|
---------- Forwarded message ---------
From: Rishi Seth <rishiseth99@xxxxxxxxx>
Date: Mon, Sep 30, 2019 at 12:33 PM
Subject: Fwd: Regarding Decryption of AES128 encrypted data in RPGLE and
query regarding CRC 32 [PRIVATE REPLY]
To: <rpg400-l@xxxxxxxxxxxx>
Any updates on this please as i was looking for some real example which
could decrypt data using AES 128 in AS400
---------- Forwarded message ---------
From: Rishi Seth <rishiseth99@xxxxxxxxx>
Date: Mon, Sep 30, 2019 at 10:02 AM
Subject: Re: Regarding Decryption of AES128 encrypted data in RPGLE and
query regarding CRC 32 [PRIVATE REPLY]
To: Mark Waterbury <mark.s.waterbury@xxxxxxxxxxxxx>
Any updates on this please as i was looking for some real example which
could decrypt data using AES 128 in AS400
On Sat, Sep 28, 2019 at 5:12 AM Mark Waterbury <
mark.s.waterbury@xxxxxxxxxxxxx> wrote:
Rishi,
Sorry, I was not trying to mislead you ... but I mis-stated that the last
article, by Bob Cozzi, used the MI cipher built-in function. He mentioned
it in the article, but does not in fact show how to use it in that
article. Instead, he shows the minimum needed to use the Qc3... APIs.
For "comparison" I will try to dig up an actual example showing how to
use the MI CIPHER built-in function in ILE RPG IV.
Hope that helps,
Mark S. Waterbury
On Friday, September 27, 2019, 10:57:26 AM EDT, Rishi Seth <
rishiseth99@xxxxxxxxx> wrote:
like i just can see hight level definitions but not the actual program
code which will decrypt data using AES128 for UTF 8
https://www.ibm.com/support/knowledgecenter/en/ssw_ibm_i_74/apis/qc3decdt.htm
On Fri, Sep 27, 2019 at 4:55 PM Rishi Seth <rishiseth99@xxxxxxxxx> wrote:
ok but do we have any program for these apis i mean code for decryption
using aes128?
On Fri, Sep 27, 2019 at 4:54 PM Rishi Seth <rishiseth99@xxxxxxxxx> wrote:
SCII defines 128 characters, which map to the numbers 0–127. Unicode
defines (less than) 221characters, which, similarly, map to numbers 0–221 (though
not all numbers are currently assigned, and some are reserved).
Unicode is a superset of ASCII, and the numbers 0–127 have the same
meaning in ASCII as they have in Unicode. For example, the number 65 means
"Latin capital 'A'".
Because Unicode characters don't generally fit into one 8-bit byte, there
are numerous ways of storing Unicode characters in byte sequences, such as
UTF-32 and UTF-8
On Fri, Sep 27, 2019 at 4:39 PM Mark Waterbury <
mark.s.waterbury@xxxxxxxxxxxxx> wrote:
Rishi,
If you use the real IBM encryption/decryption APIs, and if you actually
took the time to read the documentation at the web pages I linked to
previously, you would know that, yes, the IBM APIs do support ECB mode, as
well as many other modes of operation for various ciphers that support
those modes.
However, you have said nothing about whether you understand the meaning
of ASCII or UTF-8 versus EBCDIC as the "encoding" scheme.
All encryption is done on a byte-by-byte basis, and is done "in binary"
-- so it does not know or care whether your data that you encrypt is in
ASCII or UTF-8 or EBCDIC or whatever.
However, if you expect to be able to input ASCII or UTF-8 into one of
those encryption functions, and then then somehow later decrypt it and get
a meaningful answer back in EBCDIC, you are in for a rude awakening.
I hope that helps,
Mark S. Waterbury
On Friday, September 27, 2019, 10:33:02 AM EDT, Rishi Seth <
rishiseth99@xxxxxxxxx> wrote:
I meant to simply ask whether using IBM API *for Decryption of AES128
Data ) can we use 'mode type' as 'ECB' or not ?
On Fri, Sep 27, 2019 at 4:19 PM Mark Waterbury <
mark.s.waterbury@xxxxxxxxxxxxx> wrote:
Rishi,
Apparently you know almost nothing about encryption algorithms. AES with
ECB mode for example, is a special block mode cipher that requires special
handling. Please read this:
https://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption
Then, on that web page you linked to, go back and look at the choices.
You could also select CBC mode instead of ECB mode for AES encryption.
And, you should provide your own "random" Initialization Vector (IV). This
helps to make it more secure.
I think you need to study and learn a lot more about "encryption" before
attempting to use these tools for any real applications work in a
commercial setting.
I hope that helps,
Mark S. Waterbury
On Friday, September 27, 2019, 10:09:47 AM EDT, Rishi Seth <
rishiseth99@xxxxxxxxx> wrote:
Thanks Mark , but even if I use IBM APIs will it be possible to provide
all these parameters for decryption of this supplied UTF 8 encoded data
sting with Key size 128 bits?
On Fri, Sep 27, 2019 at 3:23 PM Mark Waterbury <
mark.s.waterbury@xxxxxxxxxxxxx> wrote:
Rishi,
* >>>---> private reply off-list <---<<<*
You did not include all of the text for that error message, specifically
the second-level text that describes the exact return code. This is very
important.
Do you understand the difference between ASCII and UTF-8 and EBCDIC?
What do you suppose will happen if you encrypt a string in ASCII or UTF-8
and then attempt to decrypt it in EBCDIC?
So, apparently, you encrypted some data using some web site or web
service. If you typed that data into a browser, it is most likely using an
ASCII or UTF-8 encoding. IBMi and OS/400 uses EBCDIC by default. Do you
see any potential problems here?
Also, the IBM SQL functions DECRYPT_CHAR, DECRYPT_BINARY, DECRYPT_BIT and
DECRYPT_DB, are designed to work with data encrypted by the IBM SQL
ENCRYPT_AES, ENCRYPT_RC2 or ENCRYPT_TDES.
I do not think those IBM Db2 SQL DECRYPT_xxx functions will "work" or
properly decrypt data encrypted by any other methods.
So, you would need to resort to actually coding ILE RPG IV (without using
the SQL preprocessor) and using the encryption and decryption APIs provided
by IBM i (OS/400). Please refer to an earlier reply where I provided you
with links to the IBM Knowledge Center web pages that describe those APIs.
You would also need to handle using the iconv() API to convert from ASCII
or UTF-8 to EBCDIC, etc.
Good luck,
Mark S. Waterbury
> On Friday, September 27, 2019, 8:43:34 AM EDT, Rishi Seth <
rishiseth99@xxxxxxxxx> wrote:
Additional Message Information
Message ID . . . . . . : SQL0171 Severity . . . . . . . : 30
Message type . . . . . : Diagnostic
Date sent . . . . . . : 19-09-27 Time sent . . . . . . :
14:30:33
Message . . . . : Argument 01 of function DECRYPT_CHAR not valid.
Cause . . . . . : The data type, length, or value of argument 01 of
function
DECRYPT_CHAR specified is not valid.
Recovery . . . : Refer to the DB2 for IBM i SQL Reference topic
collection
in the Database category in the IBM i Information Center for more
information on scalar functions. Correct the arguments specified for the
function. Try the request again.
it's encryption is done using AES 128 and with UTF8 format and with ECB
Mode and is generated with below URL:-
https://www.devglan.com/online-tools/aes-encryption-decryption
On Fri, Sep 27, 2019 at 2:08 PM Rob Berendt <rob@xxxxxxxxx> wrote:
Not sure how you're encoding it the first way and expect the IBM way ofcode
decrypt to work.
As a side note, I strongly suggest you look at your joblog. That SQL
will show up as a message in your joblog. The details on that messagewill
display a return code. The second level help will tell you exactly whatmidrange-l@xxxxxxxxxxxxxxxxxx>
triggered off that sqlcode.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rishi Seth
Sent: Friday, September 27, 2019 4:32 AM
To: Midrange Systems Technical Discussion <
Subject: Re: Regarding Decryption of AES128 encrypted data in RPGLE anddecode
query regarding CRC 32
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
Can we directly use decryption function without doing encryption
programmatic way as we already have encoded values we just need to
it i tried the same but getting below error :-affiliate
1 **free
2 dcl-s enc varchar(130);
3 dcl-s psw char(31) ccsid(37)
4 inz('6-9d15-ec98bcc81ec4275OIM1TS7LI');
5 dcl-s text char(88) ccsid(37);
6 text = 'u3VtNgfyWU9faZc3Iaa8ZWbE5UZCfmC17yA4MyW0ghflt9dNQNDp+
7 CcgMZiG/kXPE4vv2CHL93B4iKiODHxxdVA==';
8 // exec SQL Set :enc = encrypt_AES(:text, :psw);
9 // DSPLY SQLCODE;
10
11 exec SQL Set :enc = decrypt_char(:text,:psw);
12 DSPLY SQLCODE;
13 eval *inlr=*on;
*SQLCODE = -171*
On Wed, Sep 25, 2019, 19:29 Peter Dow <petercdow@xxxxxxxxx> wrote:
In addition, note that the field in question is defined with keyword
CCSID(37), so system value should not matter.
On 9/25/2019 5:44 AM, Mark Waterbury wrote:
Rob,V7R3, has QCCSID=37.
The system that I performed that test on, that is back-level on PTFs
at
to date" on PTFs, and it ran just fine.
I also performed the identical test on another V7R3 system that is
"up
rob@xxxxxxxxx> wrote:
Mark
On Wednesday, September 25, 2019, 7:34:56 AM EDT, Rob Berendt <
DSPSYSVAL QCCSID.
Mark,
I think we've determined it's not the PTF's. It's the value of
Encryption hates 65535.
Rob Berendt
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
link: https://amazon.midrange.com
subscribe,--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
unsubscribe, or change list options,list
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
