Copy link to clipboard
Copied
Hello everyone,
I am trying to exchange data, via a REST service I wrote with a 3rd party. We are using AES Symmetric encryption, which means I need to get an IV and a SALT from a large hexadecimal encoded string, and use that SALT (with a shared password) to generate the apprpriate key to decrypt the message part of the hexadecimal string. My problem is coming with converting the hexadecimal string into a readable SALT.
Here is my current code designed to read the hexadecimal string. You will notice that I am merely taking pieces of the string off (as the representative characters of the bytes represented) using Left and Mid. I then attempt to binaryEncode the strings as hex, and then I binaryDecode them as base64. While this produces a SALT that is of the same character lenght as the correct SALT, it does not produce the correct SALT.
What would be the correct way to decode a hexadecimal string to extract an IV + SALT + Message in a way that I can convert them to readable formats for decrypt() and generatePBKDFKey().
pwd = "REDACTED FOR SECURITY";
encryptionAlgorithm = "AES/GCM/NoPadding";
PBKDFalgorithm = "PBKDF2WithSHA256";
str_len = Len(data);
iter = 65536;
key_size = 128;
str_nonce = Left(data, 24); //gets the NONCE try at 23
str_salt = Mid(data, 25, 40); //gets the SALT
salt_dec = binaryDecode(str_salt, 'hex'); //converts SALT string to a binary
salt_conv = binaryEncode(salt_dec, 'base64'); //converts SALT binary to a base64 string
msg_locate = ((str_len - 32)-64); //figures out how long the message is.
str_message = Mid(data, 65, msg_locate); //gets the message characters.
hex_dec = binaryDecode(str_message, 'hex'); //converts the message string to a binary
string_conv = binaryEncode(hex_dec, 'base64'); // converts the message binary to a base64 string
str_tag = Right(data, 32);
derivedKey = GeneratePBKDFKey(PBKDFalgorithm ,pwd,salt_conv,iter,key_size); //generates a decryption key with the above parameters.
Copy link to clipboard
Copied
To start with, debug by outputting each string. You can then see whether each is what you expect.