Topic
  • 10 replies
  • Latest Post - ‏2013-11-07T10:07:52Z by HermannSW
hish
hish
105 Posts

Pinned topic Encrypt in Datapower, decrypt in an existing server

‏2011-11-03T22:07:20Z |
Hello,

My scenario is,

We have an existing decrypt functionality on a server, which decypts the cipher using DES and a static IV. There are clients encrypting cleartext using DES and the same IV.

We need to use Datapower to do the exact same. So we have created a key concatenating the key three times and using 3DES-CBC. But the problem is, we can't pass the IV to the encrypt extension functions. We can't change the server to separate the IV and ciphertext, and then do the decryption using them (impact existing clients.

Is there another way to do this? Like setting some variables or using some templates from some util xsl file in store folder?

Help is much appreciated.

Regards,
Sudhish
Updated on 2011-12-23T13:13:16Z at 2011-12-23T13:13:16Z by HermannSW
  • HermannSW
    HermannSW
    4742 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-04T00:41:21Z  
    >
    > We have an existing decrypt functionality on a server, which decypts the cipher using DES
    > and a static IV. There are clients encrypting cleartext using DES and the same IV.
    >
    > ...
    >
    > Is there another way to do this? Like setting some variables or using some templates from some util xsl file in store folder?
    >
    The statement from this very old thread is still true:
    https://www.ibm.com/developerworks/forums/thread.jspa?messageID=14417324&#14417324

    "WebSphere SOA Appliances do not support ECB algorithms as you deduced from the documentation. There is no known workaround"

    You cannot use DES-CBC mode as workaround as the IV gets randomly created each time and you do not know its value.

    The only workaround I can think of is implementing DES-ECB is a stylesheet, but that will be really slow compared to built in support for DES-CBC.
    But perhaps your payload to be encrypted is not big ...

     
    Hermann<myXsltBlog/>
  • hish
    hish
    105 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-04T13:28:52Z  
    • HermannSW
    • ‏2011-11-04T00:41:21Z
    >
    > We have an existing decrypt functionality on a server, which decypts the cipher using DES
    > and a static IV. There are clients encrypting cleartext using DES and the same IV.
    >
    > ...
    >
    > Is there another way to do this? Like setting some variables or using some templates from some util xsl file in store folder?
    >
    The statement from this very old thread is still true:
    https://www.ibm.com/developerworks/forums/thread.jspa?messageID=14417324&#14417324

    "WebSphere SOA Appliances do not support ECB algorithms as you deduced from the documentation. There is no known workaround"

    You cannot use DES-CBC mode as workaround as the IV gets randomly created each time and you do not know its value.

    The only workaround I can think of is implementing DES-ECB is a stylesheet, but that will be really slow compared to built in support for DES-CBC.
    But perhaps your payload to be encrypted is not big ...

     
    Hermann<myXsltBlog/>
    Hermann,

    I do understand the advantage of creating dynamic IV improves security.

    I may have failed to mention that we are using CBC mode. I haven't seen anywhere in the specification that we shouldn't use a constant IV. Agreed that it increases the security. May be i am wrong..

    Regards,
    Sudhish
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-04T13:59:04Z  
    • hish
    • ‏2011-11-04T13:28:52Z
    Hermann,

    I do understand the advantage of creating dynamic IV improves security.

    I may have failed to mention that we are using CBC mode. I haven't seen anywhere in the specification that we shouldn't use a constant IV. Agreed that it increases the security. May be i am wrong..

    Regards,
    Sudhish
    Random IVs do improve security by helping to prevent chosen-plaintext attacks. The actual encryption performed on DataPower is done using extension functions (dp:encrypt-string or dp:encrypt-data) which do not accept an IV as input.
  • hish
    hish
    105 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-04T15:16:15Z  
    Random IVs do improve security by helping to prevent chosen-plaintext attacks. The actual encryption performed on DataPower is done using extension functions (dp:encrypt-string or dp:encrypt-data) which do not accept an IV as input.
    Peter,

    Yes. I understand. I guess i need to write a custom xsl to do this as Hermann has mentioned.
  • inestlerode
    inestlerode
    166 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-04T20:19:04Z  
    • hish
    • ‏2011-11-04T15:16:15Z
    Peter,

    Yes. I understand. I guess i need to write a custom xsl to do this as Hermann has mentioned.
    This is not possible even with custom XSL since the only cryptographic primitives you have to work with are dp:encrypt-data() and dp:encrypt-string(). Those functions only support CBC mode with random IV. They do not support ECB mode or taking the IV as an argument.
  • HermannSW
    HermannSW
    4742 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-04T23:52:30Z  
    Sudish,

    Ivan is right that there is no way based on DataPower extension functions to provide DES-ECB.

    But I have to answer back on Ivan's statement:
    "This is not possible even with custom XSL since the only cryptographic primitives ..."

    Implementing the cryptographic primitives in XSLT does the job.

    I just copied anything needed to do a 64bit block DES encrypt and DES decrypt together -- this is work in progress, but completed for DES.

    Find stylesheet des-demo.xsl attached doing the DES encryption on the sample taken from "The DES Algorithm Illustrated":
    http://orlingrabbe.com/des.htm

    This is definitely NOT what you want to do on big data, as a single 64bit DES encrypt takes 3 milliseconds (3 take 8ms).

    But if you do need to DES encrypt only small amount of data and/or have no other choice this is "a" way to go.

    Btw, this stylesheet is portable and runs for DataPower as well as xalan XSLT processors.

    
    $ coproc2 des-demo.xsl empty.xml http:
    //dp3-l3.boeblingen.de.ibm.com:2223 des.xsl demo des:encrypt-blk(
    '0123456789ABCDEF',
    '133457799BBCDFF1')=85E813540F0AB405 t1-t0=3ms des:decrypt-blk(
    '85E813540F0AB405',
    '133457799BBCDFF1')=0123456789ABCDEF $ $ xalan des-demo.xsl des.xsl demo des:encrypt-blk(
    '0123456789ABCDEF',
    '133457799BBCDFF1')=85E813540F0AB405 t1-t0=0ms des:decrypt-blk(
    '85E813540F0AB405',
    '133457799BBCDFF1')=0123456789ABCDEF $
    

    This is -- as I said work in progress -- the complete "des-demo.xsl":
    
    <?xml-stylesheet href=
    "#" type=
    "text/xsl"?> <xsl:stylesheet version=
    "1.0" xmlns:xsl=
    "http://www.w3.org/1999/XSL/Transform" xmlns:exslt=
    "http://exslt.org/common" xmlns:func=
    "http://exslt.org/functions" xmlns:str=
    "http://exslt.org/strings" xmlns:dp=
    "http://www.datapower.com/extensions" xmlns:md4=
    "urn:iso:member-body:US:rsadsi:digestAlgorithm:4" xmlns:des=
    "urn:iso:identified-organization:oiw:secsig:algorithm:des-ecb" xmlns:hsw=
    "http://www.stamm-wilbrandt.de/datapower/functions" extension-element-prefixes=
    "dp" exclude-result-prefixes=
    "func" > <xsl:output omit-xml-declaration=
    "yes"/>   <!-- Sample (and algorithm) taken from 
    "The DES Algorithm Illustrated": http:
    //orlingrabbe.com/des.htm --> <xsl:template match=
    "/"> <xsl:text>des.xsl demo
    </xsl:text>     <xsl:variable name=
    "t0" select=
    "dp:time-value()"/>   <xsl:variable name=
    "res" select=
    "des:encrypt-blk('0123456789ABCDEF','133457799BBCDFF1')"/>   <xsl:variable name=
    "t1" select=
    "dp:time-value()"/>   <xsl:text>des:encrypt-blk(
    '0123456789ABCDEF',
    '133457799BBCDFF1')=</xsl:text> <xsl:value-of select=
    "$res"/> <xsl:text>
    </xsl:text>   <xsl:text>t1-t0=</xsl:text><xsl:value-of select=
    "$t1 - $t0"/> <xsl:text>ms
    </xsl:text>   <xsl:text>des:decrypt-blk(
    '85E813540F0AB405',
    '133457799BBCDFF1')=</xsl:text> <xsl:value-of select=
    "des:decrypt-blk('85E813540F0AB405','133457799BBCDFF1')"/> <xsl:text>
    </xsl:text> </xsl:template>       <!-- DES encrypt 64bit (blk) hex message $MH with 64bit hex key $KH --> <func:function name=
    "des:encrypt-blk"> <xsl:param name=
    "MH"/> <xsl:param name=
    "KH"/>   <func:result select=
    "des:crypt-blk($MH,$KH,true())"/> </func:function>     <!-- DES decrypt 64bit (blk) hex message $MH with 64bit hex key $KH --> <func:function name=
    "des:decrypt-blk"> <xsl:param name=
    "MH"/> <xsl:param name=
    "KH"/>   <func:result select=
    "des:crypt-blk($MH,$KH,false())"/> </func:function>     <!-- DES en-/de-crypt 64bit (blk) hex message $MH with 64bit hex key $KH --> <func:function name=
    "des:crypt-blk"> <xsl:param name=
    "MH"/> <xsl:param name=
    "KH"/> <xsl:param name=
    "encrypt"/>   <xsl:
    
    if test=
    "string-length($MH)!=16"> <xsl:message terminate=
    "yes">des:encrypt-blk message!=64bit</xsl:message> </xsl:if>   <xsl:
    
    if test=
    "string-length($KH)!=16"> <xsl:message terminate=
    "yes">des:encrypt-blk key!=64bit</xsl:message> </xsl:if>   <xsl:variable name=
    "M" select=
    "hsw:hexTObin($MH)"/> <xsl:variable name=
    "K" select=
    "hsw:hexTObin($KH)"/>   <xsl:variable name=
    "Kplus" select=
    "hsw:sel($K,exslt:node-set($des:PC-1)/*)"/>   <xsl:variable name=
    "C0" select=
    "substring($Kplus,1,28)"/> <xsl:variable name=
    "D0" select=
    "substring($Kplus,29)"/>   <xsl:variable name=
    "C1" select=
    "hsw:shiftLeft($C0,1)"/> <xsl:variable name=
    "D1" select=
    "hsw:shiftLeft($D0,1)"/>   <xsl:variable name=
    "C2" select=
    "hsw:shiftLeft($C1,1)"/> <xsl:variable name=
    "D2" select=
    "hsw:shiftLeft($D1,1)"/>   <xsl:variable name=
    "C3" select=
    "hsw:shiftLeft($C2,2)"/> <xsl:variable name=
    "D3" select=
    "hsw:shiftLeft($D2,2)"/>   <xsl:variable name=
    "C4" select=
    "hsw:shiftLeft($C3,2)"/> <xsl:variable name=
    "D4" select=
    "hsw:shiftLeft($D3,2)"/>   <xsl:variable name=
    "C5" select=
    "hsw:shiftLeft($C4,2)"/> <xsl:variable name=
    "D5" select=
    "hsw:shiftLeft($D4,2)"/>   <xsl:variable name=
    "C6" select=
    "hsw:shiftLeft($C5,2)"/> <xsl:variable name=
    "D6" select=
    "hsw:shiftLeft($D5,2)"/>   <xsl:variable name=
    "C7" select=
    "hsw:shiftLeft($C6,2)"/> <xsl:variable name=
    "D7" select=
    "hsw:shiftLeft($D6,2)"/>   <xsl:variable name=
    "C8" select=
    "hsw:shiftLeft($C7,2)"/> <xsl:variable name=
    "D8" select=
    "hsw:shiftLeft($D7,2)"/>   <xsl:variable name=
    "C9" select=
    "hsw:shiftLeft($C8,1)"/> <xsl:variable name=
    "D9" select=
    "hsw:shiftLeft($D8,1)"/>   <xsl:variable name=
    "C10" select=
    "hsw:shiftLeft($C9,2)"/> <xsl:variable name=
    "D10" select=
    "hsw:shiftLeft($D9,2)"/>   <xsl:variable name=
    "C11" select=
    "hsw:shiftLeft($C10,2)"/> <xsl:variable name=
    "D11" select=
    "hsw:shiftLeft($D10,2)"/>   <xsl:variable name=
    "C12" select=
    "hsw:shiftLeft($C11,2)"/> <xsl:variable name=
    "D12" select=
    "hsw:shiftLeft($D11,2)"/>   <xsl:variable name=
    "C13" select=
    "hsw:shiftLeft($C12,2)"/> <xsl:variable name=
    "D13" select=
    "hsw:shiftLeft($D12,2)"/>   <xsl:variable name=
    "C14" select=
    "hsw:shiftLeft($C13,2)"/> <xsl:variable name=
    "D14" select=
    "hsw:shiftLeft($D13,2)"/>   <xsl:variable name=
    "C15" select=
    "hsw:shiftLeft($C14,2)"/> <xsl:variable name=
    "D15" select=
    "hsw:shiftLeft($D14,2)"/>   <xsl:variable name=
    "C16" select=
    "hsw:shiftLeft($C15,1)"/> <xsl:variable name=
    "D16" select=
    "hsw:shiftLeft($D15,1)"/>   <xsl:variable name=
    "PC-2" select=
    "exslt:node-set($des:PC-2)/*"/>   <xsl:variable name=
    "k1"  select=
    "hsw:sel(concat($C1 ,$D1 ),$PC-2)"/> <xsl:variable name=
    "k2"  select=
    "hsw:sel(concat($C2 ,$D2 ),$PC-2)"/> <xsl:variable name=
    "k3"  select=
    "hsw:sel(concat($C3 ,$D3 ),$PC-2)"/> <xsl:variable name=
    "k4"  select=
    "hsw:sel(concat($C4 ,$D4 ),$PC-2)"/> <xsl:variable name=
    "k5"  select=
    "hsw:sel(concat($C5 ,$D5 ),$PC-2)"/> <xsl:variable name=
    "k6"  select=
    "hsw:sel(concat($C6 ,$D6 ),$PC-2)"/> <xsl:variable name=
    "k7"  select=
    "hsw:sel(concat($C7 ,$D7 ),$PC-2)"/> <xsl:variable name=
    "k8"  select=
    "hsw:sel(concat($C8 ,$D8 ),$PC-2)"/> <xsl:variable name=
    "k9"  select=
    "hsw:sel(concat($C9 ,$D9 ),$PC-2)"/> <xsl:variable name=
    "k10" select=
    "hsw:sel(concat($C10,$D10),$PC-2)"/> <xsl:variable name=
    "k11" select=
    "hsw:sel(concat($C11,$D11),$PC-2)"/> <xsl:variable name=
    "k12" select=
    "hsw:sel(concat($C12,$D12),$PC-2)"/> <xsl:variable name=
    "k13" select=
    "hsw:sel(concat($C13,$D13),$PC-2)"/> <xsl:variable name=
    "k14" select=
    "hsw:sel(concat($C14,$D14),$PC-2)"/> <xsl:variable name=
    "k15" select=
    "hsw:sel(concat($C15,$D15),$PC-2)"/> <xsl:variable name=
    "k16" select=
    "hsw:sel(concat($C16,$D16),$PC-2)"/>   <xsl:variable name=
    "decrypt" select=
    "not($encrypt)"/>   <xsl:variable name=
    "K1"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k1"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k16"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K2"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k2"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k15"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K3"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k3"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k14"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K4"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k4"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k13"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K5"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k5"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k12"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K6"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k6"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k11"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K7"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k7"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k10"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K8"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k8"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k9"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K9"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k9"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k8"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K10"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k10"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k7"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K11"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k11"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k6"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K12"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k12"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k5"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K13"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k13"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k4"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K14"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k14"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k3"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K15"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k15"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k2"/></xsl:if> </xsl:variable> <xsl:variable name=
    "K16"> <xsl:
    
    if test=
    "$encrypt"><xsl:value-of select=
    "$k16"/></xsl:if> <xsl:
    
    if test=
    "$decrypt"><xsl:value-of select=
    "$k1"/></xsl:if> </xsl:variable>   <xsl:variable name=
    "IPv" select=
    "hsw:sel($M,exslt:node-set($des:IP)/*)"/>   <xsl:variable name=
    "L0" select=
    "substring($IPv,1,32)"/> <xsl:variable name=
    "R0" select=
    "substring($IPv,33)"/>   <xsl:variable name=
    "E" select=
    "exslt:node-set($des:E)/*"/>   <xsl:variable name=
    "L1" select=
    "$R0"/> <xsl:variable name=
    "R1" select=
    "hsw:xorBin($L0,des:f(hsw:sel($R0,$E),$K1))"/>   <xsl:variable name=
    "L2" select=
    "$R1"/> <xsl:variable name=
    "R2" select=
    "hsw:xorBin($L1,des:f(hsw:sel($R1,$E),$K2))"/>   <xsl:variable name=
    "L3" select=
    "$R2"/> <xsl:variable name=
    "R3" select=
    "hsw:xorBin($L2,des:f(hsw:sel($R2,$E),$K3))"/>   <xsl:variable name=
    "L4" select=
    "$R3"/> <xsl:variable name=
    "R4" select=
    "hsw:xorBin($L3,des:f(hsw:sel($R3,$E),$K4))"/>   <xsl:variable name=
    "L5" select=
    "$R4"/> <xsl:variable name=
    "R5" select=
    "hsw:xorBin($L4,des:f(hsw:sel($R4,$E),$K5))"/>   <xsl:variable name=
    "L6" select=
    "$R5"/> <xsl:variable name=
    "R6" select=
    "hsw:xorBin($L5,des:f(hsw:sel($R5,$E),$K6))"/>   <xsl:variable name=
    "L7" select=
    "$R6"/> <xsl:variable name=
    "R7" select=
    "hsw:xorBin($L6,des:f(hsw:sel($R6,$E),$K7))"/>   <xsl:variable name=
    "L8" select=
    "$R7"/> <xsl:variable name=
    "R8" select=
    "hsw:xorBin($L7,des:f(hsw:sel($R7,$E),$K8))"/>   <xsl:variable name=
    "L9" select=
    "$R8"/> <xsl:variable name=
    "R9" select=
    "hsw:xorBin($L8,des:f(hsw:sel($R8,$E),$K9))"/>   <xsl:variable name=
    "L10" select=
    "$R9"/> <xsl:variable name=
    "R10" select=
    "hsw:xorBin($L9,des:f(hsw:sel($R9,$E),$K10))"/>   <xsl:variable name=
    "L11" select=
    "$R10"/> <xsl:variable name=
    "R11" select=
    "hsw:xorBin($L10,des:f(hsw:sel($R10,$E),$K11))"/>   <xsl:variable name=
    "L12" select=
    "$R11"/> <xsl:variable name=
    "R12" select=
    "hsw:xorBin($L11,des:f(hsw:sel($R11,$E),$K12))"/>   <xsl:variable name=
    "L13" select=
    "$R12"/> <xsl:variable name=
    "R13" select=
    "hsw:xorBin($L12,des:f(hsw:sel($R12,$E),$K13))"/>   <xsl:variable name=
    "L14" select=
    "$R13"/> <xsl:variable name=
    "R14" select=
    "hsw:xorBin($L13,des:f(hsw:sel($R13,$E),$K14))"/>   <xsl:variable name=
    "L15" select=
    "$R14"/> <xsl:variable name=
    "R15" select=
    "hsw:xorBin($L14,des:f(hsw:sel($R14,$E),$K15))"/>   <xsl:variable name=
    "L16" select=
    "$R15"/> <xsl:variable name=
    "R16" select=
    "hsw:xorBin($L15,des:f(hsw:sel($R15,$E),$K16))"/>   <xsl:variable name=
    "res" select=
    "hsw:sel(concat($R16,$L16),exslt:node-set($des:IP-1)/*)"/> <!-- <xsl:variable name=
    "dummy-xsl-message-in-func-function"> <xsl:message dp:priority=
    "error"> <xsl:value-of select=
    "$MH"/> <xsl:value-of select=
    "hsw:display($M,4,'M')"/> <xsl:value-of select=
    "$KH"/> <xsl:value-of select=
    "hsw:display($K,8,'K')"/> <xsl:value-of select=
    "hsw:display($Kplus,7,'Kplus')"/> <xsl:value-of select=
    "hsw:display($C0,7,'C0')"/> <xsl:value-of select=
    "hsw:display($D0,7,'D0')"/> <xsl:value-of select=
    "hsw:display($C15,7,'C15')"/> <xsl:value-of select=
    "hsw:display($D15,7,'D15')"/> <xsl:value-of select=
    "hsw:display($C16,7,'C16')"/> <xsl:value-of select=
    "hsw:display($D16,7,'D16')"/> <xsl:value-of select=
    "hsw:display($K1,6,'K1')"/> <xsl:value-of select=
    "hsw:display($K2,6,'K2')"/> <xsl:value-of select=
    "hsw:display($K15,6,'K15')"/> <xsl:value-of select=
    "hsw:display($K16,6,'K16')"/> <xsl:value-of select=
    "hsw:display($IPv,4,'IP')"/> <xsl:value-of select=
    "hsw:display($L0,4,'L0')"/> <xsl:value-of select=
    "hsw:display($R0,4,'R0')"/> <xsl:value-of select=
    "hsw:display($L1,4,'L1')"/> <xsl:value-of select=
    "hsw:display($R1,4,'R1')"/> <xsl:value-of select=
    "hsw:display($L2,4,'L2')"/> <xsl:value-of select=
    "hsw:display($R2,4,'R2')"/> <xsl:value-of select=
    "hsw:display($L16,4,'L16')"/> <xsl:value-of select=
    "hsw:display($R16,4,'R16')"/> <xsl:value-of select=
    "hsw:display($res,8,'res')"/> <xsl:value-of select=
    "hsw:binTOhex($res)"/> </xsl:message> </xsl:variable> --> <func:result select=
    "hsw:binTOhex($res)"/> </func:function>   <!-- DES function f --> <func:function name=
    "des:f"> <xsl:param name=
    "E"/> <xsl:param name=
    "K"/>   <xsl:variable name=
    "x" select=
    "hsw:xorBin($E,$K)"/>   <xsl:variable name=
    "y" select=
    "concat( substring($des:S1,1+4*hsw:binTOdec(substring($x, 1,6)),4), substring($des:S2,1+4*hsw:binTOdec(substring($x, 7,6)),4), substring($des:S3,1+4*hsw:binTOdec(substring($x,13,6)),4), substring($des:S4,1+4*hsw:binTOdec(substring($x,19,6)),4), substring($des:S5,1+4*hsw:binTOdec(substring($x,25,6)),4), substring($des:S6,1+4*hsw:binTOdec(substring($x,31,6)),4), substring($des:S7,1+4*hsw:binTOdec(substring($x,37,6)),4), substring($des:S8,1+4*hsw:binTOdec(substring($x,43,6)),4) )
    " />   <!-- <xsl:variable name=
    "dummy-xsl-message-in-func-function"> <xsl:message dp:priority=
    "error"> <xsl:value-of select=
    "hsw:display($x,6,'x')"/> </xsl:message> <xsl:message dp:priority=
    "error"> <xsl:value-of select=
    "hsw:display($y,4,'y')"/> </xsl:message> </xsl:variable> -->   <func:result select=
    "hsw:sel($y,exslt:node-set($des:P)/*)"/> </func:function>     <xsl:variable name=
    "des:PC-1"> <i>57</i><i>49</i><i>41</i><i>33</i><i>25</i><i>17</i><i> 9</i> <i> 1</i><i>58</i><i>50</i><i>42</i><i>34</i><i>26</i><i>18</i> <i>10</i><i> 2</i><i>59</i><i>51</i><i>43</i><i>35</i><i>27</i> <i>19</i><i>11</i><i> 3</i><i>60</i><i>52</i><i>44</i><i>36</i> <i>63</i><i>55</i><i>47</i><i>39</i><i>31</i><i>23</i><i>15</i> <i> 7</i><i>62</i><i>54</i><i>46</i><i>38</i><i>30</i><i>22</i> <i>14</i><i> 6</i><i>61</i><i>53</i><i>45</i><i>37</i><i>29</i> <i>21</i><i>13</i><i> 5</i><i>28</i><i>20</i><i>12</i><i> 4</i> </xsl:variable>   <xsl:variable name=
    "des:PC-2"> <i>14</i><i>17</i><i>11</i><i>24</i><i> 1</i><i> 5</i> <i> 3</i><i>28</i><i>15</i><i> 6</i><i>21</i><i>10</i> <i>23</i><i>19</i><i>12</i><i> 4</i><i>26</i><i> 8</i> <i>16</i><i> 7</i><i>27</i><i>20</i><i>13</i><i> 2</i> <i>41</i><i>52</i><i>31</i><i>37</i><i>47</i><i>55</i> <i>30</i><i>40</i><i>51</i><i>45</i><i>33</i><i>48</i> <i>44</i><i>49</i><i>39</i><i>56</i><i>34</i><i>53</i> <i>46</i><i>42</i><i>50</i><i>36</i><i>29</i><i>32</i> </xsl:variable>   <xsl:variable name=
    "des:IP"> <i>58</i><i>50</i><i>42</i><i>34</i><i>26</i><i>18</i><i>10</i><i> 2</i> <i>60</i><i>52</i><i>44</i><i>36</i><i>28</i><i>20</i><i>12</i><i> 4</i> <i>62</i><i>54</i><i>46</i><i>38</i><i>30</i><i>22</i><i>14</i><i> 6</i> <i>64</i><i>56</i><i>48</i><i>40</i><i>32</i><i>24</i><i>16</i><i> 8</i> <i>57</i><i>49</i><i>41</i><i>33</i><i>25</i><i>17</i><i> 9</i><i> 1</i> <i>59</i><i>51</i><i>43</i><i>35</i><i>27</i><i>19</i><i>11</i><i> 3</i> <i>61</i><i>53</i><i>45</i><i>37</i><i>29</i><i>21</i><i>13</i><i> 5</i> <i>63</i><i>55</i><i>47</i><i>39</i><i>31</i><i>23</i><i>15</i><i> 7</i> </xsl:variable>   <xsl:variable name=
    "des:E"> <i>32</i><i> 1</i><i> 2</i><i> 3</i><i> 4</i><i> 5</i> <i> 4</i><i> 5</i><i> 6</i><i> 7</i><i> 8</i><i> 9</i> <i> 8</i><i> 9</i><i>10</i><i>11</i><i>12</i><i>13</i> <i>12</i><i>13</i><i>14</i><i>15</i><i>16</i><i>17</i> <i>16</i><i>17</i><i>18</i><i>19</i><i>20</i><i>21</i> <i>20</i><i>21</i><i>22</i><i>23</i><i>24</i><i>25</i> <i>24</i><i>25</i><i>26</i><i>27</i><i>28</i><i>29</i> <i>28</i><i>29</i><i>30</i><i>31</i><i>32</i><i> 1</i> </xsl:variable>   <xsl:variable name=
    "des:S1" select=
    "concat( 
    '1110000001001111110101110001010000101110111100101011110110000001', 
    '0011101010100110011011001100101101011001100101010000001101111000', 
    '0100111100011100111010001000001011010100011010010010000110110111', 
    '1111010111001011100100110111111000111010101000000101011000001101' )
    "/>   <xsl:variable name=
    "des:S2" select=
    "concat( 
    '1111001100011101100001001110011101101111101100100011100001001110', 
    '1001110001110000001000011101101011000110000010010101101110100101', 
    '0000110111101000011110101011000110100011010011111101010000010010', 
    '0101101110000110110001110110110010010000001101010010111011111001' )
    "/>   <xsl:variable name=
    "des:S3" select=
    "concat( 
    '1010110100000111100100001110100101100011001101001111011001011010', 
    '0001001011011000110001010111111010111100010010110010111110000001', 
    '1101000101101010010011011001000010000110111110010011100000000111', 
    '1011010000011111001011101100001101011011101001011110001001111100' )
    "/>   <xsl:variable name=
    "des:S4" select=
    "concat( 
    '0111110111011000111010110011010100000110011011111001000010100011', 
    '0001010000100111100000100101110010110001110010100100111011111001', 
    '1010001101101111100100000000011011001010101100010111110111011000', 
    '1111100100010100001101011110101101011100001001111000001001001110' )
    "/>   <xsl:variable name=
    "des:S5" select=
    "concat( 
    '0010111011001011010000100001110001110100101001111011110101100001', 
    '1000010101010000001111111111101011010011000010011110100010010110', 
    '0100101100101000000111001011011110100001110111100111001010001101', 
    '1111011010011111110000000101100101101010001101000000010111100011' )
    "/>   <xsl:variable name=
    "des:S6" select=
    "concat( 
    '1100101000011111101001001111001010010111001011000110100110000101', 
    '0000011011010001001111010100111011100000011110110101001110111000', 
    '1001010011100011111100100101110000101001100001011100111100111010', 
    '0111101100001110010000011010011100010110110100001011100001101101' )
    "/>   <xsl:variable name=
    "des:S7" select=
    "concat( 
    '0100110110110000001010111110011111110100000010011000000111011010', 
    '0011111011000011100101010111110001010010101011110110100000010110', 
    '0001011001001011101111011101100011000001001101000111101011100111', 
    '1010100111110101011000001000111100001110010100101001001100101100' )
    "/>   <xsl:variable name=
    "des:S8" select=
    "concat( 
    '1101000100101111100011010100100001101010111100111011011100010100', 
    '1010110010010101001101101110101101010000000011101100100101110010', 
    '0111001010110001010011100001011110010100110010101110100000101101', 
    '0000111101101100101010011101000011110011001101010101011010001011' )
    "/>   <xsl:variable name=
    "des:P"> <i>16</i><i> 7</i><i>20</i><i>21</i> <i>29</i><i>12</i><i>28</i><i>17</i> <i> 1</i><i>15</i><i>23</i><i>26</i> <i> 5</i><i>18</i><i>31</i><i>10</i> <i> 2</i><i> 8</i><i>24</i><i>14</i> <i>32</i><i>27</i><i> 3</i><i> 9</i> <i>19</i><i>13</i><i>30</i><i> 6</i> <i>22</i><i>11</i><i> 4</i><i>25</i> </xsl:variable>   <xsl:variable name=
    "des:IP-1"> <i>40</i><i>8</i><i>48</i><i>16</i><i>56</i><i>24</i><i>64</i><i>32</i> <i>39</i><i>7</i><i>47</i><i>15</i><i>55</i><i>23</i><i>63</i><i>31</i> <i>38</i><i>6</i><i>46</i><i>14</i><i>54</i><i>22</i><i>62</i><i>30</i> <i>37</i><i>5</i><i>45</i><i>13</i><i>53</i><i>21</i><i>61</i><i>29</i> <i>36</i><i>4</i><i>44</i><i>12</i><i>52</i><i>20</i><i>60</i><i>28</i> <i>35</i><i>3</i><i>43</i><i>11</i><i>51</i><i>19</i><i>59</i><i>27</i> <i>34</i><i>2</i><i>42</i><i>10</i><i>50</i><i>18</i><i>58</i><i>26</i> <i>33</i><i>1</i><i>41</i><i> 9</i><i>49</i><i>17</i><i>57</i><i>25</i> </xsl:variable>       <!-- copied in what is needed 
    
    for des.xsl from hsw.xsl ... --> <!-- selection (generalization of permutation) --> <func:function name=
    "hsw:sel"> <xsl:param name=
    "str"/> <xsl:param name=
    "sel"/>   <xsl:choose> <xsl:when test=
    "not($sel)"/>   <xsl:otherwise> <func:result select=
    "concat( substring($str,$sel[1],1), hsw:sel($str,$sel[position()>1]) )
    " /> </xsl:otherwise> </xsl:choose> </func:function>     <!-- 
    
    for bidirectional mapping --> <xsl:variable name=
    "hexbin"> <x d=
    '0'>0000</x><x d=
    '1'>0001</x><x d=
    '2'>0010</x><x d=
    '3'>0011</x> <x d=
    '4'>0100</x><x d=
    '5'>0101</x><x d=
    '6'>0110</x><x d=
    '7'>0111</x> <x d=
    '8'>1000</x><x d=
    '9'>1001</x><x d=
    'A'>1010</x><x d=
    'B'>1011</x> <x d=
    'C'>1100</x><x d=
    'D'>1101</x><x d=
    'E'>1110</x><x d=
    'F'>1111</x> </xsl:variable>     <!-- leading 
    '0' preserving (non-existant) dp:radix-convert(_,2,16) --> <func:function name=
    "hsw:binTOhex"> <xsl:param name=
    "str"/>   <xsl:variable name=
    "len" select=
    "string-length($str)"/>   <xsl:choose> <xsl:when test=
    "not($str)"/>   <xsl:when test=
    "$len mod 4"> <func:result select=
    "hsw:binTOhex(concat(substring('000',$len mod 4),$str))"/> </xsl:when>   <xsl:otherwise> <func:result select=
    "concat( exslt:node-set($hexbin)/x[starts-with($str,.)]/@d, hsw:binTOhex(substring($str,5)) )
    " /> </xsl:otherwise> </xsl:choose> </func:function>     <!-- leading 
    '0' preserving (non-existant) dp:radix-convert(_,16,2) --> <func:function name=
    "hsw:hexTObin"> <xsl:param name=
    "str"/>   <xsl:choose> <xsl:when test=
    "not($str)"/>   <xsl:otherwise> <func:result select=
    "concat( exslt:node-set($hexbin)/x[starts-with($str,@d)], hsw:hexTObin(substring($str,2)) )
    " /> </xsl:otherwise> </xsl:choose> </func:function>     <!-- non-existant dp:radix-convert(_,2,10) --> <func:function name=
    "hsw:binTOdec"> <xsl:param name=
    "str"/>   <xsl:choose> <xsl:when test=
    "not($str)"> <func:result select=
    "0"/> </xsl:when> <xsl:otherwise> <func:result select=
    "2*hsw:binTOdec(substring($str,1,string-length($str)-1)) + substring($str,string-length($str),1)
    " /> </xsl:otherwise> </xsl:choose> </func:function>     <!-- xor of binary strings $a and $b --> <func:function name=
    "hsw:xorBin"> <xsl:param name=
    "a"/> <xsl:param name=
    "b"/>   <xsl:choose> <xsl:when test=
    "not($a)"/>   <xsl:otherwise> <func:result select=
    "concat( number(substring($a,1,1)!=substring($b,1,1)), hsw:xorBin(substring($a,2),substring($b,2)) )
    " /> </xsl:otherwise> </xsl:choose> </func:function>     <!-- cyclic 
    "shift left" of $str by $cnt positions --> <func:function name=
    "hsw:shiftLeft"> <xsl:param name=
    "str"/> <xsl:param name=
    "cnt"/>   <func:result select=
    "concat(substring($str,1+$cnt),substring($str,1,$cnt))"/> </func:function>     <!-- auxiliary function 
    
    for nice output str: string to output (hex, bin, ...) blk: length of a block (after which a space is placed) lab: label 
    
    if present, 
    
    for output 
    "lab=..." --> <func:function name=
    "hsw:display"> <xsl:param name=
    "str"/> <xsl:param name=
    "blk"/> <xsl:param name=
    "lab"/>   <xsl:choose> <xsl:when test=
    "$lab"> <func:result select=
    "concat( str:align($lab,
    '        ',
    'right'), 
    ' = ', hsw:display($str,$blk) )
    " /> </xsl:when>   <xsl:when test=
    "not($str)"/>   <xsl:otherwise> <func:result select=
    "concat( substring($str,1,$blk), 
    ' ', hsw:display(substring($str,1+$blk),$blk) )
    " /> </xsl:otherwise> </xsl:choose> </func:function>   <!-- needed only on Non-DataPower XSLT processors like xalan --> <func:function name=
    "dp:time-value"> <func:result select=
    "1"/> </func:function>   </xsl:stylesheet>
    


     
    Hermann<myXsltBlog/>
  • SudhishSikhamani
    SudhishSikhamani
    3 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-11-23T22:00:00Z  
    • HermannSW
    • ‏2011-11-04T23:52:30Z
    Sudish,

    Ivan is right that there is no way based on DataPower extension functions to provide DES-ECB.

    But I have to answer back on Ivan's statement:
    "This is not possible even with custom XSL since the only cryptographic primitives ..."

    Implementing the cryptographic primitives in XSLT does the job.

    I just copied anything needed to do a 64bit block DES encrypt and DES decrypt together -- this is work in progress, but completed for DES.

    Find stylesheet des-demo.xsl attached doing the DES encryption on the sample taken from "The DES Algorithm Illustrated":
    http://orlingrabbe.com/des.htm

    This is definitely NOT what you want to do on big data, as a single 64bit DES encrypt takes 3 milliseconds (3 take 8ms).

    But if you do need to DES encrypt only small amount of data and/or have no other choice this is "a" way to go.

    Btw, this stylesheet is portable and runs for DataPower as well as xalan XSLT processors.

    <pre class="jive-pre"> $ coproc2 des-demo.xsl empty.xml http: //dp3-l3.boeblingen.de.ibm.com:2223 des.xsl demo des:encrypt-blk( '0123456789ABCDEF', '133457799BBCDFF1')=85E813540F0AB405 t1-t0=3ms des:decrypt-blk( '85E813540F0AB405', '133457799BBCDFF1')=0123456789ABCDEF $ $ xalan des-demo.xsl des.xsl demo des:encrypt-blk( '0123456789ABCDEF', '133457799BBCDFF1')=85E813540F0AB405 t1-t0=0ms des:decrypt-blk( '85E813540F0AB405', '133457799BBCDFF1')=0123456789ABCDEF $ </pre>
    This is -- as I said work in progress -- the complete "des-demo.xsl":
    <pre class="jive-pre"> <?xml-stylesheet href= "#" type= "text/xsl"?> <xsl:stylesheet version= "1.0" xmlns:xsl= "http://www.w3.org/1999/XSL/Transform" xmlns:exslt= "http://exslt.org/common" xmlns:func= "http://exslt.org/functions" xmlns:str= "http://exslt.org/strings" xmlns:dp= "http://www.datapower.com/extensions" xmlns:md4= "urn:iso:member-body:US:rsadsi:digestAlgorithm:4" xmlns:des= "urn:iso:identified-organization:oiw:secsig:algorithm:des-ecb" xmlns:hsw= "http://www.stamm-wilbrandt.de/datapower/functions" extension-element-prefixes= "dp" exclude-result-prefixes= "func" > <xsl:output omit-xml-declaration= "yes"/> <!-- Sample (and algorithm) taken from "The DES Algorithm Illustrated": http: //orlingrabbe.com/des.htm --> <xsl:template match= "/"> <xsl:text>des.xsl demo </xsl:text> <xsl:variable name= "t0" select= "dp:time-value()"/> <xsl:variable name= "res" select= "des:encrypt-blk('0123456789ABCDEF','133457799BBCDFF1')"/> <xsl:variable name= "t1" select= "dp:time-value()"/> <xsl:text>des:encrypt-blk( '0123456789ABCDEF', '133457799BBCDFF1')=</xsl:text> <xsl:value-of select= "$res"/> <xsl:text> </xsl:text> <xsl:text>t1-t0=</xsl:text><xsl:value-of select= "$t1 - $t0"/> <xsl:text>ms </xsl:text> <xsl:text>des:decrypt-blk( '85E813540F0AB405', '133457799BBCDFF1')=</xsl:text> <xsl:value-of select= "des:decrypt-blk('85E813540F0AB405','133457799BBCDFF1')"/> <xsl:text> </xsl:text> </xsl:template> <!-- DES encrypt 64bit (blk) hex message $MH with 64bit hex key $KH --> <func:function name= "des:encrypt-blk"> <xsl:param name= "MH"/> <xsl:param name= "KH"/> <func:result select= "des:crypt-blk($MH,$KH,true())"/> </func:function> <!-- DES decrypt 64bit (blk) hex message $MH with 64bit hex key $KH --> <func:function name= "des:decrypt-blk"> <xsl:param name= "MH"/> <xsl:param name= "KH"/> <func:result select= "des:crypt-blk($MH,$KH,false())"/> </func:function> <!-- DES en-/de-crypt 64bit (blk) hex message $MH with 64bit hex key $KH --> <func:function name= "des:crypt-blk"> <xsl:param name= "MH"/> <xsl:param name= "KH"/> <xsl:param name= "encrypt"/> <xsl: if test= "string-length($MH)!=16"> <xsl:message terminate= "yes">des:encrypt-blk message!=64bit</xsl:message> </xsl:if> <xsl: if test= "string-length($KH)!=16"> <xsl:message terminate= "yes">des:encrypt-blk key!=64bit</xsl:message> </xsl:if> <xsl:variable name= "M" select= "hsw:hexTObin($MH)"/> <xsl:variable name= "K" select= "hsw:hexTObin($KH)"/> <xsl:variable name= "Kplus" select= "hsw:sel($K,exslt:node-set($des:PC-1)/*)"/> <xsl:variable name= "C0" select= "substring($Kplus,1,28)"/> <xsl:variable name= "D0" select= "substring($Kplus,29)"/> <xsl:variable name= "C1" select= "hsw:shiftLeft($C0,1)"/> <xsl:variable name= "D1" select= "hsw:shiftLeft($D0,1)"/> <xsl:variable name= "C2" select= "hsw:shiftLeft($C1,1)"/> <xsl:variable name= "D2" select= "hsw:shiftLeft($D1,1)"/> <xsl:variable name= "C3" select= "hsw:shiftLeft($C2,2)"/> <xsl:variable name= "D3" select= "hsw:shiftLeft($D2,2)"/> <xsl:variable name= "C4" select= "hsw:shiftLeft($C3,2)"/> <xsl:variable name= "D4" select= "hsw:shiftLeft($D3,2)"/> <xsl:variable name= "C5" select= "hsw:shiftLeft($C4,2)"/> <xsl:variable name= "D5" select= "hsw:shiftLeft($D4,2)"/> <xsl:variable name= "C6" select= "hsw:shiftLeft($C5,2)"/> <xsl:variable name= "D6" select= "hsw:shiftLeft($D5,2)"/> <xsl:variable name= "C7" select= "hsw:shiftLeft($C6,2)"/> <xsl:variable name= "D7" select= "hsw:shiftLeft($D6,2)"/> <xsl:variable name= "C8" select= "hsw:shiftLeft($C7,2)"/> <xsl:variable name= "D8" select= "hsw:shiftLeft($D7,2)"/> <xsl:variable name= "C9" select= "hsw:shiftLeft($C8,1)"/> <xsl:variable name= "D9" select= "hsw:shiftLeft($D8,1)"/> <xsl:variable name= "C10" select= "hsw:shiftLeft($C9,2)"/> <xsl:variable name= "D10" select= "hsw:shiftLeft($D9,2)"/> <xsl:variable name= "C11" select= "hsw:shiftLeft($C10,2)"/> <xsl:variable name= "D11" select= "hsw:shiftLeft($D10,2)"/> <xsl:variable name= "C12" select= "hsw:shiftLeft($C11,2)"/> <xsl:variable name= "D12" select= "hsw:shiftLeft($D11,2)"/> <xsl:variable name= "C13" select= "hsw:shiftLeft($C12,2)"/> <xsl:variable name= "D13" select= "hsw:shiftLeft($D12,2)"/> <xsl:variable name= "C14" select= "hsw:shiftLeft($C13,2)"/> <xsl:variable name= "D14" select= "hsw:shiftLeft($D13,2)"/> <xsl:variable name= "C15" select= "hsw:shiftLeft($C14,2)"/> <xsl:variable name= "D15" select= "hsw:shiftLeft($D14,2)"/> <xsl:variable name= "C16" select= "hsw:shiftLeft($C15,1)"/> <xsl:variable name= "D16" select= "hsw:shiftLeft($D15,1)"/> <xsl:variable name= "PC-2" select= "exslt:node-set($des:PC-2)/*"/> <xsl:variable name= "k1" select= "hsw:sel(concat($C1 ,$D1 ),$PC-2)"/> <xsl:variable name= "k2" select= "hsw:sel(concat($C2 ,$D2 ),$PC-2)"/> <xsl:variable name= "k3" select= "hsw:sel(concat($C3 ,$D3 ),$PC-2)"/> <xsl:variable name= "k4" select= "hsw:sel(concat($C4 ,$D4 ),$PC-2)"/> <xsl:variable name= "k5" select= "hsw:sel(concat($C5 ,$D5 ),$PC-2)"/> <xsl:variable name= "k6" select= "hsw:sel(concat($C6 ,$D6 ),$PC-2)"/> <xsl:variable name= "k7" select= "hsw:sel(concat($C7 ,$D7 ),$PC-2)"/> <xsl:variable name= "k8" select= "hsw:sel(concat($C8 ,$D8 ),$PC-2)"/> <xsl:variable name= "k9" select= "hsw:sel(concat($C9 ,$D9 ),$PC-2)"/> <xsl:variable name= "k10" select= "hsw:sel(concat($C10,$D10),$PC-2)"/> <xsl:variable name= "k11" select= "hsw:sel(concat($C11,$D11),$PC-2)"/> <xsl:variable name= "k12" select= "hsw:sel(concat($C12,$D12),$PC-2)"/> <xsl:variable name= "k13" select= "hsw:sel(concat($C13,$D13),$PC-2)"/> <xsl:variable name= "k14" select= "hsw:sel(concat($C14,$D14),$PC-2)"/> <xsl:variable name= "k15" select= "hsw:sel(concat($C15,$D15),$PC-2)"/> <xsl:variable name= "k16" select= "hsw:sel(concat($C16,$D16),$PC-2)"/> <xsl:variable name= "decrypt" select= "not($encrypt)"/> <xsl:variable name= "K1"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k1"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k16"/></xsl:if> </xsl:variable> <xsl:variable name= "K2"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k2"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k15"/></xsl:if> </xsl:variable> <xsl:variable name= "K3"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k3"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k14"/></xsl:if> </xsl:variable> <xsl:variable name= "K4"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k4"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k13"/></xsl:if> </xsl:variable> <xsl:variable name= "K5"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k5"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k12"/></xsl:if> </xsl:variable> <xsl:variable name= "K6"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k6"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k11"/></xsl:if> </xsl:variable> <xsl:variable name= "K7"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k7"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k10"/></xsl:if> </xsl:variable> <xsl:variable name= "K8"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k8"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k9"/></xsl:if> </xsl:variable> <xsl:variable name= "K9"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k9"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k8"/></xsl:if> </xsl:variable> <xsl:variable name= "K10"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k10"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k7"/></xsl:if> </xsl:variable> <xsl:variable name= "K11"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k11"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k6"/></xsl:if> </xsl:variable> <xsl:variable name= "K12"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k12"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k5"/></xsl:if> </xsl:variable> <xsl:variable name= "K13"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k13"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k4"/></xsl:if> </xsl:variable> <xsl:variable name= "K14"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k14"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k3"/></xsl:if> </xsl:variable> <xsl:variable name= "K15"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k15"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k2"/></xsl:if> </xsl:variable> <xsl:variable name= "K16"> <xsl: if test= "$encrypt"><xsl:value-of select= "$k16"/></xsl:if> <xsl: if test= "$decrypt"><xsl:value-of select= "$k1"/></xsl:if> </xsl:variable> <xsl:variable name= "IPv" select= "hsw:sel($M,exslt:node-set($des:IP)/*)"/> <xsl:variable name= "L0" select= "substring($IPv,1,32)"/> <xsl:variable name= "R0" select= "substring($IPv,33)"/> <xsl:variable name= "E" select= "exslt:node-set($des:E)/*"/> <xsl:variable name= "L1" select= "$R0"/> <xsl:variable name= "R1" select= "hsw:xorBin($L0,des:f(hsw:sel($R0,$E),$K1))"/> <xsl:variable name= "L2" select= "$R1"/> <xsl:variable name= "R2" select= "hsw:xorBin($L1,des:f(hsw:sel($R1,$E),$K2))"/> <xsl:variable name= "L3" select= "$R2"/> <xsl:variable name= "R3" select= "hsw:xorBin($L2,des:f(hsw:sel($R2,$E),$K3))"/> <xsl:variable name= "L4" select= "$R3"/> <xsl:variable name= "R4" select= "hsw:xorBin($L3,des:f(hsw:sel($R3,$E),$K4))"/> <xsl:variable name= "L5" select= "$R4"/> <xsl:variable name= "R5" select= "hsw:xorBin($L4,des:f(hsw:sel($R4,$E),$K5))"/> <xsl:variable name= "L6" select= "$R5"/> <xsl:variable name= "R6" select= "hsw:xorBin($L5,des:f(hsw:sel($R5,$E),$K6))"/> <xsl:variable name= "L7" select= "$R6"/> <xsl:variable name= "R7" select= "hsw:xorBin($L6,des:f(hsw:sel($R6,$E),$K7))"/> <xsl:variable name= "L8" select= "$R7"/> <xsl:variable name= "R8" select= "hsw:xorBin($L7,des:f(hsw:sel($R7,$E),$K8))"/> <xsl:variable name= "L9" select= "$R8"/> <xsl:variable name= "R9" select= "hsw:xorBin($L8,des:f(hsw:sel($R8,$E),$K9))"/> <xsl:variable name= "L10" select= "$R9"/> <xsl:variable name= "R10" select= "hsw:xorBin($L9,des:f(hsw:sel($R9,$E),$K10))"/> <xsl:variable name= "L11" select= "$R10"/> <xsl:variable name= "R11" select= "hsw:xorBin($L10,des:f(hsw:sel($R10,$E),$K11))"/> <xsl:variable name= "L12" select= "$R11"/> <xsl:variable name= "R12" select= "hsw:xorBin($L11,des:f(hsw:sel($R11,$E),$K12))"/> <xsl:variable name= "L13" select= "$R12"/> <xsl:variable name= "R13" select= "hsw:xorBin($L12,des:f(hsw:sel($R12,$E),$K13))"/> <xsl:variable name= "L14" select= "$R13"/> <xsl:variable name= "R14" select= "hsw:xorBin($L13,des:f(hsw:sel($R13,$E),$K14))"/> <xsl:variable name= "L15" select= "$R14"/> <xsl:variable name= "R15" select= "hsw:xorBin($L14,des:f(hsw:sel($R14,$E),$K15))"/> <xsl:variable name= "L16" select= "$R15"/> <xsl:variable name= "R16" select= "hsw:xorBin($L15,des:f(hsw:sel($R15,$E),$K16))"/> <xsl:variable name= "res" select= "hsw:sel(concat($R16,$L16),exslt:node-set($des:IP-1)/*)"/> <!-- <xsl:variable name= "dummy-xsl-message-in-func-function"> <xsl:message dp:priority= "error"> <xsl:value-of select= "$MH"/> <xsl:value-of select= "hsw:display($M,4,'M')"/> <xsl:value-of select= "$KH"/> <xsl:value-of select= "hsw:display($K,8,'K')"/> <xsl:value-of select= "hsw:display($Kplus,7,'Kplus')"/> <xsl:value-of select= "hsw:display($C0,7,'C0')"/> <xsl:value-of select= "hsw:display($D0,7,'D0')"/> <xsl:value-of select= "hsw:display($C15,7,'C15')"/> <xsl:value-of select= "hsw:display($D15,7,'D15')"/> <xsl:value-of select= "hsw:display($C16,7,'C16')"/> <xsl:value-of select= "hsw:display($D16,7,'D16')"/> <xsl:value-of select= "hsw:display($K1,6,'K1')"/> <xsl:value-of select= "hsw:display($K2,6,'K2')"/> <xsl:value-of select= "hsw:display($K15,6,'K15')"/> <xsl:value-of select= "hsw:display($K16,6,'K16')"/> <xsl:value-of select= "hsw:display($IPv,4,'IP')"/> <xsl:value-of select= "hsw:display($L0,4,'L0')"/> <xsl:value-of select= "hsw:display($R0,4,'R0')"/> <xsl:value-of select= "hsw:display($L1,4,'L1')"/> <xsl:value-of select= "hsw:display($R1,4,'R1')"/> <xsl:value-of select= "hsw:display($L2,4,'L2')"/> <xsl:value-of select= "hsw:display($R2,4,'R2')"/> <xsl:value-of select= "hsw:display($L16,4,'L16')"/> <xsl:value-of select= "hsw:display($R16,4,'R16')"/> <xsl:value-of select= "hsw:display($res,8,'res')"/> <xsl:value-of select= "hsw:binTOhex($res)"/> </xsl:message> </xsl:variable> --> <func:result select= "hsw:binTOhex($res)"/> </func:function> <!-- DES function f --> <func:function name= "des:f"> <xsl:param name= "E"/> <xsl:param name= "K"/> <xsl:variable name= "x" select= "hsw:xorBin($E,$K)"/> <xsl:variable name= "y" select= "concat( substring($des:S1,1+4*hsw:binTOdec(substring($x, 1,6)),4), substring($des:S2,1+4*hsw:binTOdec(substring($x, 7,6)),4), substring($des:S3,1+4*hsw:binTOdec(substring($x,13,6)),4), substring($des:S4,1+4*hsw:binTOdec(substring($x,19,6)),4), substring($des:S5,1+4*hsw:binTOdec(substring($x,25,6)),4), substring($des:S6,1+4*hsw:binTOdec(substring($x,31,6)),4), substring($des:S7,1+4*hsw:binTOdec(substring($x,37,6)),4), substring($des:S8,1+4*hsw:binTOdec(substring($x,43,6)),4) ) " /> <!-- <xsl:variable name= "dummy-xsl-message-in-func-function"> <xsl:message dp:priority= "error"> <xsl:value-of select= "hsw:display($x,6,'x')"/> </xsl:message> <xsl:message dp:priority= "error"> <xsl:value-of select= "hsw:display($y,4,'y')"/> </xsl:message> </xsl:variable> --> <func:result select= "hsw:sel($y,exslt:node-set($des:P)/*)"/> </func:function> <xsl:variable name= "des:PC-1"> <i>57</i><i>49</i><i>41</i><i>33</i><i>25</i><i>17</i><i> 9</i> <i> 1</i><i>58</i><i>50</i><i>42</i><i>34</i><i>26</i><i>18</i> <i>10</i><i> 2</i><i>59</i><i>51</i><i>43</i><i>35</i><i>27</i> <i>19</i><i>11</i><i> 3</i><i>60</i><i>52</i><i>44</i><i>36</i> <i>63</i><i>55</i><i>47</i><i>39</i><i>31</i><i>23</i><i>15</i> <i> 7</i><i>62</i><i>54</i><i>46</i><i>38</i><i>30</i><i>22</i> <i>14</i><i> 6</i><i>61</i><i>53</i><i>45</i><i>37</i><i>29</i> <i>21</i><i>13</i><i> 5</i><i>28</i><i>20</i><i>12</i><i> 4</i> </xsl:variable> <xsl:variable name= "des:PC-2"> <i>14</i><i>17</i><i>11</i><i>24</i><i> 1</i><i> 5</i> <i> 3</i><i>28</i><i>15</i><i> 6</i><i>21</i><i>10</i> <i>23</i><i>19</i><i>12</i><i> 4</i><i>26</i><i> 8</i> <i>16</i><i> 7</i><i>27</i><i>20</i><i>13</i><i> 2</i> <i>41</i><i>52</i><i>31</i><i>37</i><i>47</i><i>55</i> <i>30</i><i>40</i><i>51</i><i>45</i><i>33</i><i>48</i> <i>44</i><i>49</i><i>39</i><i>56</i><i>34</i><i>53</i> <i>46</i><i>42</i><i>50</i><i>36</i><i>29</i><i>32</i> </xsl:variable> <xsl:variable name= "des:IP"> <i>58</i><i>50</i><i>42</i><i>34</i><i>26</i><i>18</i><i>10</i><i> 2</i> <i>60</i><i>52</i><i>44</i><i>36</i><i>28</i><i>20</i><i>12</i><i> 4</i> <i>62</i><i>54</i><i>46</i><i>38</i><i>30</i><i>22</i><i>14</i><i> 6</i> <i>64</i><i>56</i><i>48</i><i>40</i><i>32</i><i>24</i><i>16</i><i> 8</i> <i>57</i><i>49</i><i>41</i><i>33</i><i>25</i><i>17</i><i> 9</i><i> 1</i> <i>59</i><i>51</i><i>43</i><i>35</i><i>27</i><i>19</i><i>11</i><i> 3</i> <i>61</i><i>53</i><i>45</i><i>37</i><i>29</i><i>21</i><i>13</i><i> 5</i> <i>63</i><i>55</i><i>47</i><i>39</i><i>31</i><i>23</i><i>15</i><i> 7</i> </xsl:variable> <xsl:variable name= "des:E"> <i>32</i><i> 1</i><i> 2</i><i> 3</i><i> 4</i><i> 5</i> <i> 4</i><i> 5</i><i> 6</i><i> 7</i><i> 8</i><i> 9</i> <i> 8</i><i> 9</i><i>10</i><i>11</i><i>12</i><i>13</i> <i>12</i><i>13</i><i>14</i><i>15</i><i>16</i><i>17</i> <i>16</i><i>17</i><i>18</i><i>19</i><i>20</i><i>21</i> <i>20</i><i>21</i><i>22</i><i>23</i><i>24</i><i>25</i> <i>24</i><i>25</i><i>26</i><i>27</i><i>28</i><i>29</i> <i>28</i><i>29</i><i>30</i><i>31</i><i>32</i><i> 1</i> </xsl:variable> <xsl:variable name= "des:S1" select= "concat( '1110000001001111110101110001010000101110111100101011110110000001', '0011101010100110011011001100101101011001100101010000001101111000', '0100111100011100111010001000001011010100011010010010000110110111', '1111010111001011100100110111111000111010101000000101011000001101' ) "/> <xsl:variable name= "des:S2" select= "concat( '1111001100011101100001001110011101101111101100100011100001001110', '1001110001110000001000011101101011000110000010010101101110100101', '0000110111101000011110101011000110100011010011111101010000010010', '0101101110000110110001110110110010010000001101010010111011111001' ) "/> <xsl:variable name= "des:S3" select= "concat( '1010110100000111100100001110100101100011001101001111011001011010', '0001001011011000110001010111111010111100010010110010111110000001', '1101000101101010010011011001000010000110111110010011100000000111', '1011010000011111001011101100001101011011101001011110001001111100' ) "/> <xsl:variable name= "des:S4" select= "concat( '0111110111011000111010110011010100000110011011111001000010100011', '0001010000100111100000100101110010110001110010100100111011111001', '1010001101101111100100000000011011001010101100010111110111011000', '1111100100010100001101011110101101011100001001111000001001001110' ) "/> <xsl:variable name= "des:S5" select= "concat( '0010111011001011010000100001110001110100101001111011110101100001', '1000010101010000001111111111101011010011000010011110100010010110', '0100101100101000000111001011011110100001110111100111001010001101', '1111011010011111110000000101100101101010001101000000010111100011' ) "/> <xsl:variable name= "des:S6" select= "concat( '1100101000011111101001001111001010010111001011000110100110000101', '0000011011010001001111010100111011100000011110110101001110111000', '1001010011100011111100100101110000101001100001011100111100111010', '0111101100001110010000011010011100010110110100001011100001101101' ) "/> <xsl:variable name= "des:S7" select= "concat( '0100110110110000001010111110011111110100000010011000000111011010', '0011111011000011100101010111110001010010101011110110100000010110', '0001011001001011101111011101100011000001001101000111101011100111', '1010100111110101011000001000111100001110010100101001001100101100' ) "/> <xsl:variable name= "des:S8" select= "concat( '1101000100101111100011010100100001101010111100111011011100010100', '1010110010010101001101101110101101010000000011101100100101110010', '0111001010110001010011100001011110010100110010101110100000101101', '0000111101101100101010011101000011110011001101010101011010001011' ) "/> <xsl:variable name= "des:P"> <i>16</i><i> 7</i><i>20</i><i>21</i> <i>29</i><i>12</i><i>28</i><i>17</i> <i> 1</i><i>15</i><i>23</i><i>26</i> <i> 5</i><i>18</i><i>31</i><i>10</i> <i> 2</i><i> 8</i><i>24</i><i>14</i> <i>32</i><i>27</i><i> 3</i><i> 9</i> <i>19</i><i>13</i><i>30</i><i> 6</i> <i>22</i><i>11</i><i> 4</i><i>25</i> </xsl:variable> <xsl:variable name= "des:IP-1"> <i>40</i><i>8</i><i>48</i><i>16</i><i>56</i><i>24</i><i>64</i><i>32</i> <i>39</i><i>7</i><i>47</i><i>15</i><i>55</i><i>23</i><i>63</i><i>31</i> <i>38</i><i>6</i><i>46</i><i>14</i><i>54</i><i>22</i><i>62</i><i>30</i> <i>37</i><i>5</i><i>45</i><i>13</i><i>53</i><i>21</i><i>61</i><i>29</i> <i>36</i><i>4</i><i>44</i><i>12</i><i>52</i><i>20</i><i>60</i><i>28</i> <i>35</i><i>3</i><i>43</i><i>11</i><i>51</i><i>19</i><i>59</i><i>27</i> <i>34</i><i>2</i><i>42</i><i>10</i><i>50</i><i>18</i><i>58</i><i>26</i> <i>33</i><i>1</i><i>41</i><i> 9</i><i>49</i><i>17</i><i>57</i><i>25</i> </xsl:variable> <!-- copied in what is needed for des.xsl from hsw.xsl ... --> <!-- selection (generalization of permutation) --> <func:function name= "hsw:sel"> <xsl:param name= "str"/> <xsl:param name= "sel"/> <xsl:choose> <xsl:when test= "not($sel)"/> <xsl:otherwise> <func:result select= "concat( substring($str,$sel[1],1), hsw:sel($str,$sel[position()>1]) ) " /> </xsl:otherwise> </xsl:choose> </func:function> <!-- for bidirectional mapping --> <xsl:variable name= "hexbin"> <x d= '0'>0000</x><x d= '1'>0001</x><x d= '2'>0010</x><x d= '3'>0011</x> <x d= '4'>0100</x><x d= '5'>0101</x><x d= '6'>0110</x><x d= '7'>0111</x> <x d= '8'>1000</x><x d= '9'>1001</x><x d= 'A'>1010</x><x d= 'B'>1011</x> <x d= 'C'>1100</x><x d= 'D'>1101</x><x d= 'E'>1110</x><x d= 'F'>1111</x> </xsl:variable> <!-- leading '0' preserving (non-existant) dp:radix-convert(_,2,16) --> <func:function name= "hsw:binTOhex"> <xsl:param name= "str"/> <xsl:variable name= "len" select= "string-length($str)"/> <xsl:choose> <xsl:when test= "not($str)"/> <xsl:when test= "$len mod 4"> <func:result select= "hsw:binTOhex(concat(substring('000',$len mod 4),$str))"/> </xsl:when> <xsl:otherwise> <func:result select= "concat( exslt:node-set($hexbin)/x[starts-with($str,.)]/@d, hsw:binTOhex(substring($str,5)) ) " /> </xsl:otherwise> </xsl:choose> </func:function> <!-- leading '0' preserving (non-existant) dp:radix-convert(_,16,2) --> <func:function name= "hsw:hexTObin"> <xsl:param name= "str"/> <xsl:choose> <xsl:when test= "not($str)"/> <xsl:otherwise> <func:result select= "concat( exslt:node-set($hexbin)/x[starts-with($str,@d)], hsw:hexTObin(substring($str,2)) ) " /> </xsl:otherwise> </xsl:choose> </func:function> <!-- non-existant dp:radix-convert(_,2,10) --> <func:function name= "hsw:binTOdec"> <xsl:param name= "str"/> <xsl:choose> <xsl:when test= "not($str)"> <func:result select= "0"/> </xsl:when> <xsl:otherwise> <func:result select= "2*hsw:binTOdec(substring($str,1,string-length($str)-1)) + substring($str,string-length($str),1) " /> </xsl:otherwise> </xsl:choose> </func:function> <!-- xor of binary strings $a and $b --> <func:function name= "hsw:xorBin"> <xsl:param name= "a"/> <xsl:param name= "b"/> <xsl:choose> <xsl:when test= "not($a)"/> <xsl:otherwise> <func:result select= "concat( number(substring($a,1,1)!=substring($b,1,1)), hsw:xorBin(substring($a,2),substring($b,2)) ) " /> </xsl:otherwise> </xsl:choose> </func:function> <!-- cyclic "shift left" of $str by $cnt positions --> <func:function name= "hsw:shiftLeft"> <xsl:param name= "str"/> <xsl:param name= "cnt"/> <func:result select= "concat(substring($str,1+$cnt),substring($str,1,$cnt))"/> </func:function> <!-- auxiliary function for nice output str: string to output (hex, bin, ...) blk: length of a block (after which a space is placed) lab: label if present, for output "lab=..." --> <func:function name= "hsw:display"> <xsl:param name= "str"/> <xsl:param name= "blk"/> <xsl:param name= "lab"/> <xsl:choose> <xsl:when test= "$lab"> <func:result select= "concat( str:align($lab, ' ', 'right'), ' = ', hsw:display($str,$blk) ) " /> </xsl:when> <xsl:when test= "not($str)"/> <xsl:otherwise> <func:result select= "concat( substring($str,1,$blk), ' ', hsw:display(substring($str,1+$blk),$blk) ) " /> </xsl:otherwise> </xsl:choose> </func:function> <!-- needed only on Non-DataPower XSLT processors like xalan --> <func:function name= "dp:time-value"> <func:result select= "1"/> </func:function> </xsl:stylesheet> </pre>

     
    Hermann<myXsltBlog/>
    Hermann,

    Thanks for the xsl. I was able to update it to meet our needs. Our input string for now is on small data (less than 8 chars).

    Regards,
    Sudhish
  • HermannSW
    HermannSW
    4742 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2011-12-23T13:13:16Z  
    Hermann,

    Thanks for the xsl. I was able to update it to meet our needs. Our input string for now is on small data (less than 8 chars).

    Regards,
    Sudhish
    Attached is the "Stylesheet Profiling" output for "des_demo.xsl", a 7.2MB HTML page of 35175 lines debug output.

    For the details see posting "Stylesheet Profiling":
    https://www.ibm.com/developerworks/mydeveloperworks/blogs/HermannSW/entry/stylesheet_profiling1

     
    Hermann<myXsltBlog/>
  • DP_learner
    DP_learner
    47 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2013-11-06T17:12:48Z  
    • HermannSW
    • ‏2011-12-23T13:13:16Z
    Attached is the "Stylesheet Profiling" output for "des_demo.xsl", a 7.2MB HTML page of 35175 lines debug output.

    For the details see posting "Stylesheet Profiling":
    https://www.ibm.com/developerworks/mydeveloperworks/blogs/HermannSW/entry/stylesheet_profiling1

     
    Hermann<myXsltBlog/>

    Hi Hermann, Thanks for the xsl. I have a similar requirement wherein I need an xslt based implementation of TripleDES encryption/decryption. We have some java applications that use some java utilities to do the TripleDES encryption decryption. The algorithm used is DESede/ECB/NoPadding. We now need to do the same in DP but realized that this algorithm is not supported in DP. I was trying to build upon your xsl for DES encryption/decryption, but did not have much success. <br /> 1) the data to be encrypted need not be 64-bit (or) did not know how to convert my data such as '1111' to 64-bit. Not sure if we need to have this length validation key and data to be = 16 for TripleDES <br /> 2) As per what I read, if I have two or three encryption keys, if I do the DES encryption thrice (using key1, key2, key1 or key1, key2, key3) we should be able to achieve Triple DES. Not sure if there are other changes also required. <div>&nbsp;</div> So, it would be a great help if you can share an xslt to implement TripleDES, if you have it already available. Thanks !

  • HermannSW
    HermannSW
    4742 Posts

    Re: Encrypt in Datapower, decrypt in an existing server

    ‏2013-11-07T10:07:52Z  

    Hi Hermann, Thanks for the xsl. I have a similar requirement wherein I need an xslt based implementation of TripleDES encryption/decryption. We have some java applications that use some java utilities to do the TripleDES encryption decryption. The algorithm used is DESede/ECB/NoPadding. We now need to do the same in DP but realized that this algorithm is not supported in DP. I was trying to build upon your xsl for DES encryption/decryption, but did not have much success. <br /> 1) the data to be encrypted need not be 64-bit (or) did not know how to convert my data such as '1111' to 64-bit. Not sure if we need to have this length validation key and data to be = 16 for TripleDES <br /> 2) As per what I read, if I have two or three encryption keys, if I do the DES encryption thrice (using key1, key2, key1 or key1, key2, key3) we should be able to achieve Triple DES. Not sure if there are other changes also required. <div>&nbsp;</div> So, it would be a great help if you can share an xslt to implement TripleDES, if you have it already available. Thanks !

    Hi,

    find the answer in the other thread you created:
    https://www.ibm.com/developerworks/community/forums/html/topic?id=68114da1-8091-4cb7-a6f4-07d1aa7518a7&ps=25


    Hermann<myXsltBlog/> <myXsltTweets/> <myCE/>