Here is my sample for your reference, you can use OPM or ILE module as your
requirements:
* CRTRPGMOD DECRYPTDTA
* CRTPGM PGM(lib/DECRYPTDTA) BNDSRVPGM(QC3DTAEN QC3PRNG)
*
* Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API
* Service Program Name: QC3DTAEN
* Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API
* Service Program Name: QC3DTADE
H DEBUG OPTION(*SRCSTMT:*NODEBUGIO)
*/copy qsysinc/qrpglesrc.QC3CCI
D*******************************************************************
D*Data definitions
D*******************************************************************
D*ALGD0200 algorithm description structure
DQC3D0200 DS
D* Qc3 Format ALGD0200
D QC3BCA 1 4B 0
D* Block Cipher Alg
D QC3BL 5 8B 0
D* Block Length
D QC3MODE 9 9
D* Mode
D QC3PO 10 10
D* Pad Option
D QC3PC 11 11
D* Pad Character
D QC3ERVED 12 12
D* Reserved
D QC3MACL 13 16B 0
D* MAC Length
D QC3EKS 17 20B 0
D* Effective Key Size
D QC3IV 21 52
D* Init Vector
D*ALGD0300 algorithm description structure
DQC3D0300 DS
D* Qc3 Format ALGD0300
D QC3SCA 1 4B 0
D* Stream Cipher Alg
D*ALGD0400 algorithm description structure
DQC3D0400 DS
D* Qc3 Format ALGD0400
D QC3PKA 1 4B 0
D* Public Key Alg
D QC3PKABF 5 5
D* PKA Block Format
D QC3ERVED00 6 8
D* Reserved
D QC3SHA 9 12B 0
D* Signing Hash Alg
D*ALGD0500 algorithm description structure
DQC3D0500 DS
D* Qc3 Format ALGD0500
D QC3HA 1 4B 0
D* Hash Alg
D*DATA0200 array data format structure
DQC3A0200 DS
D* Qc3 Format DATA0200
D QC3DP 1 16*
D* Data Ptr
D QC3DL 17 20B 0
D* Data Len
D QC3ERVED01 21 32
D* Reserved
D*KEYD0200 key description format structure
DQC3D020000 DS
D* Qc3 Format KEYD0200
D QC3KT 1 4B 0
D* Key Type
D QC3KSL 5 8B 0
D* Key String Len
D QC3KF 9 9
D* Key Format
D QC3ERVED02 10 12 inz(x'000000')
D* Reserved
D*QC3KS 13 13
D*
D* variable length
D*******************************************************************
* API error structure
D APIERR DS
D ERRPRV 10I 0 INZ(272)
D ERRLEN 10I 0
D EXCPID 7A
D RSRVD2 1A
D EXCPDT 256A
D
*Encrypt Data (OPM, QC3ENCDT; ILE, Qc3EncryptData) API protects
*data privacy by scrambling clear data into an unintelligible form.
D*Qc3EncryptData Pr ExtProc('Qc3EncryptData')
D Qc3EncryptData Pr ExtPgm('QC3ENCDT')
D clrDta 32767a
D clrDtaLen 10I 0
D clrDtaFmt 8
D algorithm like(QC3D0200)
D algorithmFmt 8
D key like(KeyC)
D keyFmt 8
D srvProvider 1
D deviceName 10
D encryptedData 32767a
D encryptedBufL 10I 0
D encryptedRtnL 10I 0
D errcde like(APIERR)
* Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API restores
* encrypted data to a clear (intelligible) form.
D*Qc3DecryptData Pr ExtProc('Qc3DecryptData')
D Qc3DecryptData Pr ExtPgm('QC3DECDT')
D encryptedData 32767a
D encryptedDtaL 10I 0
D algorithm like(QC3D0200)
D algorithmFmt 8
D key like(keyC)
D keyFmt 8
D srvProvider 1
D deviceName 10
D clrDta 32767a
D clrDtaBufL 10I 0
D clrDtaRtnL 10I 0
D errcde like(APIERR)
DQc3GenPRNs Pr ExtPRoc('Qc3GenPRNs')
D PrnDta 512
D PrnDtaLen 10I 0
D PrnType 1
D PrnParity 1
D errcde like(APIERR)
D PrnDta S 512
D PrnDtaLen S 10I 0
D PrnType S 1 inz('1')
D PrnParity S 1 inz('1')
D clrDta S 32767a
D clrDtaLen S 10I 0
D clrDtaFmt S 8 inz('DATA0100')
D algorithm S like(QC3D0200)
D algorithmFmt S 8 inz('ALGD0200')
D key S like(KeyC)
D keyFmt S 8 inz('KEYD0200')
D srvProvider S 1 inz('1')
D deviceName S 10 inz(*blanks)
D encryptedData S 32767a
D encryptedDtaL S 10I 0
D encryptedBufL S 10I 0
D encryptedRtnL S 10I 0
D clrDtaBufL S 10I 0
D clrDtaRtnL S 10I 0
D KeyString S 256
D KeyC S 256
C Eval clrDta = 'This is a test.'
C Eval clrDtaLen = %len(%trim(clrDta))
C Eval encryptedBufL = %size(encryptedData)
C* Block cipher algorithm
* 20 DES
* 21 Triple DES
* 22 AES
C Eval QC3BCA = 20
*Block length
* 8 DES
* 8 Triple DES
* 16 AES
C Eval QC3BL = 8
*Mode
* 0 ECB
* 1 CBC
* 2 OFB. Not valid with AES.
* 3 CFB 1-bit. Not valid with AES.
* 4 CFB 8-bit. Not valid with AES.
* 5 CFB 64-bit. Not valid with AES
C Eval QC3MODE = '1'
* Pad Option
* 0 No padding is performed.
* 1 Use the character specified in the pad character field for padding
* 2 The pad counter is used as the pad character.
C Eval QC3PO = '1'
* Pad Character
C Eval QC3PC = X'00'
* Reserved
C Eval QC3ERVED = X'00'
* MAC Length
* This field is not used on an encrypt operation and must be set to
* null(binary 0s).
C Eval QC3MACL = X'00000000'
* Effective key size
* This field must be set to 0.
C Eval QC3EKS = 0
* Initialization vector
* The initialization vector (IV). An IV is not used for mode ECB,
* and must be set to NULL (binary 0s).
C Eval QC3IV = *AllX'00'
C Reset encryptedData
C Eval encryptedBufL = %len(encryptedData)
C* Eval algorithm = %addr(QC3D0200)
C Eval algorithm = QC3D0200
* Key Type KeyFormat KeyLength
* 20 DES 0 8(7 bits used,rightmost setbit
* 21 Triple DES 0 8,16,24(7 bits used,rightmost setbit
* 22 AES 0 16,24,32
* 30 RC4-compatible 0 1<->256
* 50 RSA public 1
* 51 RSA private 1
C Eval QC3KT = 20
* Key Format
C Eval QC3KF = '0'
* Key String
C Eval KeyString = '12345678'
C* Eval PrnDtaLen = 8
C* callP Qc3GenPRNs(
C* PrnDta :
C* PrnDtaLen :
C* PrnType :
C* PrnParity :
C* APIERR
C* )
C* ExSr ChkErrCde
C* Eval KeyString = %SubSt(PrnDta :
C* 1 : PrnDtaLen)
* Key Length
C Eval QC3KSL = %len(%trim(KeyString))
C Eval KeyC = QC3D020000 + %trim(KeyString)
C* Eval Key = %addr(KeyC)
C Eval Key = KeyC
C callP Qc3EncryptData(
C clrDta :
C clrDtaLen :
C clrDtaFmt :
C algorithm :
C algorithmFmt :
C key :
C keyFmt :
C srvProvider :
C deviceName :
C encryptedData :
C encryptedBufL :
C encryptedRtnL :
C APIERR
C )
C ExSr ChkErrCde
C Reset clrDta
C Eval encryptedDtaL = encryptedRtnL
C Eval clrDtaBufL = %size(clrDta)
C callP Qc3DecryptData(
C encryptedData :
C encryptedDtaL :
C algorithm :
C algorithmFmt :
C key :
C keyFmt :
C srvProvider :
C deviceName :
C clrDta :
C clrDtaBufL :
C clrDtaRtnL :
C APIERR
C )
C ExSr ChkErrCde
C dump
C Eval *InLr = *On
**********************************************************************
C ChkErrCde BegSr
C If ERRLEN > 0
C EXCPID DSPLY
C EndIf
C EndSr
Carsten Flensburg ??:
Hello Martin,
AES is supported by the Qc3DecryptData API, so provided that you have the
correct mode and pad options from the customer, it should definitely be
possible to do what you're trying to.
Could you possibly post the code - but not the provided key :-) - then we'll
see how to make it run.
Best regards,
Carsten Flensburg
----- Original Message -----
From: <Martin.Verhoef@xxxxxxxxxxxxxxxxxxxxx>
To: <rpg400-l@xxxxxxxxxxxx>
Sent: Wednesday, April 13, 2005 11:57 AM
Subject: AES decryption with Qc3DecryptData API
Has someone experience with the Qc3DecryptData API ?
I have an encrypted string (AES) and a key (size 16) from a customer. The
encrypted string i want to decrypt
with the provided key and the api. Is it possible to use the api in this
way ?
How to provide the encrypted string and the key to the parameter group of
the api ?
I tried some parameter values but got errors back like 'Length of input
data not valid'.
