Jump to content
Sign in to follow this  

Test result and questions about AES UDF

Recommended Posts



I tried to use the AES.au3 UDF library and encountered several problems.

My context is quite specific:

Our system team use autoit to write registry key containing dbuser and password

in AES-encrypted value in HEXAdecimal form.

My Java application has then to read that value and extract the user/password couple.

I read AES algorythms and operation modes specifications

fips-197.pdf at http://csrc.nist.gov/publications/PubsFIPS.html

sp800-38a.pdf http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html

Java Cryptography implementation is far less permissive than autoit AES lib, in the

following way:

- key size must be exacty 16, 24, or 32 byte long, as required by AES:

no guessing as found in "_AesPrepareKey"

- encrypted message length must be a multiple of 16 bytes (AES block size)

If I use a message in autoit that is not 16*N byte long, I get an Cipher Exception

when decoding using Java: "javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes"

To have it work I needed to padright() the input data with SPACEs.

Documentation on autoit AES is sparse.

Being quite new to crypto, and autoit also, I had to dig my way threw the "AES.au3" source to find

the location of the "I.V." in the encrypted result.

Also, I found out your CBC implementation is "AES/CBC/NoPadding"

(I only tested CBC, so I cannot tell for other operation mode).

Does your implementation support "AES/CBC/PKCS5Padding" ?

Two thing that I still do not understand:

- In _AESEncrypt(): "If BinaryLen($Data) < 16 Then Return $IV & $Ret"

Could you direct me to the specification section requiring this.

- Whatever the length of the input data, it seems to me that the encrypted result

should be 16*n byte long. I notice output is same length than input, and I fail

to decrypt if not 16*n byte long

As you see, I need some help.

Please tell me if I am mistaken.

Best regards


au3 script used to crypt the message



#Include "aes.au3"



FileWrite("encrypt.log", @CRLF)


$skey = Binary($hex_skey)

FileWrite("encrypt.log", $hex_skey & @CRLF)

FileWrite("encrypt.log", $skey & @CRLF)


$Mode = "CBC"

$pass = "QueJAimeAFaireApprendreUnNombreUtileAuxSages"

;Using an Array

Dim $aPass[3]


$aPass[1]="QueJAimeAFaireApprendreUnNombreUtileAuxSages "


$pass = ""

FOR $pass IN $aPass

$crypt_pass = _AesEncrypt($skey, $pass, $Mode, $IV)

$hex_crypt_pass = Hex($crypt_pass)

FileWrite("encrypt.log", "longueur scrypt_pass: (binlg) " & BinaryLen($crypt_pass) & " (hexstrlg) " & StringLen($hex_crypt_pass) & @CRLF)

FileWrite("encrypt.log", $crypt_pass & @CRLF)

FileWrite("encrypt.log", $hex_crypt_pass & @CRLF)







longueur scrypt_pass: (binlg) 60 (hexstrlg) 120



longueur scrypt_pass: (binlg) 64 (hexstrlg) 128



longueur scrypt_pass: (binlg) 64 (hexstrlg) 128




// JAVA SOURCE CODE (decrypt)


public static void main(String[] args) {

try {

// Secret key 128 bits hexa-encoded


String[] registryValueArray = new String[] { //






for (int i = 0; i < registryValueArray.length; i++) {

String registryValue = registryValueArray;

Charset cs = Charset.forName("iso-8859-1");

// decode secret key

char[] keyAsCharArray = secretKeyAsHex.toCharArray();

byte[] keyAsByteArray = Hex.decodeHex(keyAsCharArray);

SecretKeySpec skeySpec = new SecretKeySpec(keyAsByteArray,"AES");

// create cipher

// Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");

Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

// split IV and crypted message

System.out.println("Longueur regValue (String):" + registryValue.length());

char[] regValueAsCharArray = registryValue.toCharArray();

System.out.println("Longueur regValue (Char):" + regValueAsCharArray.length);

byte[] regValueAsByteArray = Hex.decodeHex(regValueAsCharArray);

System.out.println("Longueur regValue (Byte):" + regValueAsByteArray.length);

byte[] pwd_iv = new byte[16];

System.arraycopy(regValueAsByteArray, 0, pwd_iv, 0, 16);

System.out.println("Longueur pwd_iv (Byte):" + pwd_iv.length);

byte[] pwd_crypted = new byte[regValueAsByteArray.length - 16];

System.arraycopy(regValueAsByteArray, 16, pwd_crypted, 0, pwd_crypted.length);

System.out.println("Longueur pwd_crypted (Byte):" + pwd_crypted.length);

// initialize cipher

IvParameterSpec ivSpec = new IvParameterSpec(pwd_iv);

cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);

// decrypt

byte[] decrypted_pwd = cipher.doFinal(pwd_crypted);

// display

String pwd = new String(decrypted_pwd, cs);



} catch (Throwable t) {







Longueur regValue (String):128

Longueur regValue (Char):128

Longueur regValue (Byte):64

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):48


Longueur regValue (String):128

Longueur regValue (Char):128

Longueur regValue (Byte):64

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):48


Longueur regValue (String):120

Longueur regValue (Char):120

Longueur regValue (Byte):60

Longueur pwd_iv (Byte):16

Longueur pwd_crypted (Byte):44

javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes

at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)

at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)

at javax.crypto.Cipher.doFinal(DashoA13*..)

at ...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.