2

I am being sent encrypted test data from a U2 system to see if it can be handled and utilised to increase security.

The SUBROUTINE generating the encrypted test data in U2 is:

RESULT=''
ALGORITHM="rc2-cbc"                     ; * 128 bit rc2 algorithm in CBC mode 
MYKEY="23232323" ; * HEX - Actual Key 
IV=   "12121212"               ; * HEX - Initialization Vector 


DATALOC=1                           ; * Data in String 
KEYLOC=1                            ; * Key in String 
ACTION=5                            ; * Base64 encode after encryption 
KEYACTION=1                         ; * KEY_ACTUAL_OPENSSL 
SALT=''                             ; * SALT not used 
RESULTLOC=1                         ; * Result in String RESULT 
OPSTRING = ''

RETURN.CODE=ENCRYPT(ALGORITHM,ACTION,DATASTRING,DATALOC,MYKEY,KEYLOC,KEYACTION,SALT,IV,OPSTRING,RESULTLOC)
RETURN.CODE = OPSTRING

The data being generated and encrypted is:

[RAWDATA] => Array
    (
        [196346] => 05FOAA
        [196347] => 05KI
        [196328] => 99FOZZ16S10
    )
[ENCRYPTED] => Array
    (
        [196346] => e0XB/jyE9ZM=
        [196347] => iaYoHzxYlmM=
        [196328] => BS/YmNtlzI95c9NLpl4JVHLJwI/MO3zJm6FKVqu2tcM=
    )

I am using the same information in PHP using openssl_decrypt:

$encdata = array_value;
$encryptionMethod = ALGORITHM; //"rc2-cbc"
$encryptionKey = MYKEY;//"23232323"
$options = 0;
$iv = IV; //"12121212"

$decryptedMessage = openssl_decrypt( $encdata, $encryptionMethod, $encryptionKey, $options, $iv );

Return value: bool(false)

I have tried different combinations of $options and tried encrypting the same data myself and I get different results.

I have to wait 24 hours to get a new file with any changes so I wanted to cover off as many problems as possible.

I have read over the documentation and I feel that the following could potentially be issues:

  1. ACTION=5 which I can only find 4 potential options from U2 docs - 1 - Encrypt, 2 - Encrypt, the Base64 encode, 3 - Decrypt, 4 - Base64 decode, then decrypt - Is it as simple as this being wrong? I hope so but want to cover of any other possible problems
  2. $encdata - I have tried with OPENSSL_RAW_DATA and 0 which I can't tell because the ACTION=5 which is neither Encrypt OR Encrypt & base64 encode
  3. $encryptionMethod - I don't think rc2-cbc is a valid option in PHP on my server but can't say categorically - I have suggested to change this to AES256
  4. $encryptionKey - is this ok to be a string of 8 chars? Does it need to be a specific length and does it need to be in binary? (Docs have conflicting info)
  5. $iv - same as above - is 8 chars and non-binary ok?

Any other insights before I send this off for overnight updates would be greatly appreciated.

PHP Fiddle with testing: http://phpfiddle.org/main/code/ixax-umq3

php-b-grader
  • 3,191
  • 11
  • 42
  • 53
  • According to my documentation ACTION 5 is the same as 2 but the Base 64 encoded result does not contain line breaks. Depending on how old the source system, this option might not even be supported. One thing you should also consider is the what character encoding the base system uses. – Van Amburg Aug 30 '18 at 16:00

0 Answers0