ABN 25 173 915 011 markomedia - web development

markomedia - web development

  • Home
  • Contact
  • Blog

2011 October

  • markomedia
    • 2011
      • October
Share |
  • October 15, 2011

    AES-128 padded encryption/decryption with Railo, Java and AS3

    Author
    Marko Tomic

    I’ve recently been working on text file decryption using Railo server. My files were encrypted in ActionScript 3 with the powerful AES-128 algorithm. For more info on AS3 encryption see Hurlant Crypto demo.

    My challenge was to decypt this heavily encrypted content on a different platform, i.e. Railo with underlying Java Cipher capabilities.

    The 6 things I knew about the encrypted content were:
    1. Encryption Method – AES
    2. Mode – CBC (Cipher-block chaining)
    3. Padding – PKCS5
    4. Initialisation Vector (IV) – given hex string
    5. Passphrase – given hex string
    6. Encrypted text file saved in base64 encoded string.

    For my records, this is how I went about decrypting on Railo:

    <cfscript>
    // Create some java objects
    IvParameterSpec = createObject("java", "javax.crypto.spec.IvParameterSpec");
    Cipher = createObject("java", "javax.crypto.Cipher");
    SecretKeySpec = createObject("java", "javax.crypto.spec.SecretKeySpec");
    BASE64Decoder = createObject("java", "sun.misc.BASE64Decoder");
    Str = createObject("java", "java.lang.String");
    MessageDigest = createObject("java", "java.security.MessageDigest");
     
    encryptedFileContent = "base64encodedcontent";
    password = binarydecode("somehexpassphrase", "hex");
    iv = binarydecode("somehexivstring", "hex");
     
    skeySpec = SecretKeySpec.init(password, "AES");
    ivSpec = IvParameterSpec.init(iv);
    cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
     
    encryptedContent = BASE64Decoder.decodeBuffer(encryptedFileContent);
    cipher.init(Cipher.DECRYPT_MODE,skeySpec,ivSpec);
    decryptedBytes = cipher.doFinal(encryptedContent);
    decryptedString = Str.init(decryptedBytes);
    </cfscript>

    Now that we know how the decryption works, encrypting data on Railo should be a piece of cake. For example:

    <cfscript>
    password = "somepassphrase";
    stringToEncrypt = "stringToEncrypt";
    md = MessageDigest.getInstance("MD5");
    md.update(password.getBytes("UTF-8"), 0, password.length());
    rawKey = md.digest();
     
    skeySpec = SecretKeySpec.init(rawKey, "AES");
    ivSpec = IvParameterSpec.init(rawKey);
    cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
     
    encryptedbytes = cipher.doFinal(stringToEncrypt.getBytes());
    </cfscript>

    The only thing you need to be aware of is the format of parameters passed into encryption/decryption logic, and convert them appropriately. These parameters can be either plain, base64 or hex strings.

    Who would’ve thought that reverse engineering could be som much fun :)

    Cheers
    Marko

    Top
  • October 8, 2011

    Compile Apache2 from source on OS X

    Author
    Marko Tomic

    I’ve had to reinstall apache server on my Mac and the only way to do it cleanly was to nuke my existing apache installation and compile a fresh one from source.

    That’s all cool, but I could never remember what modules I needed and how to enable them.  If you don’t load any modules at compile time, this is the most likely error you’ll get when you start apache web server:

    Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

    So the following steps worked well for me.

    1. Download Apache 2.2 source code

    2. Extract the source code and configure apache with required modules. These modules are the ones I normally need. You can customise this to your needs:

    ./configure  --prefix=/usr/local/apache2 \
    --enable-mods-shared=all \
    --enable-shared \
    --enable-deflate \
    --enable-proxy \
    --enable-proxy-http \
    --enable-ssl \
    --enable-cgi \
    --enable-cgid \
    --enable-cache
     
    make \
     
    make install \

    Check /usr/local/apache2/modules directory and make sure required modules have been installed.

    Marko

    Top

    Navigation

    • Home
    • Contact
    • Blog

    Archives

    • February 2012
    • January 2012
    • December 2011
    • November 2011
    • October 2011
    • September 2011
    • August 2011
    • July 2011
    • May 2011
    • December 2010
    • October 2010
    • September 2010
    • August 2010
    • July 2010
    • June 2010
    • May 2010
    • April 2010
    • February 2010
    • January 2010
    • December 2009
    • November 2009
    • October 2009

    From the blog

    • IE6, IE7, IE8, & IE9 on OS X in Virtual Machine

    • opendiff and FileMerge on OS X

    • Bandwidth throttling on OS X

    • bash script useful tips

    • apr_sockaddr_info_get() failed for mydomain.com

    About us

    Marko Tomic - Web professional and an Adobe Certified Expert with over 10 years of commercial experience using variety of technologies.

    Connect

    Facebook icon Twitter icon Email icon RSS icon