1

I am using a python program to take a large string (256 bytes or more) and encrypt it using AES-CBC. This would happen on a Linux system then the encrypted data would be transferred to a windows machine where it would be decrypted. I am able to encrypt the data in python, but cannot decrypt the data in PowerShell. I believe my issue is with the PowerShell code, but am not completely sure. In PowerShell I am getting a large string of ASCII characters as my output:

IV is equal to 81 114 150 34 27 90 82 1 78 188 221 119 110 240 56 183
AES key is TXlwYXNzcGhyYXNlS2V5MQ==
Unencrypted string: TextMustBe16BytesUsually
Encrypted string: ZjE5NGRkMjY0MGU3NzJhNjRlZWI1MjlhYzlmNzk4N2NhNjE4ZjlmZDE5MmE3MWJjZDczMTBlZjBmNDQ3ZTUzMw==
Unencrypted string: g�V��⓪����DĖ    u���.Ӣ���B�#�!�v����ƭɐ

I will post the source for both below, any help is greatly appreciated.

Python:

from Crypto.Cipher import AES
import hashlib
import sys
import base64
import binascii
import Padding

val='TextMustBe16BytesUsually'
password='ew+39INFhCg+rcNZsY/bd64hWoopaOA5m8r9mgfF/x0='
ival= 12345678


plaintext=val

def encrypt2(plaintext,key, mode,iv):
    encobj = AES.new(key,mode,iv)
    return(encobj.encrypt(plaintext))

def decrypt2(ciphertext,key, mode,iv):
    encobj = AES.new(key,mode,iv)
    return(encobj.decrypt(ciphertext))


key = hashlib.sha256(password).digest()

iv= hex(ival)[2:8].zfill(16)



print "IV: "+ base64.b64encode(iv)

plaintext=val
plaintext = Padding.appendPadding(plaintext,blocksize=Padding.AES_blocksize,mode=0)

ciphertext = encrypt2(plaintext,key,AES.MODE_CBC,iv)
print ciphertext
print "Cipher (CBC): "+ base64.b64encode(binascii.hexlify(bytearray(ciphertext)))

plaintext = decrypt2(ciphertext,key,AES.MODE_CBC,iv)
plaintext = Padding.removePadding(plaintext,mode=0)
print "Decrypt: "+plaintext

Powershell:

function Create-AesManagedObject($key, $IV) {
    $aesManaged = New-Object "System.Security.Cryptography.AesManaged"
    $aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
    $aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
    $aesManaged.BlockSize = 128
    $aesManaged.KeySize = 256
    if ($IV) {
        if ($IV.getType().Name -eq "String") {
            $aesManaged.IV = [System.Convert]::FromBase64String($IV)
        }
        else {
            $aesManaged.IV = $IV
        }
    }
    if ($key) {
        if ($key.getType().Name -eq "String") {
            $aesManaged.Key = [System.Convert]::FromBase64String($key)
        }
        else {
            $aesManaged.Key = $key
        }
    }
    $aesManaged
}

function Create-AesKey() {
    $aesManaged = Create-AesManagedObject
    $aesManaged.GenerateKey()
    [System.Convert]::ToBase64String($aesManaged.Key)
}


function Decrypt-String($key, $encryptedStringWithIV) {
    $bytes = [System.Convert]::FromBase64String($encryptedStringWithIV)
    $aesManaged = Create-AesManagedObject $key $IV
    $decryptor = $aesManaged.CreateDecryptor();
    $unencryptedData = $decryptor.TransformFinalBlock($bytes, 16, $bytes.Length - 16);
    $aesManaged.Dispose()
    [System.Text.Encoding]::UTF8.GetString($unencryptedData).Trim([char]0)
}


$key = "ew+39INFhCg+rcNZsY/bd64hWoopaOA5m8r9mgfF/x0="
"KEY:"
$key
"IV:"
$IV
$unencryptedString = "TextMustBe16BytesUsually"
"ENCRYPTED STRING"
$encryptedString = "ZjE5NGRkMjY0MGU3NzJhNjRlZWI1MjlhYzlmNzk4N2NhNjE4ZjlmZDE5MmE3MWJjZDczMTBlZjBmNDQ3ZTUzMw=="
$encryptedString
$backToPlainText = Decrypt-String $key $encryptedString
"Plain Text"
$backToPlainText
electroman
  • 51
  • 1
  • 5

1 Answers1

1

I modified your Encrypt. Your encrypt was missing the $IV reference.

The decrypt appends the IV array and also passes it to the object.

function Encrypt-String($key, $unencryptedString) {
    $bytes = [System.Text.Encoding]::UTF8.GetBytes($unencryptedString)
    $aesManaged = Create-AesManagedObject $key $IV
    $encryptor = $aesManaged.CreateEncryptor()
    $encryptedData = $encryptor.TransformFinalBlock($bytes, 0, $bytes.Length);
    [byte[]] $fullData = $aesManaged.IV + $encryptedData
    $aesManaged.Dispose()
    [System.Convert]::ToBase64String($fullData)
}

function Decrypt-String($key, $encryptedStringWithIV) {

    $bytes = [System.Convert]::FromBase64String($encryptedStringWithIV)
    $IV = $bytes[0..15]
    $aesManaged = Create-AesManagedObject $key $IV
    $decryptor = $aesManaged.CreateDecryptor();
    $unencryptedData = $decryptor.TransformFinalBlock($bytes, 16, $bytes.Length - 16);
    $aesManaged.Dispose()
    [System.Text.Encoding]::UTF8.GetString($unencryptedData).Trim([char]0)
}


$unencryptedString = "TextMustBe16BytesUsually"
$encryptedString = Encrypt-String $key $unencryptedString
$backToPlainText = Decrypt-String $key $encryptedString
$backToPlainText
Ctznkane525
  • 7,297
  • 3
  • 16
  • 40
  • Thank you, but although it does help, the issue is with the python encrypt function, not the PowerShell function. I need it encrypted in Python and decrypted in PowerShell. I apologize for any confusion. – electroman Jan 17 '18 at 03:02
  • Your python code only takes part of it array [2,8]...why? – Ctznkane525 Jan 17 '18 at 03:13
  • Because the hex() function prints the value of whatever is passed to it in the format "0x(Hex-Value)". [2:8] removes the 0x prefix. – electroman Jan 17 '18 at 21:17