解密使用Java中的”co_aes256_algorithm_pem”在SAP中加密的数据

huangapple go评论82阅读模式
英文:

Decrypting data encrypted in SAP using co_aes256_algorithm_pem in Java

问题

String encryptionKey = "D5F748A3CE9C5AAAFF5C216387C92C43BC5C5BE443281D07E9128759A02FA0A2";
String encryptedString = "AA68A1E527F81C7E2101910AC39B9E482AD85EB37A414492D6F647878236D5466F92B4F650BB89456A282FC01664063FE6B07FA92043F2447463C3529676C81DC050010F84D402460BBE2F031508D0B2109314DDB001D726C012DBA577F9EB5791BF43AEF87D215E5C8C9DC657A869FB509F77EAD71542EA5BC8568F4E636A2575544816AAAFE6A1DE73888A858EA879B754BB0A9DE48B6E52541A999F881AE6EB83C8C548BE5088C31556B86F9A5DABA4105031240B8599EA028C734044E5A5403B196FCA220FB8ECAB176C4F689157961C93AA96EA912558673532A9D6D5D58437137EA28653112A3DBAE35AFF2DC0C4F8A635017274CB713A0207D116E22D5D6C156AEF579FD1D36F4B64DDDB39A97FD8E6DBA4ED9DC970F4F5F2A5E0A8CBEFCE0A3750C31CE01927CBCF9713E28B186B631F331514530C8906D7BC4BEF022466715DEAC62B15DF933E79AFB4152E1472FF456B090CBD6186F288D090A96DA96D4865D6CD835B3C77151BA4F35D6F199B11DF6B1CBA4157888FAA8D1BCB24259F2EB58713826F147C8AC96697C021482F5185E7D232A23C8A0A54E483BC02D033C5FA5D50250AC30D2EBEA6A257B8E3FA441111EC0EF3CBA01FE83681EF5ED233D1D4006F55BDACD50E1A42EE65AB869E41BE6084647DC508DEF4AF4FE8D5E39E92338EAF3AF54D91FFBA1E1F1D7F5DE8893C6CEEED16563EDAE8EDD7032C11F90C698265A0E8D2145489534EE5107D226C1D1F5229FD1E83369A5A7CAABD3CDBFCC643BDD00A640C189C3D582CBE41F697EA3DBA0A33930F616E007AD0695752FABAB91EAD96639651E9E017F039DC7004A9E2FDC06A383E46F8157EFB7FC634BDD9712C9DD9A3F254FED39EB750B2D8D1C8A7A369B5EC292059E7729C1FBDF755518CB2AF8EDFD796D268A32CAD9FF804450E8A0EC17F1A895DCF4E62D0AF845F14A023AD7F9EAF70EA014B34C589B85FAE2AFBE91BB7D0A8F731FD8000FA0766339EA9E451F88AEFC9860B1408EC50D0A7E330CE5A8C39CA84717717DEBC2367A42D057509DA24B391B586934A94DBE2B354A10C4075126D4613BAADC5C9D04F1A76144DAA95BBDA55E6C64DF92C1CC37FA4DA699386EFEC3065D2562101AAAB730BD9F450E87C00282632028EE582B85CBFB4860921EAF1AED0DDE83EA5D64E004EB8DBE771A098C6D804D8B1A7DA5CFCEEF162C0597530AB62937568FB4324B2FC97F2E535FF33668FB1121135D9B7798692D0B8187C9FB0AAE76438524CCD2C4AA97FFEBE666295F4B99278BABE306AE30CDD41C377E1DA6EC65B85FCFCA1E224430C9919B755727C8E86C7CACBB08CDCD5E24ABD5B8E0208FE5A50D59388605B883D32F35A91B201D1A632F26DFA4AC5EDB223DB73974DC206BC70F16E58D0ED0616F9A15C3B4C66E0169813402AF2AA0FF9440A7A368EDEA125EE62DB630FD49183588C68B3964E8BBBA06B02D08350D85A6400F5C97F7DF42E9EB79880337E14A9C0228A502E4D834832CF93859DBD36E68F5811BFD1EAAD30F82A807ECB2C5D44D7CFAAF45497C685A1114A3EFD6FCD9A76CD8FB6CDDF3985396D358B696B59EDA7411A427C495B99289EA4E5F0F64DB60A338B97A211E73EE36D70B3594559FB292E7E5C6A29894F807C70C6324C1F22E7998C107E1D2DB9795AA7C81EA80B6AD5762B50C1925DD06C3DC7FF1B5188749DF27D16F92A79D216111E0F27EF3BEE736F0D84AABB5D874A9B607CB5DC3BC61B41E5FA9F0A8F7931D1E9333281150BF70C719AB893635DE9DDC45F916328DE54F8F3C0C0B9109F7D507FB42CE

<details>
<summary>英文:</summary>

I need to decrypt text data I get from SAP. The data is encrypted using co_aes256_algorithm_pem similar to [this][1]

SAP sends me a key and data encrypted and we should use this key to decrypt the data in Java.
In SAP side, The IV Value (32 0&#39;s is added to padding )

Below is an example of key and encrypted data. I am trying to decrypt it in simple java program but can not initiate a key with with suitable length.

        String encryptionKey = &quot;D5F748A3CE9C5AAAFF5C216387C92C43BC5C5BE443281D07E9128759A02FA0A2&quot;;
		
		String encryptedString = &quot;AA68A1E527F81C7E2101910AC39B9E482AD85EB37A414492D6F647878236D5466F92B4F650BB89456A282FC01664063FE6B07FA92043F2447463C3529676C81DC050010F84D402460BBE2F031508D0B2109314DDB001D726C012DBA577F9EB5791BF43AEF87D215E5C8C9DC657A869FB509F77EAD71542EA5BC8568F4E636A2575544816AAAFE6A1DE73888A858EA879B754BB0A9DE48B6E52541A999F881AE6EB83C8C548BE5088C31556B86F9A5DABA4105031240B8599EA028C734044E5A5403B196FCA220FB8ECAB176C4F689157961C93AA96EA912558673532A9D6D5D58437137EA28653112A3DBAE35AFF2DC0C4F8A635017274CB713A0207D116E22D5D6C156AEF579FD1D36F4B64DDDB39A97FD8E6DBA4ED9DC970F4F5F2A5E0A8CBEFCE0A3750C31CE01927CBCF9713E28B186B631F331514530C8906D7BC4BEF022466715DEAC62B15DF933E79AFB4152E1472FF456B090CBD6186F288D090A96DA96D4865D6CD835B3C77151BA4F35D6F199B11DF6B1CBA4157888FAA8D1BCB24259F2EB58713826F147C8AC96697C021482F5185E7D232A23C8A0A54E483BC02D033C5FA5D50250AC30D2EBEA6A257B8E3FA441111EC0EF3CBA01FE83681EF5ED233D1D4006F55BDACD50E1A42EE65AB869E41BE6084647DC508DEF4AF4FE8D5E39E92338EAF3AF54D91FFBA1E1F1D7F5DE8893C6CEEED16563EDAE8EDD7032C11F90C698265A0E8D2145489534EE5107D226C1D1F5229FD1E83369A5A7CAABD3CDBFCC643BDD00A640C189C3D582CBE41F697EA3DBA0A33930F616E007AD0695752FABAB91EAD96639651E9E017F039DC7004A9E2FDC06A383E46F8157EFB7FC634BDD9712C9DD9A3F254FED39EB750B2D8D1C8A7A369B5EC292059E7729C1FBDF755518CB2AF8EDFD796D268A32CAD9FF804450E8A0EC17F1A895DCF4E62D0AF845F14A023AD7F9EAF70EA014B34C589B85FAE2AFBE91BB7D0A8F731FD8000FA0766339EA9E451F88AEFC9860B1408EC50D0A7E330CE5A8C39CA84717717DEBC2367A42D057509DA24B391B586934A94DBE2B354A10C4075126D4613BAADC5C9D04F1A76144DAA95BBDA55E6C64DF92C1CC37FA4DA699386EFEC3065D2562101AAAB730BD9F450E87C00282632028EE582B85CBFB4860921EAF1AED0DDE83EA5D64E004EB8DBE771A098C6D804D8B1A7DA5CFCEEF162C0597530AB62937568FB4324B2FC97F2E535FF33668FB1121135D9B7798692D0B8187C9FB0AAE76438524CCD2C4AA97FFEBE666295F4B99278BABE306AE30CDD41C377E1DA6EC65B85FCFCA1E224430C9919B755727C8E86C7CACBB08CDCD5E24ABD5B8E0208FE5A50D59388605B883D32F35A91B201D1A632F26DFA4AC5EDB223DB73974DC206BC70F16E58D0ED0616F9A15C3B4C66E0169813402AF2AA0FF9440A7A368EDEA125EE62DB630FD49183588C68B3964E8BBBA06B02D08350D85A6400F5C97F7DF42E9EB79880337E14A9C0228A502E4D834832CF93859DBD36E68F5811BFD1EAAD30F82A807ECB2C5D44D7CFAAF45497C685A1114A3EFD6FCD9A76CD8FB6CDDF3985396D358B696B59EDA7411A427C495B99289EA4E5F0F64DB60A338B97A211E73EE36D70B3594559FB292E7E5C6A29894F807C70C6324C1F22E7998C107E1D2DB9795AA7C81EA80B6AD5762B50C1925DD06C3DC7FF1B5188749DF27D16F92A79D216111E0F27EF3BEE736F0D84AABB5D874A9B607CB5DC3BC61B41E5FA9F0A8F7931D1E9333281150BF70C719AB893635DE9DDC45F916328DE54F8F3C0C0B9109F7D507FB42CEFB12B9190BB0AED218AE70597DBAB53D3F5BB1E7312D343D9A615A46FC9D0179F20389AC99C7061FA9828C665C8077996D3262A35D68A55B1B682686FF86D2F3E7683E13BB9F828403FAF56F9186448B4F25FC7A0AFB5E2B1FE57D864AD177155C9BACE2D734CEDBA8BE5DCDDA241413ABF739082C48094225CDF069BF89338F9E991A3F6457A56A71B7F941E222E3B6A25E7B1F5892E9997C0E5D6EE8CAC041B455F976901CD25D98BC29FCC347C90445E34599F59DCFAE5477E0D492BC09B263E0516D4A622BA96F78F48B59E01F0DD3CE5113966286BC0DAABD3FD9C470E4EF1A5074819B964102C3C4006A3FD3395A7492B583FCA3AC1F51C7C1E54929A9963A0F9995E7EF7C098ACF4930F1795740E605AE79BFC6CDB0541FEC7259520D0A0588A64B7CD595D5E69CAE43907BEDDFD6DDCBA26486E56313315E83500315F2EA51B67D7F45B29736EDB47A10A614304242C8C1719FE198104BD4CCA50AB78BBB4D0C05D41860BE276FA742FB4BFDA2EFBCAA4DBC2B6542ED660E5F1113B19286833C7393BF846A20E7E2D6C9D8BB9760A4A3D65F92C7FF2E337FEFB4EC7BC6EE9F3C2DF1D78936554ABE0891DF0A4EEE552043A5AC44DA8EF309DC1A9E9226E2AE81813566596F209F9AB51C7B34AEA8BB6C24981A493E399243D7C5AEFEA60287EE7E58549F0A075C8CF120F1A5DC8ABD34553FACE945081BC729E1F1864235E3407845F058FD77E2C97207BCEFA0EECB4FCFE7B78789329D0985BA25C1EEB78846F10B9565659230642734586202542819C3DD1A9B161269CA4BB7454CF0186AF6CE724A31B9F545F4886AC08A2F5EE72254644423920D2C31F20C532DE8614E270B337451C69C695E7CB76D2CFF35896843C91BAA69AE67875243B74CEA1AEA7D9F008026206FA9D2774DA36423FF24B8839A2ECE0AEE750CB339ED015D817E10C802C51F76CF56C387C63FD04632EEBA5FBAFD6166BC034DA1F5697042369D2B1A1C0E0E27D131A079B537A3271682FAA49D7E821DE1DFBA9897CC65A2E8E0AAD17579095EEFB34E3A744D747AC452FDBB36A86502BDB0E&quot;;
		
		byte[] encryptedBytes = Base64.getDecoder().decode(encryptedString);
		
		Cipher cipher = Cipher.getInstance(&quot;AES/CBC/PKCS5Padding&quot;);
		
		SecretKeySpec secKeySpec = new SecretKeySpec(encryptionKey.getBytes(), &quot;AES&quot;);
		
        byte[] ivBytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
    	IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes);
	
    	cipher.init(Cipher.DECRYPT_MODE, secKeySpec, ivParameterSpec);
    
    	String decrypted = new String(cipher.doFinal(encryptedBytes));    	
    	
    	System.out.println(decrypted);

I get **java.security.InvalidKeyException: Invalid AES key length: 64 bytes**

I checked this [this ][2] but I do not have a salt. And I also checked this [this link][3] but I can not generate a key using my own encryptionKey.

Is there another solution for this? how can this be decrypted?


  [1]: https://blogs.sap.com/2019/08/26/aes-encryption-in-abap/
  [2]: https://stackoverflow.com/questions/992019/java-256-bit-aes-password-based-encryption?rq=1
  [3]: https://www.javainterviewpoint.com/aes-256-encryption-and-decryption/

</details>


# 答案1
**得分**: 2

我可以解密密文如果密钥和密文经过十六进制解码例如使用 [`hexStringToByteArray()`][1]),并且在CBC模式下使用AES-256初始向量为零向量即16个`0x00`),并且**没有**填充:`AES/CBC/NoPadding`。如果应用了填充`AES/CBC/PKCS5Padding`,会引发*BadPaddingException*异常

解密后的明文开始和结束如下

    &quot;MANDT&quot;,&quot;MATNR&quot;,&quot;ERSDA&quot;,&quot;ERNAM&quot;,&quot;LAEDA&quot;,&quot;AENAM&quot;,...,&quot;FS_BEV1_FS_NESTRUCCAT&quot;,&quot;FS

根据链接的网站加密时使用了`AES/CBC/PKCS5Padding`。然而这与密文不一致或者只与不完整的密文一致其长度偶然地?)与块大小的整数倍对应),其中缺少了填充部分

以下代码可用于解密

```java
String encryptionKey = &quot;D5F748A3CE9C5AAAFF5C216387C92C43BC5C5BE443281D07E9128759A02FA0A2&quot;;	    
String encryptedString = &quot;AA68...DB0E&quot;;
    
//byte[] encryptedBytes = Base64.getDecoder().decode(encryptedString);						
byte[] encryptedBytes = hexStringToByteArray(encryptedString);								// hex decode ciphertext
    
//SecretKeySpec secKeySpec = new SecretKeySpec(encryptionKey.getBytes(), &quot;AES&quot;);
SecretKeySpec secKeySpec = new SecretKeySpec(hexStringToByteArray(encryptionKey), &quot;AES&quot;);	// hex decode key (32 bytes =&gt; AES-256)
    
byte[] ivBytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };						// use a zero vector as IV
IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes);

Cipher cipher = Cipher.getInstance(&quot;AES/CBC/NoPadding&quot;);									// use no padding	    
cipher.init(Cipher.DECRYPT_MODE, secKeySpec, ivParameterSpec);

String decrypted = new String(cipher.doFinal(encryptedBytes));
System.out.println(decrypted);																// &quot;MANDT&quot;,&quot;MATNR&quot;,...,&quot;FS_BEV1_FS_NESTRUCCAT&quot;,&quot;FS
英文:

I can decrypt the ciphertext if key and ciphertext are hex decoded (e.g. with hexStringToByteArray()), AES-256 is used in CBC mode with a zero vector as IV (i.e. 16 0x00 values), and no padding: AES/CBC/NoPadding. If a padding is applied, i.e. AES/CBC/PKCS5Padding, a BadPaddingException is thrown.

The decrypted plaintext begins and ends as follows:

&quot;MANDT&quot;,&quot;MATNR&quot;,&quot;ERSDA&quot;,&quot;ERNAM&quot;,&quot;LAEDA&quot;,&quot;AENAM&quot;,...,&quot;FS_BEV1_FS_NESTRUCCAT&quot;,&quot;FS

According to the linked website, AES/CBC/PKCS5Padding was used for encryption. However, this is not consistent with the ciphertext or only with an incomplete ciphertext (whose length (by chance?) corresponds to a integer multiple of the blocksize), where the part with the padding is missing.

The following code can be used for decryption:

String encryptionKey = &quot;D5F748A3CE9C5AAAFF5C216387C92C43BC5C5BE443281D07E9128759A02FA0A2&quot;;	    
String encryptedString = &quot;AA68...DB0E&quot;;
//byte[] encryptedBytes = Base64.getDecoder().decode(encryptedString);						
byte[] encryptedBytes = hexStringToByteArray(encryptedString);								// hex decode ciphertext
//SecretKeySpec secKeySpec = new SecretKeySpec(encryptionKey.getBytes(), &quot;AES&quot;);
SecretKeySpec secKeySpec = new SecretKeySpec(hexStringToByteArray(encryptionKey), &quot;AES&quot;);	// hex decode key (32 bytes =&gt; AES-256)
byte[] ivBytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };						// use a zero vector as IV
IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes);
Cipher cipher = Cipher.getInstance(&quot;AES/CBC/NoPadding&quot;);									// use no padding	    
cipher.init(Cipher.DECRYPT_MODE, secKeySpec, ivParameterSpec);
String decrypted = new String(cipher.doFinal(encryptedBytes));
System.out.println(decrypted);																// &quot;MANDT&quot;,&quot;MATNR&quot;,...,&quot;FS_BEV1_FS_NESTRUCCAT&quot;,&quot;FS

huangapple
  • 本文由 发表于 2020年8月26日 22:09:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/63599484.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定