Re: AES decryption in RPG

Thanks Daniel, yes this helps a lot. Thank you. Makes a lot of sense.

The manner of any conversions and precisely where they're needed aren't
crystal clear to me so any example you can provide would be great.

Thanks again for your help,
David.

On Thu, May 15, 2025 at 8:42 PM Daniel Gross <daniel@xxxxxxxx> wrote:

Yes - your problem has to do with CCSIDs - kinda.

The website you use, is most probably using UTF-8 as the char set, for the
text "Test" and for your key. And it encrypts the binary representation of
those UTF-8 code points (characters).

So if you want to decode this, you will have to use UTF-8 char fields, for
this results of the decryption.

You can't simply do a txtOut = clrDta because this will always involve an
conversion between CCSIDs in RPG - and wenn decrypting you have to deal
with the binary representations.

You have to overlay the result field of the API call with a UTF-8 field
(using based pointer or using a data structure) - or use memcpy (from the C
library) to move the binary data to a UTF-8 field without any CCSID
conversion.

Also your key-string '1111111...' has a different binary representation is
EBCDIC than in UTF-8. So you basically decrypt with a completely different
key.

You always have to use the exact same binary representation of input data,
keys and output when dealing with encrypted data from other systems.
Starting with the base64_decode call.

I can send you an example later, when I have access to my sources, if you
need it. I dealt with the creation of a JWT - and those are using UTF-8 by
definition. So I had to deal with all those conventions along the way of
all my RPG procedures.

HTH and kind regards,
Daniel

Am 16.05.2025 um 02:02 schrieb Adeline Baugh <adbaugh00@xxxxxxxxx>:

Hi, I'm scratching my head over this one. I suspect it's a cccsid and

I've

thrown a variety of conversions at it and lost out. Does anyone have any
experience with AES decoding in RPG please?

Thanks in advance !

If I go to a website such as
https://www.devglan.com/online-tools/aes-encryption-decryption and

enter a

simple test to encrypt a string, I want to decrypt it in RPG on the
iSeries.

My Test is as follows:

On the website:

Text to encrypt = TEST
mode ECB
No Padding
Key size 256
Secret Key 11111111111111111111111111111111

The Base64 result is 496QM9dt3+pzckI4U5oKAQ==

Now if I use these values in my program, Base64-decode the input, then

pass

the result into Qc3DecryptData the result is not 'TEST' :

Result:
[image: image.png]

Here's the program listing:
* CRTRPGMOD TESTDC

* CRTPGM PGM(lib/TESTDC) BNDSRVPGM(QC3DTAEN QC3PRNG)

*

H DEBUG OPTION(*SRCSTMT:*NODEBUGIO)

H DFTACTGRP(*NO) ACTGRP(*NEW) BNDDIR('HTTPAPI':'BASE64')



/copy BASE64_H

/copy httpapi_h



/******************************************************************

/* Interface:



D TESTDC PR ExtPgm('TESTDC')

D input 100A

D textdec 100A

D msg 256A

D TESTDC PI

D input 100A

D textdec 100A

D Msg 256A

D



//****************************************************************

// Procedure def:



// Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API

// Restores encrypted data to a clear (intelligible) form.

// ---------------------------------------------------------------

D Qc3DecryptData Pr ExtPgm('QC3DECDT')

D encryptedData 100a

D encryptedDtaL 10I 0

D algorithm like(QC3D0200)

D algorithmFmt 8

D key like(keyC)

D keyFmt 8

D srvProvider 1

D deviceName 10

D clrDta 100a

D clrDtaBufL 10I 0

D clrDtaRtnL 10I 0

D errcde like(APIERR)



//****************************************************************

// Data Structures:



//ALGD0200 algorithm description structure

//Qc3 Format ALGD0200

// -----------------------------------------

DQC3D0200 DS

// Block Cipher Alg:

D QC3BCA 1 4B 0

// Block Length:

D QC3BL 5 8B 0

// Mode:

D QC3MODE 9 9

// Pad Option:

D QC3PO 10 10

// Pad Character:

D QC3PC 11 11

// Reserved:

D QC3ERVED 12 12

// MAC Length:

D QC3MACL 13 16B 0

// Eff Key Size:

D QC3EKS 17 20B 0

// Init Vector:

D QC3IV 21 52



//****************************************************************



// KEYD0200 key description format structure

// Qc3 Format KEYD0200

// -----------------------------------------

DQC3D020000 DS

// Key Type:

D QC3KT 1 4B 0

// Key String Len:

D QC3KSL 5 8B 0

// Key Format:

D QC3KF 9 9

// Reserved:

D QC3ERVED02 10 12 inz(x'000000')



//****************************************************************



// API error structure

// -------------------

D APIERR DS

D ERRPRV 10I 0 INZ(272)

D ERRLEN 10I 0

D EXCPID 7A

D RSRVD2 1A

D EXCPDT 256A

D



//****************************************************************

// Working Vars:



D B64Outlen S 10I 0

D encryptedData S 100a

D encryptedDtaL S 10I 0

D algorithm S like(QC3D0200)

D algorithmFmt S 8 inz('ALGD0200')

D key S like(KeyC)

D keyFmt S 8 inz('KEYD0200')

D srvProvider S 1 inz('1')

D deviceName S 10 inz(*blanks)

D clrDta S 100a

D clrDtaBufL S 10I 0

D clrDtaRtnL S 10I 0



D KeyString S 256

D KeyC S 256

dcl-s txtOut char(50) ccsid(37);

//****************************************************************

// Main:



/free



// Base64 Decode the input string:

// ------------------------------



input='496QM9dt3+pzckI4U5oKAQ==';



B64Outlen = base64_decode( %addr(input)

: %size(%trimr(input))

: %addr(encryptedData)

: %size(encryptedData));





// AES-Decrypt the Base-64 decoded output:



// Set up QC3D0200 algorithm

// -------------------------

// ------- B E G I N -------



// Block cipher algorithm (22 is AES)

QC3BCA = 22;



// Block length (16 is AES)

QC3BL = 16;



// Mode (ECB=0,CBC=1)

QC3MODE = '0';



// Pad Option 1 - Use the char specified in the pad character field

QC3PO = '0';



// Pad Character

QC3PC = X'00';



// Reserved

QC3ERVED = X'00';



// MAC Length - not used - set to null(binary 0s)

QC3MACL = X'00000000';



// Effective key size - must be set to 0.

QC3EKS = 0;



// Initialization vector

// The initialization vector (IV). An IV is not used for mode ECB,

// and must be set to NULL (binary 0s).

QC3IV = *AllX'00';



algorithm = QC3D0200;



// --------- E N D ---------

// Set up QC3D0200 algorithm

// -------------------------



// Set up QC3D0200 Key

// -------------------

// ---- B E G I N ----



// Key Type (KeyFormat 0, KeyLength =32)

// 22 AES

QC3KT = 22;



// Key Format

QC3KF = '0';



// Key String

KeyString ='11111111111111111111111111111111';



// Key Length (AES type 22 has length 32)

QC3KSL = %len(%trimr(KeyString));



KeyC = QC3D020000 + %trimr(KeyString);

Key = KeyC;



// ------ E N D ------

// Set up QC3D0200 Key

// -------------------



// encrypted data= base64-decrypted result



encryptedDtaL = %len(%trimr(encryptedData));

clrDtaBufL= %size(ClrDta);



callP Qc3DecryptData( encryptedData :

encryptedDtaL :

algorithm :

algorithmFmt :

key :

keyFmt :

srvProvider :

deviceName :

clrDta :

clrDtaBufL :

clrDtaRtnL :

APIERR

);

If ERRLEN > 0;

msg = EXCPID;

EndIf;



txtOut = clrDta;



*InLr = *On;
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription

related questions.

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.