Re: Removing blanks from a varning length field.

-- cmd = 'echo ' + '''' + encodedExchangeToken + ''' ! openssl +
-- enc -d -aes-128-ecb -K 363631653237354f494d31554c594c4a +
-- -nopad -nosalt -base64 -A';

The above does NOT represent the changes suggested in my previous reply. I
would have expected to see something like

...-K ' + KEY + ' -nopad...

The provided text still has the key value as a literal.

--

<encodedExchangeToken>u3VtNgfyWU9faZc3Iaa8ZWbE5UZCfmC17yA4MyW0ghflt9dNQNDpCcgMZiG/kXPE4vv2CHL93B4iKiODHxxdVA==---
</encodedExchangeToken>

You have confirmed that the XML file contains the "extra" 16 bytes.
Who/what provided this value? This line indicates to ship those 16 bytes,
which are being decoded and decrypted into DLEs. From what I can see
everything is working just like one would expect given this source...

On Fri, Nov 22, 2019 at 10:42 AM Rishi Seth <rishiseth99@xxxxxxxxx> wrote:

ok,thanks tried as per below now and when ran it got below errors:-




cmd = 'echo ' + '''' + encodedExchangeToken + ''' ! openssl +
enc -d -aes-128-ecb -K 363631653237354f494d31554c594c4a +
-nopad -nosalt -base64 -A';

**************************************************************
Additional Message Information



Message ID . . . . . . : RNQ0103 Severity . . . . . . . : 99

Message type . . . . . : Inquiry

Date sent . . . . . . : 19-11-22 Time sent . . . . . . :
15:40:09


Message . . . . : The target for a numeric operation is too small to
hold
the result (C G D F).

Cause . . . . . : RPG procedure DCR19 in program RISHI/DCR19 at
statement
113 performed an arithmetic operation which resulted in a value that

is

too
large to fit in the target. If this is a numeric expression, the
overflow
could be the result of the calculation of some intermediate result.

Recovery . . . : Contact the person responsible for program

maintenance

to
determine the cause of the problem.

Possible choices for replying to message . . . . . . . . . . . . . . . :

D -- Obtain RPG formatted dump.

S -- Obtain system dump.

F -- Obtain full formatted dump.


More...
Press Enter to continue.



F3=Exit F6=Print F9=Display message details

F10=Display messages in job log F12=Cancel F21=Select assistance

level

***********************************************************

Additional Message Information



Message ID . . . . . . : CPF9999 Severity . . . . . . . : 40

Message type . . . . . : Escape

Date sent . . . . . . : 19-11-22 Time sent . . . . . . :
15:40:09


Message . . . . : Function check. MCH1210 unmonitored by DCR19 at
statement
0000000113, instruction X'0000'.

Cause . . . . . : An escape exception message was sent to a program
which
did not monitor for that message. The full name of the program to

which

the
unmonitored message was sent is DCR19 DCR19 DCR19. At the time the
message
was sent the program was stopped at higher level language statement

number(s) 0000000113. If more than one statement number is shown, the

program was a bound program. Optimization does not allow a single
statement
number to be determined. If *N is shown as a value, it means the

actual

value was not available.

Recovery . . . : See the low level messages previously listed to

locate

the
cause of the function check. Correct any errors, and then try the
request

More...
Press Enter to continue.


*********
And if XML is causing those DLEs then I think i need not to bother as we
have put below changes so i think it will take care care of all those
unforeseen junk(DLEs).

pos2 = %scan(x'10' :record);
Record = %subst(Record :1 :(Pos2 - 1));

please correct me if i am wrong and below is requested xml for DLEs
analysis>/
<?xml version="1.0" encoding="UTF-8" standalone="true"?>

-<TokenExchangeResponse xmlns:ns2="

http://schemas.nav.gov.hu/OSA/1.0/data";

xmlns="http://schemas.nav.gov.hu/OSA/1.0/api";>


-<header>

<requestId>XXXXXXX6614</requestId>

<timestamp>2019-10-22T09:53:40.541Z</timestamp>

<requestVersion>1.1</requestVersion>

<headerVersion>1.0</headerVersion>

</header>


-<result>

<funcCode>OK</funcCode>

</result>


-<software>

<softwareId>R1RL002AAAAAAAAAAA</softwareId>

<softwareName>string</softwareName>

<softwareOperation>LOCAL_SOFTWARE</softwareOperation>

<softwareMainVersion>string</softwareMainVersion>

<softwareDevName>string</softwareDevName>

<softwareDevContact>string</softwareDevContact>

<softwareDevCountryCode>HU</softwareDevCountryCode>

<softwareDevTaxNumber>string</softwareDevTaxNumber>

</software>

<encodedExchangeToken>u3VtNgfyWU9faZc3Iaa8ZWbE5UZCfmC17yA4MyW0ghflt9dNQNDpCcgMZiG/kXPE4vv2CHL93B4iKiODHxxdVA==</encodedExchangeToken>

<tokenValidityFrom>2019-10-22T11:57:16.646+02:00</tokenValidityFrom>

<tokenValidityTo>2019-10-22T12:02:16.646+02:00</tokenValidityTo>

</TokenExchangeResponse>



Thanks

On Fri, Nov 22, 2019 at 3:00 PM Bruce Vining <bruce.vining@xxxxxxxxx>
wrote:

You have KEY within the quoted string starting with ! openssl and

ending

with -A';

End the quoted string prior to KEY and then resume it following KEY

(and

add + before and after so everything is nicely concatenated...)

As for the DLEs, again I have to, based on provided information, assume

the

XML file is the source -- that is, whoever is writing/construction the

XML.

On Fri, Nov 22, 2019 at 8:20 AM Rishi Seth <rishiseth99@xxxxxxxxx>

wrote:

Hi,

I tried below code in which i have kept hex value of key in a file

called

k1 and field called key in this file but the problem is that my

program

is

able to read key value from this file but the moment
i try to execute this cmd command inside my program and check the

value

of

cmd field in debug mode i get it like below :-

EVAL cmd
CMD =

....5...10...15...20...25...30...35...40...45...50...55...60

1 'echo

'jkYrd7QTBwv6ghTV0SnrqCdwJ8TnpZAk8+oVlNXwt7aDHoJSQWBsh4'

61 'R7cggjSc+34vv2CHL93B4iKiODHxxdVA==' ! openssl enc -d

-aes-12'

121 '8-ecb -K key -nopad -nosalt -base64 -A

'

181 '

'

241 '

'

i was expecting like it took encodedexchangetoken field value from

that

xml file using xml into builtin function and showing it's value in
encodedexchangetoken field.
but when i read file in my code it does not pick the key field's

value

from

this below code i am just wondering how can i pass key field's value

to

openssl command rather than hardcoding inside my program.

*******
FUNIX IF F 1000 SPECIAL PGMNAME('UNIXCMD')
F PLIST(UNIXPARM) USROPN
fk1 if e disk
F*QSYSPRT O F 1000 PRINTER
dencodedExcha...
dngeToken s 500 VARYING

DPOS2 S 5U 0
D cmd s 5000a
D mode s 1A inz('P')
DN1 S 2P 0
D Åcommand s 512a
d QCMDEXC PR ExtPgm('QCMDEXC')
d command 500a const
d clength 15p 5 const

D record ds 1000
D outrec s 1000 varying inz

C UNIXPARM PLIST
C PARM CMD
C PARM MODE
/free
RECORD = *BLANKS;
OUTREC = *BLANKS;
XML-INTO encodedExchangeToken %XML('/home/I0RS01HU/+
IN2.xml':'doc=file case=any path=+
TokenExchangeResponse/encodedExchangeToken');
eval encodedExchangeToken =%trimr(encodedExchangeToken);
READ rec;
dsply key;
cmd = 'echo ' + '''' + encodedExchangeToken + ''' ! openssl +
enc -d -aes-128-ecb -K KEY +
-nopad -nosalt -base64 -A';
open UNIX;
read UNIX record;
dow not %eof(UNIX);
pos2 = %scan(x'10' :record);
Record = %subst(Record :1 :(Pos2 - 1));
eval outrec = %trimr(record);
EVAL N1 = %LEN(OUTREC);
DSPLY N1;
//Delete the TESTFILE
Åcommand = 'DLTF FILE(rishi/TESTFILE)';
QCMDEXC(%trim(Åcommand): %len(%trim(Åcommand)));
Åcommand = *blanks;
Åcommand = 'CRTPF FILE(RISHI/TESTFILE) RCDLEN(' +

%char(N1) +

')';
QCMDEXC(%trim(Åcommand): %len(%trim(Åcommand)));
//Write into file
EXEC SQL
INSERT INTO rishi/TESTFILE VALUES (:outrec);
// dsply %subst(outrec:1:48);
read UNIX record;
enddo;
close UNIX;
return;
/end-free


Thanks







On Thu, Nov 21, 2019 at 11:38 PM Rishi Seth <rishiseth99@xxxxxxxxx>

wrote:

Ok, thanks for these details,

Is it possible not to hardcode the key value used here and use it

as

a

variable field like field of some file etc.so that each time once

key

is

changed we may not have to change the program code and do not need

to

recompile it?
Also in input XML we were not focused on other field's only target

was

just to fetch this 'encodedexchangetoken' field out of that XML

file

and

whatever data comes inside this field that should have been

decrypted

using

AES 128 Algorithm so far this program seems to be working fine only

thing i

was worried because of DLEs but could there be some more junk

values

might

come like these DLEs in decrypted value, Which currently we can't

imagine

and låter on this program might crash as we have not thought of or

have

not

considered handling regarding those probable junk values (Or so

called

some other type of DLEs etc.) as of now?

Thanks much.....

On Thu, Nov 21, 2019, 21:17 Bruce Vining <bruce.vining@xxxxxxxxx>

wrote:

I did not get around to actually trying out Qc3DecryptData.

Yesterday the DLEs in the debug eval of record really told me all

I

needed

to know. This morning I looked more at the debug eval
of encodedExchangeToken, saw the leading x'0058' and realized you

had

it

defined as varying length. That value tells me that XML-INTO

returned

88

bytes and the -base64 argument to enc told me it was base64

indicating

the

actual length received (based64 decoded) was 66 bytes with two

trailing

pad
characters (the == from record) leaving 64 "real" bytes. The last

16

bytes
(the DLEs) then must have been in the original stream (OK, maybe

AES

decryption and base64 decoding uses DLEs for errors or somesuch

though

I've
never seen that behavior or found it documented). In any case

"someone"

is
adding 16 bytes to encodedExchangeToken prior to your receiving it

with

XML-INTO. As you did not provide the XML file (as requested with

8.

Post

the contents of /home/I0RS01HU/INPUT.xml) I'm assuming it's there

in

the

file and that XML-INTO didn't add it (an add which I've never seen

and I

have played with it, XML-INTO, in the past).

As you now have it working with openssl enc I wouldn't bother

changing.

Personally I use the i cryptographic APIs (but I'm also somewhat

biased

when it comes to system APIs) when doing development.

When the SQL encrypt and decrypt functions first came out I did

take a

quick look at them and immediately saw that there were a whole lot

of

features (that I sometimes use) that the SQL interfaces do not

support.

So
I would not use them unless forced to -- meaning that someone was

sending

me data encrypted using say ENCRYPT_AES. To date I have never run

into

that situation.

I do however wonder why base64 is being used as it appears to be

text

data

being exchanged (with the exception of the DLEs) and what padding

might

be

done if say the "real" data was only 45 bytes rather than a

multiple

of

16

such as 48.

Hope this helps,

On Thu, Nov 21, 2019 at 10:09 AM Rishi Seth <

rishiseth99@xxxxxxxxx>

wrote:

Hi,

How could we say or conclude so because whenever i interactively

call

openssl command the same DLE seems to be coming that time as

well

in

the

result of pase ?

so does this mean xml itself is faulty i mean the value which is

supplied

in XML (specially data in that encodedexchangetoken field in

that

XML

file

itself is faulty ?)

secondly were you able to run that 'Qc3DecryptData' API program
successfully could you please share your program example for

current

case

as i tried to use Qc3DecryptData API for same decryption (Using

AES128

Algorithm) but it did not work because i did not know how the

data

was

encrypted only decryption thing i was focused on, as i did not

know

how

the

data was encoded so may be those sql encrypt and decrypt

function

also

did

not work for this case also when you would have used that

Qc3DecryptData

API was your program capable to handle each time different XML

files

data

like the one which i shared was having XML into kind of builtin

functions

so it was capable to handle those different XMLs.
1) If same decrypted value could be achived using

Qc3DecryptData'

API

Could you please share that program code example ?

2) Can same result be achieved using SQL Decrypt function as

well

if

yes

then could you please share that as well?

3) Which way should be best technically among of all these 3

approaches

in case same decrypted value could be achieved using openssl,
Qc3DecryptData API,SQL Decrypt function ?



Thanks much...



On Thu, Nov 21, 2019 at 1:44 PM Bruce Vining <

bruce.vining@xxxxxxxxx>

wrote:

The DLEs are in the original XML stream being received.

On Wed, Nov 20, 2019 at 3:17 PM Bruce Vining <

bruce.vining@xxxxxxxxx>

wrote:

Since Rishi has provided the encrypted stream and the key

I'll,

if I

find

the time (which as I'm currently free of work should be

possible),

decrypt

using Qc3DecryptData and at least find out if it's in the

stream

or

being

added later when running cmd through the UNIXCMD

interface...

On Wed, Nov 20, 2019 at 1:12 PM Scott Klement <

sk@xxxxxxxxxxxxxxxx>

wrote:

The other possibility is that the PASE shell is inserting

them,

maybe

thinking it needs to escape something for the sake of a

terminal?

On 11/20/2019 9:32 AM, Bruce Vining wrote:

As I cannot imagine Scott inserting those DLEs I have to

assume

they

are in

the XML document.

--
This is the RPG programming on IBM i (RPG400-L) mailing

list

To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:

https://lists.midrange.com/mailman/listinfo/rpg400-l

or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription

related

questions.

Help support midrange.com by shopping at amazon.com with

our

affiliate

link: https://amazon.midrange.com

--
Thanks and Regards,
Bruce
931-505-1915

--
Thanks and Regards,
Bruce
931-505-1915
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription

related

questions.

Help support midrange.com by shopping at amazon.com with our

affiliate

link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription

related

questions.

Help support midrange.com by shopping at amazon.com with our

affiliate

link: https://amazon.midrange.com

--
Thanks and Regards,
Bruce
931-505-1915
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our

affiliate

link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our

affiliate

link: https://amazon.midrange.com

--
Thanks and Regards,
Bruce
931-505-1915
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
Thanks and Regards,
Bruce
931-505-1915
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com