. Here it clearly is not.

                                      Interested in AI ? www.idiap.ch
                                      Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                      Q 1 Reply Last reply
                                      2
                                      • SGaistS SGaist

                                        Based on your script

                                        QByteArray data = "PpUr+LMHvaKmf0q6J7Oyzo4jbFO5kfWyXl0d8nD3hyM=";
                                        QByteArray iv = data.left(16).toHex();
                                        QCA::Hash hash( "md5" );
                                        hash.update("test");
                                        QCA::SecureArray key = hash.final();
                                        QCA::Cipher cipher(QString("aes128"),QCA::Cipher::CBC,
                                                                         // use Default padding, which is equivalent to PKCS7 for CBC
                                                                        QCA::Cipher::DefaultPadding,
                                                                        // this object will encrypt
                                                                        QCA::Decode,
                                                                        key, iv);
                                        
                                                QCA::SecureArray decryptedData = cipher.process(QByteArray::fromBase64(data));
                                                if (!cipher.ok()) {
                                                    qDebug() << "Decryption failed !  ";
                                                }
                                                qDebug() << decryptedData.toByteArray().mid(16);
                                        

                                        Note however that using tail like that looks suspicious. I'm still not convinced of your initial vector handling. It should be the same used when encoding the string. Here it clearly is not.

                                        Q Offline
                                        Q Offline
                                        qDebug
                                        wrote on last edited by
                                        #40

                                        @SGaist Perfekt, thank you!

                                        I was total stuck. Password hash, update and final before. Thanks again!

                                        1 Reply Last reply
                                        0
                                        • SGaistS Offline
                                          SGaistS Offline
                                          SGaist
                                          Lifetime Qt Champion
                                          wrote on last edited by
                                          #41

                                          But again and I insist the IV handling is wrong. You should use the same IV for both encoding and decoding and following your code it's clearly not the case.

                                          The IV should change each time you encode your data though to avoid repeat attack.

                                          Interested in AI ? www.idiap.ch
                                          Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

                                          1 Reply Last reply
                                          1

                                          • Login

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Categories
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Users
                                          • Groups
                                          • Search
                                          • Get Qt Extensions
                                          • Unsolved