Jump to content
Sign in to follow this  

Test result and questions about AES UDF

Recommended Posts



I tried to use the AES.au3 UDF library and encountered several problems.

My context is quite specific:

Our system team use autoit to write registry key containing dbuser and password

in AES-encrypted value in HEXAdecimal form.

My Java application has then to read that value and extract the user/password couple.

I read AES algorythms and operation modes specifications

fips-197.pdf at http://csrc.nist.gov/publications/PubsFIPS.html

sp800-38a.pdf http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html

Java Cryptography implementation is far less permissive than autoit AES lib, in the

following way:

- key size must be exacty 16, 24, or 32 byte long, as required by AES:

no guessing as found in "_AesPrepareKey"

- encrypted message length must be a multiple of 16 bytes (AES block size)

If I use a message in autoit that is not 16*N byte long, I get an Cipher Exception

when decoding using Java: "javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes"

To have it work I needed to padright() the input data with SPACEs.

Documentation on autoit AES is sparse.

Being quite new to crypto, and autoit also, I had to dig my way threw the "AES.au3" source to find

the location of the "I.V." in the encrypted result.

Also, I found out your CBC implementation is "AES/CBC/NoPadding"

(I only tested CBC, so I cannot tell for other operation mode).

Does your implementation support "AES/CBC/PKCS5Padding" ?

Two thing that I still do not understand:

- In _AESEncrypt(): "If BinaryLen($Data) < 16 Then Return $IV & $Ret"

Could you direct me to the specification section requiring this.

- Whatever the length of the input data, it seems to me that the encrypted result

should be 16*n byte long. I notice output is same length than input, and I fail

to decrypt if not 16*n byte long

As you see, I need some help.

Please tell me if I am mistaken.

Best regards


au3 script used to crypt the message



#Include "aes.au3"



FileWrite("encrypt.log", @CRLF)


$skey = Binary($hex_skey)

FileWrite("encrypt.log", $hex_skey & @CRLF)

FileWrite("encrypt.log", $skey & @CRLF)


$Mode = "CBC"

$pass = "QueJAimeAFaireApprendreUnNombreUtileAuxSages"

;Using an Array

Dim $aPass[3]


$aPass[1]="QueJAimeAFaireApprendreUnNombreUtileAuxSages "


$pass = ""

FOR $pass IN $aPass

$crypt_pass = _AesEncrypt($skey, $pass, $Mode, $IV)

$hex_crypt_pass = Hex($crypt_pass)

FileWrite("encrypt.log", "longueur scrypt_pass: (binlg) " & BinaryLen($crypt_pass) & " (hexstrlg) " & StringLen($hex_crypt_pass) & @CRLF)

FileWrite("encrypt.log", $crypt_pass & @CRLF)

FileWrite("encrypt.log", $hex_crypt_pass & @CRLF)







longueur scrypt_pass: (binlg) 60 (hexstrlg) 120



longueur scrypt_pass: (binlg) 64 (hexstrlg) 128



longueur scrypt_pass: (binlg) 64 (hexstrlg) 128




// JAVA SOURCE CODE (decrypt)


public static void main(String[] args) {

try {

// Secret key 128 bits hexa-encoded


String[] registryValueArray = new String[] { //






for (int i = 0; i < registryValueArray.length; i++) {

String registryValue = registryValueArray;

Charset cs = Charset.forName("iso-8859-1");

// decode secret key

char[] keyAsCharArray = secretKeyAsHex.toCharArray();

byte[] keyAsByteArray = Hex.decodeHex(keyAsCharArray);

SecretKeySpec skeySpec = new SecretKeySpec(keyAsByteArray,"AES");

// create cipher

// Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");

Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

// split IV and crypted message

System.out.println("Longueur regValue (String):" + registryValue.length());

char[] regValueAsCharArray = registryValue.toCharArray();

System.out.println("Longueur regValue (Char):" + regValueAsCharArray.length);

byte[] regValueAsByteArray = Hex.decodeHex(regValueAsCharArray);

System.out.println("Longueur regValue (Byte):" + regValueAsByteArray.length);

byte[] pwd_iv = new byte[16];

System.arraycopy(regValueAsByteArray, 0, pwd_iv, 0, 16);

System.out.println("Longueur pwd_iv (Byte):" + pwd_iv.length);

byte[] pwd_crypted = new byte[regValueAsByteArray.length - 16];

System.arraycopy(regValueAsByteArray, 16, pwd_crypted, 0, pwd_crypted.length);

System.out.println("Longueur pwd_crypted (Byte):" + pwd_crypted.length);

// initialize cipher

IvParameterSpec ivSpec = new IvParameterSpec(pwd_iv);

cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);

// decrypt

byte[] decrypted_pwd = cipher.doFinal(pwd_crypted);

// display

String pwd = new String(decrypted_pwd, cs);



} catch (Throwable t) {







Longueur regValue (String):128

Longueur regValue (Char):128

Longueur regValue (Byte):64

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):48


Longueur regValue (String):128

Longueur regValue (Char):128

Longueur regValue (Byte):64

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):48


Longueur regValue (String):120

Longueur regValue (Char):120

Longueur regValue (Byte):60

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):44

javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes

at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)

at javax.crypto.Cipher.doFinal(DashoA13*..)

at ...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this