× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Thank you Justin.

I have tried to apply the changes (use *hex values for all parts of a token) and the encrypted value looks good like before but fails when send back to the service (again "wrong encryption" error).

Thanks for your thoughts

Szymon

-----Original Message-----
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Justin Barrett
Sent: Wednesday, March 13, 2024 1:50 AM
To: rpg400-l@xxxxxxxxxxxxxxxxxx
Subject: Re: using Qc3EncryptData

Szymon,

I'm going to go out on a limb here and suggest that the CCSID of the first parameter be *hex as opposed to *utf8. So where you have your standalone wkToken defined as char(512) ccsid(*utf8), perhaps change that to char(512) ccsid(*hex) and give that a try.

That does mean that if you aim to have %trimr on the value and %char(UNIXTime), you'll need to do all that while it is indeed *utf8 format and then put that in a ccsid(*hex) standalone. I use the Qc3CalculateHash a lot since I'm still on a 7.3 machine and when I pass values into that that are encoded *utf8, there's some weird conversion that happens while it's calculating that puts it in the wrong encoding going in. But passing it as ccsid(*hex) avoids whatever it is that's causing it to do such.


So your wkToken looks like it is set to some binary value here, because that doesn't look like valid UTF8.

wkToken =
'2278C406D2523A1B0CEFD54060562B151' +
'DB0E6AD3079040B28E5C17ABC01397A';


Which that should be ccsid(*hex), but then you have

wkToken = %trimr(wkToken) + pipeChar + %char(UNIXtime);


Which I'm not sure if %trimr will work well on what you've set wkToken to, but that aside, the pipeChar and %char(UNIXtime) should be stored to some standalone, then converted into hex, then hex in wkToken and that hex concat.

dcl-s wkValue char(14) ccsid(*utf8);

dcl-s wkHxValue char(14) ccsid(*hex);

dcl-s wkToken char(512) ccsid(*hex);


wkValue = pipeChar + %char(UNIXtime);

wkHxValue = wkValue;

// set wkToken like you did before here...

wkToken = wkToken + wkHxValue;


Then plug that wkToken into Qc3EncryptData


I couldn't tell you the specifics for why just plugging *utf8 into Qc3EncryptData has never worked (or at least matched up with online
tools) for me, but I do know that if I pass in ccsid(*hex), it'll start matching what online tools tell me it should equal.


Cheers,

Justin


On 3/12/24 15:16, szymon.nawrocki@xxxxxxxxxxxxxx wrote:
Hello,

I have an authorisation process where there is encryption involved.
I am sending authorisation challenge and receiving back a timestamp.
Then time stamp (unix time) should be concatenate with "|" and token
and encrypted (RSA) with public key.
Encrypted token has to be included in an XML and send back to the service.

I am using Qc3EncryptData API for encryption and encrypted value seems
to be ok in terms of length and structure but it is not. I am
receiving and error that encryption is wrong.
I have tried to encrypt the same value (token and unix time) with some
online encryption tool and then paste it to my process and it works fine.
Probably there is an issue in calling the API or characters conversion
but I have no idea what to check more .

I would appreciate any suggestion what I am doing wrong or how to use
the API for encryption in this case.

Thank you
Szymon

This is just part for encryption. Encrypted value is inserted to XML
tag and send with HTTPAPI.

/copy BASE64_H

/copy QSYSINC/QRPGLESRC,QUSEC




//--------------------------------------------------------------------
----

// Variables


//--------------------------------------------------------------------
----



dcl-s wkToken char(512) ccsid(*utf8);

dcl-s wkPublicKey varchar(512);

dcl-ds *n;

wkEncryptedData char(32767);

wkOutData char(32767) ccsid(*utf8) overlay(wkEncrypteddata);

end-ds;

dcl-s wkOutDataLen int(10);

dcl-s wkRetDataLen int(10);

dcl-s UNIXtime int(20) inz(1710237888780);




//--------------------------------------------------------------------
----

// Constants


//--------------------------------------------------------------------
----

dcl-c pipeChar x'7C';

dcl-c cALGO_RSA_PUB 50; // Valid only for key description
KEYD0200. The key
dcl-c cKEY_FORMAT '1'; // format must be 1

dcl-c cPKCS_BLOCK_TYPE_02 '2';

dcl-c cCRYPTO_SERVICE '0';




//--------------------------------------------------------------------
----

// Prototypes and copy sources


//--------------------------------------------------------------------
----



dcl-pr Qc3EncryptData extproc('Qc3EncryptData');

clearData char(32767) const;

clearDataLen int(10) const;

clearDataFormat char(8) const;

algorithm like(dsQ3D0400) const;
algorithmFormat char(8) const;
key like(dsKey200) const;
keyFormat char(8) const;
cryptoProvider char(1) const;
cryptoDevice char(10) const options(*omit);
encryptedData char(32767);
encryptedDataLen int(10) const;
retEncryptedDataLen int(10);
QUSEC likeds(QUSEC);
end-pr;



// ALGD0400 Format

dcl-ds dsQ3D0400 qualified; //
ALGD0400
pubKeyCipherAlgorithm int(10); // Public
key cipher algor.
PKAblock char(1); // PKA
block format
reserved char(3); //
Reserved
signingHashAlgorithm int(10); // Signing
hash algorithm
end-ds;


// KEYD0200 Format

dcl-ds dsKey200 qualified; //
KEYD0200 Format
keyType int(10); // Key
type
keyStringLen int(10); // Key
string length
keyFormat char(1); // Key
format
reserved char(3); //
Reserved
keyString char(512) ccsid(*hex); // Key
string
end-ds;



wkToken =

'2278C406D2523A1B0CEFD54060562B151' +

'DB0E6AD3079040B28E5C17ABC01397A';

wkToken = %trimr(wkToken) + pipeChar + %char(UNIXtime); //
UNIXtime is fixed here just for the sake of example


wkPublicKey =

'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWosgHSpiRLadA0fQbzs'
+

'hi5TluliZfDsJujPlyYqp6A3qnzS3WmHxtwgO58uTbemQ1HCC2qwrMwuJqR6l8tg'
+

'A4ilBMDbEEtkzgbjkJ6xoEqBptgxivP/ovOFYYoAnY6brZhXytCamSvjY9KI0g0M'
+

'cRk24pOueXT0cbb0tlwEEjVZ8NveQNKT2c1EEE2cjmW0XB3UlIBqNqiY2rWF86Dc'
+

'uFDTUy+KzSmTJTFvU/ENNyLTh5kkDOmB1SY1Zaw9/Q6+a4VJ0urKZPw+61jtzWmu'
+

'cp4CO2cfXg9qtF6cxFIrgfbtvLofGQg09Bh7Y6ZA5VfMRDVDYLjvHwDYUHg2dPIk'
+

'0wIDAQAB';



dsQ3D0400 = *allx'00';

dsQ3D0400.pubKeyCipherAlgorithm = cALGO_RSA_PUB;

dsQ3D0400.PKAblock = cPKCS_BLOCK_TYPE_02;



dsKey200 = *allx'00';

dsKey200.keyType = cALGO_RSA_PUB;

dsKey200.keyFormat = cKEY_FORMAT;

dsKey200.keyStringLen = base64_decode(%addr(wkPublicKey: *data):
%len(wkPublicKey):
%addr(dsKey200.keyString):
%size(dsKey200.keyString));

Qc3EncryptData(wkToken:
%len(%trimr(wkToken)):
'DATA0100':
dsQ3D0400:
'ALGD0400':
dsKey200:
'KEYD0200':
cCRYPTO_SERVICE:
*OMIT:
wkEncryptedData:
%size(wkEncryptedData):
wkRetDataLen:
QUSEC);


wkOutDataLen = base64_encode(%addr(wkEncryptedData):
wkRetDataLen:
%addr(wkEncryptedData):
%size(wkEncryptedData));

*INLR = *On;
Return;


--
This is the RPG programming on IBM i (RPG400-L) mailing list To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.