8 Replies - 3413 Views - Last Post: 29 November 2016 - 09:00 AM Rate Topic: -----

#1 drk0   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 10-August 15

AES Encryption - C# vs Oracle

Posted 10 August 2015 - 10:44 AM

Dear all,
I have been looking for a solution for almost a week now, but even though Ive tried many things, codes, and so... still on the same page. Progress = 0 :(/>/>

So here I am, begging for some help.

The fact is that im trying to AES encode a string in Oracle DB and getting the same result on C#. But it seems not to be working.

AES definition: AES 128 / Pad Zeroez / CBC

Oracle result: MjQ5MEJBOTQ1QjI3QzNBMTQzRTc4OTRCREVGNEFBODE=

C# Result: ISGXOYMt3qTLyRgvKtigtA==

Oracle Select

Encrypt:
SELECT sys.DBMS_CRYPTO.ENCRYPT(rawtohex('AQQQ'),6+256+12288, 
rawtohex('4566456678997899'),rawtohex('1234123456785678')) /*AES128 = 6, CHAINCBC = 256, PAD ZERO = 12288*/ 
FROM DUAL


To Base64:
select utl_raw.cast_to_varchar2(utl_encode.base64_encode(utl_raw.cast_to_raw('2490BA945B27C3A143E7894BDEF4AA81'))) from dual 


C# Code
		
        private const string AesIV = @"1234123456785678"; //@"d8zOcR9K9xqpl8Cd";//@"!QAZ2WSX#EDC4RFV";
        private const string AesKey = @"4566456678997899"; //@"NDsVwQwRbwbuYDcX2PRGwNewMediaCod"; //@"5TGB&YHN7UJM(IK<";

public static string EncryptUsingCBC(string toEncrypt)
        {
            AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
            aes.BlockSize = 128;
			aes.KeySize = 128;
            aes.IV = Encoding.UTF8.GetBytes(AesIV);
            aes.Key = Encoding.UTF8.GetBytes(AesKey);
            aes.Mode = CipherMode.CBC;
            aes.Padding = PaddingMode.Zeros;

            // Convert string to byte array
            byte[] src = Encoding.Unicode.GetBytes(toEncrypt);
            byte[] dest = new byte[src.Length];
			
           
			// encryption
            using (ICryptoTransform encrypt = aes.CreateEncryptor(aes.Key, aes.IV))
            {
                dest = encrypt.TransformFinalBlock(src, 0, src.Length);
				
                encrypt.Dispose();
                // Convert byte array to Base64 strings                
            			}
            aes.Dispose();
								
            return Convert.ToBase64String(dest);
        }
        



Any ideas?

Thank you in advance.
Cristian.

Is This A Good Question/Topic? 0
  • +

Replies To: AES Encryption - C# vs Oracle

#2 baavgai   User is offline

  • Dreaming Coder
  • member icon


Reputation: 7183
  • View blog
  • Posts: 14,970
  • Joined: 16-October 07

Re: AES Encryption - C# vs Oracle

Posted 10 August 2015 - 01:12 PM

Not sure; but I'd start by being as consistent as possible with conversions.

I did a quick mockup:
class AesTest {
    private const string AesIV = @"1234123456785678"; //@"d8zOcR9K9xqpl8Cd";//@"!QAZ2WSX#EDC4RFV";
    private const string AesKey = @"4566456678997899"; //@"NDsVwQwRbwbuYDcX2PRGwNewMediaCod"; //@"5TGB&YHN7UJM(IK<";

    private readonly OleDbConnection conn;
    public AesTest(OleDbConnection conn) {
        this.conn = conn;
    }

    public byte[] EncryptToBytesUsingCBC(string toEncrypt) {
        byte[] src = Encoding.Unicode.GetBytes(toEncrypt);
        byte[] dest = new byte[src.Length];
        using (var aes = new AesCryptoServiceProvider()) {
            aes.BlockSize = 128;
            aes.KeySize = 128;
            aes.IV = Encoding.UTF8.GetBytes(AesIV);
            aes.Key = Encoding.UTF8.GetBytes(AesKey);
            aes.Mode = CipherMode.CBC;
            aes.Padding = PaddingMode.Zeros;
            // encryption
            using (ICryptoTransform encrypt = aes.CreateEncryptor(aes.Key, aes.IV)) {
                return encrypt.TransformFinalBlock(src, 0, src.Length);
            }
        }
    }

    public string EncryptUsingCBC(string toEncrypt) {
        return Convert.ToBase64String(EncryptToBytesUsingCBC(toEncrypt));
    }

    public byte[] EncOraToBytes(string src) {
        /*AES128 = 6, CHAINCBC = 256, PAD ZERO = 12288*/
        var cmd = conn.CreateCommand();
        cmd.CommandText = @"SELECT sys.DBMS_CRYPTO.ENCRYPT(rawtohex(?), 6+256+12288, rawtohex(?), rawtohex(?)) FROM DUAL";
        cmd.Parameters.AddWithValue("src", src);
        cmd.Parameters.AddWithValue("key", AesKey);
        cmd.Parameters.AddWithValue("iv", AesIV);
        try {
            cmd.Connection.Open();
            return cmd.ExecuteScalar() as byte[];
        } finally {
            cmd.Connection.Close();
        }
    }

    public string EncOra(string src) {
        return Convert.ToBase64String(EncOraToBytes(src));
    }

    public void Test() {
        var src = "AQQQ";
        var x = EncryptUsingCBC(src);
        var y = EncOra(src);

        Debug.WriteLine("CSharp: " + x);
        Debug.WriteLine("Oracle: " + y);
        Debug.WriteLine("Match : " + x.Equals(y));
    }
}



Result:
CSharp: ISGXOYMt3qTLyRgvKtigtA==
Oracle: JJC6lFsnw6FD54lL3vSqgQ==
Match : False



Still not right, but at least it looks like apples to apples.

Hope this helps.

This post has been edited by baavgai: 10 August 2015 - 01:13 PM

Was This Post Helpful? 1
  • +
  • -

#3 drk0   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 10-August 15

Re: AES Encryption - C# vs Oracle

Posted 10 August 2015 - 01:24 PM

baavgai thank you a lot.!
Indeed, that was one issue. Tried it out and we are getting the same result.
But still its different between Oracle and C# :(
Was This Post Helpful? 0
  • +
  • -

#4 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6217
  • View blog
  • Posts: 21,468
  • Joined: 05-May 12

Re: AES Encryption - C# vs Oracle

Posted 10 August 2015 - 01:34 PM

I'm not familiar enough with Oracle's rawtohex(), or how string work in Oracle's SQL engine, but I have as suspicion...

Does rawtohex('1234123456785678') return:
31 32 33 34 31 32 33 34 35 36 37 38 35 36 37 38



Or does it return:
00 31 00 32 00 33 00 34 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00 38 00 35 00 36 00 37 00 38



Remember that .NET strings are Unicode and they occupy 2 bytes. If you are encrypting a Unicode string and trying to compare against an encrypted ASCII or UTF-8, obviously you would get different things.
Was This Post Helpful? 2
  • +
  • -

#5 drk0   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 10-August 15

Re: AES Encryption - C# vs Oracle

Posted 10 August 2015 - 02:01 PM

Skydiver, thanks for your response.
Oracle rawtohex returns 31 32 33 34 31 32 33 34 35 36 37 38 35 36 37 38 as expected.
But I dont see the difference, as the values from aes.IV and aes.Key which are being hexed in C# are the same hex values that I get in Oracle select.

Example:
select rawtohex('AQQQ'), rawtohex('4566456678997899'),rawtohex('1234123456785678') FROM DUAL

RAWTOHEX RAWTOHEX('4566456678997899') RAWTOHEX('1234123456785678')
-------- -------------------------------- --------------------------------
41515151 34353636343536363738393937383939 31323334313233343536373835363738

Im not saying its not the point, Im just still not getting it.
Was This Post Helpful? 0
  • +
  • -

#6 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6217
  • View blog
  • Posts: 21,468
  • Joined: 05-May 12

Re: AES Encryption - C# vs Oracle

Posted 10 August 2015 - 02:07 PM

Look at your code, you are using byte[] src = Encoding.Unicode.GetBytes(toEncrypt); on line 16. The Unicode encoding of string will have the 0 high bytes as well.
Was This Post Helpful? 2
  • +
  • -

#7 drk0   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 6
  • Joined: 10-August 15

Re: AES Encryption - C# vs Oracle

Posted 10 August 2015 - 02:45 PM

:oops:
1 week with this. And... and... it was just that small insignificant thing
Skydiver. THANK YOU.

I changed Encoding.Unicode.GetBytes(toEncrypt) to Encoding.UTF8.GetBytes(toEncrypt)
And now im getting exactly the same result.

THANK YOU AGAIN.
Was This Post Helpful? 0
  • +
  • -

#8 genarosanchez   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 29-November 16

Re: AES Encryption - C# vs Oracle

Posted 29 November 2016 - 08:02 AM

Hi drk0, i have the same problem. Change from Unicode to UTF8 and still both results are different. Did you do something else? Thanks in advance.

Greets.

Genaro.
Was This Post Helpful? 0
  • +
  • -

#9 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6217
  • View blog
  • Posts: 21,468
  • Joined: 05-May 12

Re: AES Encryption - C# vs Oracle

Posted 29 November 2016 - 09:00 AM

Considering that drk0 has not logged in in over a year, you may want to start a brand new topic instead of necro posting this topic.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1