Topic
  • 3 replies
  • Latest Post - ‏2013-01-31T16:50:00Z by SystemAdmin
msmps
msmps
193 Posts

Pinned topic shared symmetric key

‏2013-01-31T16:07:32Z |
When I use the
symmeric key like 0xA9C3C08D715C2B26F97F62F8DC3E70D267025E40A3C2AF452F2F0F53972EA5BD, the encryption works

but when i remove the 0x and use the key like A9C3C08D715C2B26F97F62F8DC3E70D267025E40A3C2AF452F2F0F53972EA5BD, encryption fails

I generated the key in stylesheet as follows

<xsl:variable name="encrypt-alg" select="concat('http://www.w3.org/2001/04/xmlenc#aes192-cbc')"/>
<xsl:variable name="base64key" select="dp:generate-key($encrypt-alg)" />
<xsl:variable name="session-hex-key" select="dp:radix-convert($base64key, 64, 16)"/>
and doing the encryption as

<xsl:variable name="encrypteddata" select="dp:encrypt-string($encrypt-alg,$session-hex-key,$cleartxt)"/>

where cleartxt is the string that needs to be encrypted

Please provide a solution, is it necessary to use 0x before the key.

And am I doing anythng wrong
Updated on 2013-01-31T16:50:00Z at 2013-01-31T16:50:00Z by SystemAdmin
  • msmps
    msmps
    193 Posts

    Re: shared symmetric key

    ‏2013-01-31T16:10:03Z  
    Sorry I saved the session-hex-key in crypto shared secret key as this is one time generated

    then in the encrypting stylesheet using it as

    <xsl:variable name="encrypteddata" select="dp:encrypt-string($encrypt-alg,$cryptosharedsecretkey,$cleartxt)"/>
  • inestlerode
    inestlerode
    166 Posts

    Re: shared symmetric key

    ‏2013-01-31T16:40:09Z  
    The documentation on dp:encrypt-string() is clear on what is expected in the second argument:
    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/topic/com.ibm.dp.xs.doc/extensionfunctions109.htm?path=2_3_1_4_19#encrypt-string_function

    You don't need to convert it from base64 to hex; you just need the proper prefix which is 'key:' for base64 literal keys.

    Trying to use the extension functions directly is generally not the right approach. It is better to use the encrypt action to avoid numerous possible pitfalls that are possible (even likely) with direct use of the underlying functions, especially with decryption.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: shared symmetric key

    ‏2013-01-31T16:50:00Z  
    I suspect the you are not passing the key to encrypt-string() correctly. Check out the extension function documentation for specific usage.

    
    <xsl:variable name=
    "session-hex-key" select=
    "dp:radix-convert($base64key, 64, 16)"/>
    


    will give you something like
    
    A9C3C08D715C2B26F97F62F8DC3E70D267025E40A3C2AF452F2F0F53972EA5BD
    


    According to the doc, to pass a symmetric key as a hex string, you must prefix it with 'hex:'. So your code would be something like this:

    
    <xsl:variable name=
    "session-hex-key" select=
    "dp:radix-convert($base64key, 64, 16)"/> <xsl:variable name=
    "session-key" select=
    "concat('hex:', $session-hex-key)"/> <xsl:variable name=
    "encrypteddata" select=
    "dp:encrypt-string($encrypt-alg, $session-key, $cleartxt)"/>
    


    If you want to use a shared secret object, you must prefix the hex string with 0x as you mentioned. This is documented in the online help for the Crypto Shared Secret Object.

    If you want to pass the key in as base64, you can do that as well:

    
    <xsl:variable name=
    "session-key" select=
    "concat('key:', $base64key)"/> <xsl:variable name=
    "encrypteddata" select=
    "dp:encrypt-string($encrypt-alg, $session-key, $cleartxt)"/>
    

    or just
    
    <xsl:variable name=
    "encrypteddata" select=
    "dp:encrypt-string($encrypt-alg, $base64key, $cleartxt)"/>