Encryption
All communication between AnnA and the Client travels with 3DES symmetric encryption using CBC (Cipher Block Chaining) mode with block size of 64 and key size of 192 bytes
Below we have some examples on how to implement the methods of encryption and decryption:
public static string Encrypt3DES(string data, string key, string iv) { byte[] bytes = Encoding.UTF8.GetBytes(data); byte[] decodedKey = Convert.FromBase64String(key); byte[] decodedIv = Convert.FromBase64String(iv);
var cryptoServiceProvider = new TripleDESCryptoServiceProvider() { Key = decodedKey, IV = decodedIv, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7 };
byte[] encrypted = cryptoServiceProvider.CreateEncryptor().TransformFinalBlock(bytes, 0, bytes.Length); cryptoServiceProvider.Clear();
return Convert.ToBase64String(encrypted); }
public static string Decrypt3DES(string data, string key, string iv) { byte[] encryptedBytes = Convert.FromBase64String(data); byte[] decodedKey = Convert.FromBase64String(key); byte[] decodedIv = Convert.FromBase64String(iv);
var cryptoServiceProvider = new TripleDESCryptoServiceProvider() { Key = decodedKey, IV = decodedIv, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7 };
byte[] bytes = cryptoServiceProvider.CreateDecryptor().TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length); cryptoServiceProvider.Clear();
return Encoding.UTF8.GetString(bytes); }
public static string GenerateIV() { var cryptoServiceProvider = new TripleDESCryptoServiceProvider(); cryptoServiceProvider.GenerateIV();
return Convert.ToBase64String(cryptoServiceProvider.IV); }
public static string Encrypt3DES(string data, string key, string IV) { byte[] bytes = Encoding.UTF8.GetBytes(data); byte[] convertedKey = Convert.FromBase64String(key); byte[] convertedIV = Convert.FromBase64String(IV);
var cryptoServiceProvider = TripleDES.Create(); cryptoServiceProvider.Key = convertedKey; cryptoServiceProvider.IV = convertedIV; cryptoServiceProvider.Mode = CipherMode.CBC; cryptoServiceProvider.Padding = PaddingMode.PKCS7;
byte[] inArray = cryptoServiceProvider.CreateEncryptor().TransformFinalBlock(bytes, 0, bytes.Length); cryptoServiceProvider.Clear();
return Convert.ToBase64String(inArray, 0, inArray.Length); }
public static string Decrypt3DES(string data, string key, string IV) { byte[] inputBuffer = Convert.FromBase64String(data); byte[] convertedKey = Convert.FromBase64String(key); byte[] convertedIV = Convert.FromBase64String(IV);
var cryptoServiceProvider = TripleDES.Create(); cryptoServiceProvider.Key = convertedKey; cryptoServiceProvider.IV = convertedIV; cryptoServiceProvider.Mode = CipherMode.CBC; cryptoServiceProvider.Padding = PaddingMode.PKCS7;
byte[] bytes = cryptoServiceProvider.CreateDecryptor().TransformFinalBlock(inputBuffer, 0, inputBuffer.Length); cryptoServiceProvider.Clear();
return Encoding.UTF8.GetString(bytes); }
public static string GenerateIV() { var auxTdes = TripleDES.Create(); auxTdes.GenerateIV(); byte[] IVArray = auxTdes.IV; string IV = Convert.ToBase64String(IVArray);
return IV; }
public String encrypt(String message, SecretKey key, IvParameterSpec iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException { final Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] plainTextBytes = message.getBytes("utf-8"); byte[] buf = cipher.doFinal(plainTextBytes); byte[] base64Bytes = Base64.getEncoder().encode(buf);
String base64EncryptedString = new String(base64Bytes);
return base64EncryptedString; }
public String decrypt(String encMessage, SecretKey key, IvParameterSpec iv) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException { byte[] message = Base64.getDecoder().decode(encMessage.getBytes("utf-8"));
final Cipher decipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); decipher.init(Cipher.DECRYPT_MODE, key, iv);
byte[] plainText = decipher.doFinal(message);
return new String(plainText, "UTF-8"); }
function encrypt3DES($data, $key, $IV) { $IV = base64_decode($IV); $key = base64_decode($key); return openssl_encrypt($data, 'des-ede3-cbc', $key, 0, $IV); }
function decrypt3DES($data, $deckey, $IV) { $IV = base64_decode($IV); $deckey = base64_decode($deckey); return openssl_decrypt($data, 'des-ede3-cbc', $deckey, 0, $IV); }
from flask import Flask, request, Response from flask_ngrok import run_with_ngrok import json from Crypto.Cipher import AES, DES3, DES from Crypto.Util.Padding import pad, unpad from Crypto.Random import get_random_bytes from base64 import b64encode, b64decode
# Initialising a web application with flask app = Flask(__name__)
# For this integration example, NGROK was used to emulate a response server run_with_ngrok(app)
# Encryption method def encrypt(data, enckey, iv): enckey = b64decode(enckey) iv = b64decode(iv) cipher = DES3.new(enckey, DES3.MODE_CBC, iv) ct_bytes = cipher.encrypt( pad(bytes(data, encoding='utf-8'), DES3.block_size)) ciphertext = b64encode(ct_bytes).decode('utf-8')
return ciphertext
# Decryption method def decrypt(data, deckey, iv): try: deckey = b64decode(deckey) iv = b64decode(iv) data = b64decode(data) cipher = DES3.new(deckey, DES3.MODE_CBC, iv) pt = unpad(cipher.decrypt(data), DES3.block_size)
return pt
except (ValueError, KeyError): return 'Incorrect decryption'
# Get POST AnnA @app.route('/get-post', methods=['POST']) def receber_post():
# Encryption Keys enckey = 'ENCRYPTION_KEY' deckey = 'DECRYPTION_KEY'
# Retrieving the form sent by AnnA data = request.form
# Recovering the received IV ivReceived = data.get('ANNAEXEC')
# Creating the structure of an AnnA message nodeMessage = [ { "PropName": "Alias", "PropValue": "msg001" }, { "PropName": "Type", "PropValue": "MESSAGE" }, { "PropName": "Phrase", "PropValue": "Hello World!" } ]
# Creating the container structure container = [ { "PropName": "Container001", "PropValue": json.dumps(nodeMessage) } ]
# Creating a new IV and encrypting it key = get_random_bytes(8) cipher = DES.new(key, DES3.MODE_CBC) newIV = b64encode(cipher.iv).decode('utf-8')
# Serialising the container structure and encrypting it serialisedContainer = json.dumps(container) encryptedSerialisedContainer = encrypt(serialisedContainer, enckey, newIV)
# Encrypting the new IV newIVEncrypted = encrypt(newIV, deckey, ivReceived)
# Configuring response for AnnA replyToAnnA = encryptedSerialisedContainer + ivReceived + newIVEncrypted
# Replying to AnnA response = Response(replyToAnnA, content_type='text/plain')
# Log print('\nData received from AnnA:', data) print('\nIV Received:', ivReceived) print('\n') print('\nNode Message:', nodeMessage) print('\nContainer:', container) print('\nContainer Serialised:', serialisedContainer) print('\nContainer Serialised Encrypted:', encryptedSerialisedContainer) print('\n') print('\nNew IV:', newIV) print('\nNew IV Encrypted:', newIVEncrypted) print('\n') print('\nReply To AnnA:', replyToAnnA) print('\nResponse From AnnA:', response)
return response
if __name__ == '__main__': app.run()