|
Yes - your problem has to do with CCSIDs - kinda.
The website you use, is most probably using UTF-8 as the char set, for the
text "Test" and for your key. And it encrypts the binary representation of
those UTF-8 code points (characters).
So if you want to decode this, you will have to use UTF-8 char fields, for
this results of the decryption.
You can't simply do a txtOut = clrDta because this will always involve an
conversion between CCSIDs in RPG - and wenn decrypting you have to deal
with the binary representations.
You have to overlay the result field of the API call with a UTF-8 field
(using based pointer or using a data structure) - or use memcpy (from the C
library) to move the binary data to a UTF-8 field without any CCSID
conversion.
Also your key-string '1111111...' has a different binary representation is
EBCDIC than in UTF-8. So you basically decrypt with a completely different
key.
You always have to use the exact same binary representation of input data,
keys and output when dealing with encrypted data from other systems.
Starting with the base64_decode call.
I can send you an example later, when I have access to my sources, if you
need it. I dealt with the creation of a JWT - and those are using UTF-8 by
definition. So I had to deal with all those conventions along the way of
all my RPG procedures.
HTH and kind regards,
Daniel
Am 16.05.2025 um 02:02 schrieb Adeline Baugh <adbaugh00@xxxxxxxxx>:I've
Hi, I'm scratching my head over this one. I suspect it's a cccsid and
thrown a variety of conversions at it and lost out. Does anyone have anyenter a
experience with AES decoding in RPG please?
Thanks in advance !
If I go to a website such as
https://www.devglan.com/online-tools/aes-encryption-decryption and
simple test to encrypt a string, I want to decrypt it in RPG on thepass
iSeries.
My Test is as follows:
On the website:
Text to encrypt = TEST
mode ECB
No Padding
Key size 256
Secret Key 11111111111111111111111111111111
The Base64 result is 496QM9dt3+pzckI4U5oKAQ==
Now if I use these values in my program, Base64-decode the input, then
the result into Qc3DecryptData the result is not 'TEST' :related questions.
Result:
[image: image.png]
Here's the program listing:
* CRTRPGMOD TESTDC
* CRTPGM PGM(lib/TESTDC) BNDSRVPGM(QC3DTAEN QC3PRNG)
*
H DEBUG OPTION(*SRCSTMT:*NODEBUGIO)
H DFTACTGRP(*NO) ACTGRP(*NEW) BNDDIR('HTTPAPI':'BASE64')
/copy BASE64_H
/copy httpapi_h
/******************************************************************
/* Interface:
D TESTDC PR ExtPgm('TESTDC')
D input 100A
D textdec 100A
D msg 256A
D TESTDC PI
D input 100A
D textdec 100A
D Msg 256A
D
//****************************************************************
// Procedure def:
// Decrypt Data (OPM, QC3DECDT; ILE, Qc3DecryptData) API
// Restores encrypted data to a clear (intelligible) form.
// ---------------------------------------------------------------
D Qc3DecryptData Pr ExtPgm('QC3DECDT')
D encryptedData 100a
D encryptedDtaL 10I 0
D algorithm like(QC3D0200)
D algorithmFmt 8
D key like(keyC)
D keyFmt 8
D srvProvider 1
D deviceName 10
D clrDta 100a
D clrDtaBufL 10I 0
D clrDtaRtnL 10I 0
D errcde like(APIERR)
//****************************************************************
// Data Structures:
//ALGD0200 algorithm description structure
//Qc3 Format ALGD0200
// -----------------------------------------
DQC3D0200 DS
// Block Cipher Alg:
D QC3BCA 1 4B 0
// Block Length:
D QC3BL 5 8B 0
// Mode:
D QC3MODE 9 9
// Pad Option:
D QC3PO 10 10
// Pad Character:
D QC3PC 11 11
// Reserved:
D QC3ERVED 12 12
// MAC Length:
D QC3MACL 13 16B 0
// Eff Key Size:
D QC3EKS 17 20B 0
// Init Vector:
D QC3IV 21 52
//****************************************************************
// KEYD0200 key description format structure
// Qc3 Format KEYD0200
// -----------------------------------------
DQC3D020000 DS
// Key Type:
D QC3KT 1 4B 0
// Key String Len:
D QC3KSL 5 8B 0
// Key Format:
D QC3KF 9 9
// Reserved:
D QC3ERVED02 10 12 inz(x'000000')
//****************************************************************
// API error structure
// -------------------
D APIERR DS
D ERRPRV 10I 0 INZ(272)
D ERRLEN 10I 0
D EXCPID 7A
D RSRVD2 1A
D EXCPDT 256A
D
//****************************************************************
// Working Vars:
D B64Outlen S 10I 0
D encryptedData S 100a
D encryptedDtaL S 10I 0
D algorithm S like(QC3D0200)
D algorithmFmt S 8 inz('ALGD0200')
D key S like(KeyC)
D keyFmt S 8 inz('KEYD0200')
D srvProvider S 1 inz('1')
D deviceName S 10 inz(*blanks)
D clrDta S 100a
D clrDtaBufL S 10I 0
D clrDtaRtnL S 10I 0
D KeyString S 256
D KeyC S 256
dcl-s txtOut char(50) ccsid(37);
//****************************************************************
// Main:
/free
// Base64 Decode the input string:
// ------------------------------
input='496QM9dt3+pzckI4U5oKAQ==';
B64Outlen = base64_decode( %addr(input)
: %size(%trimr(input))
: %addr(encryptedData)
: %size(encryptedData));
// AES-Decrypt the Base-64 decoded output:
// Set up QC3D0200 algorithm
// -------------------------
// ------- B E G I N -------
// Block cipher algorithm (22 is AES)
QC3BCA = 22;
// Block length (16 is AES)
QC3BL = 16;
// Mode (ECB=0,CBC=1)
QC3MODE = '0';
// Pad Option 1 - Use the char specified in the pad character field
QC3PO = '0';
// Pad Character
QC3PC = X'00';
// Reserved
QC3ERVED = X'00';
// MAC Length - not used - set to null(binary 0s)
QC3MACL = X'00000000';
// Effective key size - must be set to 0.
QC3EKS = 0;
// Initialization vector
// The initialization vector (IV). An IV is not used for mode ECB,
// and must be set to NULL (binary 0s).
QC3IV = *AllX'00';
algorithm = QC3D0200;
// --------- E N D ---------
// Set up QC3D0200 algorithm
// -------------------------
// Set up QC3D0200 Key
// -------------------
// ---- B E G I N ----
// Key Type (KeyFormat 0, KeyLength =32)
// 22 AES
QC3KT = 22;
// Key Format
QC3KF = '0';
// Key String
KeyString ='11111111111111111111111111111111';
// Key Length (AES type 22 has length 32)
QC3KSL = %len(%trimr(KeyString));
KeyC = QC3D020000 + %trimr(KeyString);
Key = KeyC;
// ------ E N D ------
// Set up QC3D0200 Key
// -------------------
// encrypted data= base64-decrypted result
encryptedDtaL = %len(%trimr(encryptedData));
clrDtaBufL= %size(ClrDta);
callP Qc3DecryptData( encryptedData :
encryptedDtaL :
algorithm :
algorithmFmt :
key :
keyFmt :
srvProvider :
deviceName :
clrDta :
clrDtaBufL :
clrDtaRtnL :
APIERR
);
If ERRLEN > 0;
msg = EXCPID;
EndIf;
txtOut = clrDta;
*InLr = *On;
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.