search

bricke / Qt-AES

Native Qt AES encryption class
The Unlicense
501 stars 187 forks source link

compatibility with openssl issue #38

Open frankipl opened 3 years ago

frankipl commented 3 years ago

Hi Is there a method to derive iv from password ? without salt, basically I need to replicate this openssl command on iOS and Android: openssl enc -aes-128-ecb -a -K MY_KEY -k 'MY_PASS' -in mesg.enc

Best, Marek

frankipl commented 3 years ago

Hi I have found a way of getting key and IV from openssl command, but I can't decode with openssl what has been encoded via your program. Can you help I'm using aes-128-ecb and openssl version 1.1.1d ? I have string 'letmein' in file plain.data I'm using command to encode this string and testing different keys derivation method (-iter 1, or -pbkdf2 or no method specified for openssl cmd) Then I'm taking the key from openssl command output and try to use in your routine, it encodes and decodes string but encoded string can't be decoded by openssl command, example:

franki@franki:~/enc_test$ openssl enc -nosalt -base64 -aes-128-ecb -k myPassword -in plain.data -iter 1 -p
key=A2735938761FD7472E16CE457D0B1C09
Bd6B3CUO0nn6thX+Cs3nWw==
franki@franki:~/enc_test$

Taking this key to your program, encode string 'letmein' and encoded text is: INA6FuTjreDm3Z8/o4vJ3w== Trying to decode this string via openssl:

franki@franki:~/enc_test$ echo  "INA6FuTjreDm3Z8/o4vJ3w=="|openssl enc -d -nosalt -base64 -aes-128-ecb -K A2735938761FD7472E16CE457D0B1C09
bad decrypt
139737504613504:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:../crypto/evp/evp_enc.c:586:
franki@franki:~/enc_test$

Trying to decode via openssl what has been encoded by openssl with this key: A2735938761FD7472E16CE457D0B1C09

franki@franki:~/enc_test$ echo "Bd6B3CUO0nn6thX+Cs3nWw=="|openssl enc -d -nosalt -base64 -aes-128-ecb -K A2735938761FD7472E16CE457D0B1C09
letmein
franki@franki:~/enc_test$

Code from your program:

    QAESEncryption encryption(QAESEncryption::AES_128, QAESEncryption::ECB);

    QString inputStr("letmein");
    QString key("A2735938761FD7472E16CE457D0B1C09");

    QByteArray encodeText = encryption.encode(inputStr.toLocal8Bit(), key.toLocal8Bit());
    QByteArray decodeText = encryption.decode(encodeText, key.toLocal8Bit());

    QString decodedString = QString(encryption.removePadding(decodeText));

Some help would be appreciated, can't make it work :( Best Marek

frankipl commented 3 years ago

I'm not an expert ;) it looks like yout AES procedure does not use salt, so encodeText should be the same from openssl command and your program right ? Best, Marek

bricke commented 3 years ago

That's correct, I am not using a salt procedure

bricke commented 3 years ago

Maybe that can be an add-on improvement