Search code examples
encryptionplsqllockbox-3dbms-crypto

Lockbox 3 AES 128 Encrypt PLSQL dbms_crypto Decrypt

I am having trouble getting the same encrypted values returned between Delphi and Oracle any assistance would be greatly appreciated. It could possibly be the padding that might be causing the difference, unfortunately I am not sure.

Lockbox 3 Delphi RAD Studio Tokyo 10.2

//uses uTPLb_Constants,uTPLb_BaseNonVisualComponent, uTPLb_Codec, uTPLb_CryptographicLibrary, IdHashMessageDigest, idHash
var cipher64, CipherText : string;
  plainText: utf8string;
  keyText: utf8string;
  FLibrary: TCryptographicLibrary;
  FCodec: TCodec;
  bytes, cipher: TBytes;
  workHash : TIdHashMessageDigest5;
  Result : String;
begin
 plainText := 'test-data';
 keyText := 'test_key';

 try
   workHash := TIdHashMessageDigest5.Create;
   Result   := workHash.HashStringAsHex(keyText);
 finally
   FreeAndNil(workHash);
 end;
  memoOutput.Lines.Add('plaintext = ' + plainText);
  memoOutput.Lines.Add('key hash = ' + Result);

  FLibrary := TCryptographicLibrary.Create(Self);
  try
    FCodec := TCodec.Create(Self);
    try
     FCodec.CryptoLibrary := FLibrary;
     FCodec.StreamCipherId := BlockCipher_ProgId;
     FCodec.BlockCipherId := Format(AES_ProgId, [128]);
     FCodec.ChainModeId := ECB_ProgId;
     FCodec.password := Result;
     FCodec.EncryptString( plainText, CipherText, Tencoding.UTF8 );
     FCodec.Burn;

   finally
     FCodec.Free;
   end;
 finally
   FLibrary.Free;
 end;

Results :

key hash = 8C32D1183251DF9828F929B935AE0419   MD5 Hash of text "test_key"
ciphertext = FJRXv9zMbypUmYnzzEHLnA==        Base64 Result from Lockbox

Oracle XE

    declare
      raw_key raw(200);
      encryption_type number;
      encrypted_result varchar2(4000);
      decrypted_result varchar2(4000);
    begin
      raw_key := DBMS_CRYPTO.Hash (UTL_I18N.STRING_TO_RAW ('test_key', 'AL32UTF8'), DBMS_CRYPTO.HASH_MD5);

      -- Initialize the encrypted result
      encryption_type:= DBMS_CRYPTO.ENCRYPT_AES128 + DBMS_CRYPTO.CHAIN_ECB + DBMS_CRYPTO.PAD_PKCS5;

      -- Then the data is being encrypted with AES:
      encrypted_result := DBMS_CRYPTO.ENCRYPT(UTL_I18N.STRING_TO_RAW('test-data', 'AL32UTF8'), encryption_type, raw_key);

      decrypted_result := DBMS_CRYPTO.DECRYPT(encrypted_result, encryption_type, raw_key); 


      dbms_output.put_line(raw_key);

      dbms_output.put_line(encrypted_result);
      dbms_output.put_line(UTL_RAW.CAST_TO_VARCHAR2 (decrypted_result));
      dbms_output.put_line(utl_raw.cast_to_varchar2(utl_encode.BASE64_ENCODE(encrypted_result)));

    end;

Results :

 Key Hash : 8C32D1183251DF9828F929B935AE0419
 Encrypt : 8FCA326C25C8908446D28884394F2E22   Hex value returned 
 Base 64 : j8oybCXIkIRG0oiEOU8uIg==
Solution

  • Yes, Lockbox is using Ciphertext stealing for the padding. Your Oracle code is using PKCS5 padding.