1

So, I'm trying to decrypt a data on Postgres that was encrypted on C#.

On both sides I'm trying to have the same specification:

  • Algorithm: DES
  • Mode: ECB
  • Padding: PKCS
  • Key: md5 hashed bytes from string

Well, I couldn't find on Postgres docs anything about DES algorithm and "Postgres PKCS" and "C# PKCS7", while reading pgcrypto

enter image description here

So, for my tests I wrote an small sample code in C#, here:

using System;
                    
public class Program
{
    public static void Main()
    {
        System.Text.StringBuilder sbHash = new System.Text.StringBuilder();
        System.Security.Cryptography.MD5CryptoServiceProvider md5provider = new System.Security.Cryptography.MD5CryptoServiceProvider();
        byte[] keyBytes = md5provider.ComputeHash(new System.Text.UTF8Encoding().GetBytes("myCriptoKey"));
        string myText = "testing texts";

        for (int i = 0; i < keyBytes.Length; i++)
        {
            sbHash.Append(keyBytes[i].ToString("x2")); //X2 for uppercase
        }
        
        Console.WriteLine("MD5 1: " + sbHash.ToString());
        Console.WriteLine("MD5 2: " + BitConverter.ToString(keyBytes).Replace("-","").ToLower());
        
        var criptoProvider = new System.Security.Cryptography.TripleDESCryptoServiceProvider
        {
            Mode = System.Security.Cryptography.CipherMode.ECB,
            Key = keyBytes,
            Padding = System.Security.Cryptography.PaddingMode.PKCS7
        };

        byte[] bytesFroMyText = System.Text.Encoding.UTF8.GetBytes(myText);
        byte[] bytesEncrypted = criptoProvider.CreateEncryptor().TransformFinalBlock(bytesFroMyText, 0, bytesFroMyText.Length);

        string result = Convert.ToBase64String(bytesEncrypted);
        
        Console.WriteLine("To B64: " + result);
        
        bytesFroMyText = Convert.FromBase64String(result);
        byte[] bytesDecrypted = criptoProvider.CreateDecryptor().TransformFinalBlock(bytesFroMyText, 0, bytesFroMyText.Length);

        result = System.Text.Encoding.UTF8.GetString(bytesDecrypted);
        
        Console.WriteLine("From B64: " + result);
    }
}

Generating the following output:

MD5 1: 0a76defbd66108b4d01405901f752604
MD5 2: 0a76defbd66108b4d01405901f752604
To B64: +hib+YR+/a0JuUhVm0TiJQ==
From B64: testing texts

So, as you can notice, my encrypted result after convert to base 64 is "+hib+YR+/a0JuUhVm0TiJQ==".

But I couldn't generate the same result on Postgres, trying the following:

SELECT ENCODE(ENCRYPT('testing texts', 'myCriptoKey', 'des-ecb/pad:pkcs')::bytea, 'base64');
SELECT ENCODE(ENCRYPT('testing texts', 'myCriptoKey'::bytea, 'des-ecb/pad:pkcs')::bytea, 'base64');
SELECT ENCODE(ENCRYPT('testing texts', MD5('myCriptoKey')::bytea, 'des-ecb/pad:pkcs')::bytea, 'base64');
SELECT ENCODE(ENCRYPT('testing texts', DIGEST('myCriptoKey', 'md5')::bytea, 'des-ecb/pad:pkcs')::bytea, 'base64');

Results are:

B5/rqJsOUBdMFQDgqYT9YA==
B5/rqJsOUBdMFQDgqYT9YA==
XQMiNJStZx/+xLvrLH8U7A==
0F/aYK60eaiYkI2T+IPaMA==

So if I use C# generated base64 string on any sql DECODE matching all tried encryption above, like:

SELECT CONVERT_FROM(DECRYPT(DECODE('+hib+YR+/a0JuUhVm0TiJQ==','base64')::bytea, DIGEST('myCriptoKey', 'md5')::bytea, 'des-ecb/pad:pkcs'), 'UTF-8')

Result is:

ERROR:  invalid byte sequence for encoding "UTF8": 0xff
SQL state: 22021

So, my question is. How to decrypt on Postgres the generated data on C# script above.

Andrew Paes
  • 1,940
  • 1
  • 15
  • 20

0 Answers0