Sign in to follow this  
Followers 0
Sn3akyP3t3

AES string encryption difference between AutoIt function and MySql function

5 posts in this topic

I'm trying to figure out why the return value for 128 Bit AES encryption from the AutoIt function _Crypt_EncryptData($vData, $vCryptKey, $iALG_ID) is not the same as the MySql function AES_ENCRYPTION(str,key)

In my test these are the return values:

MySql = 900ba94029f095c4c9834cc3c76226a8f321a6772bcef8850f2b1646509d601d

AutoIt = 0x9ECB65E4F62B685D3F6749FABE6FFB5B6CD45D030D4FF9C5B391DACA0B40FC62

Why are these different values?

To recreate my test perform the following:

Create a table in a MySql database and title it testTable

CREATE TABLE `multimedia`.`testTable` (`Email` VARCHAR( 30 ) NOT NULL) ENGINE = MYISAM ;

Insert into the table the one email address to do testing on:

INSERT INTO `multimedia`.`testTable` (`Email`) VALUES ('firstname.lastname@college.edu');

Run encryption against the email address to get the return value:

SELECT AES_ENCRYPT( Email, '3n(ryp73d' ) FROM `testTable` WHERE Email = 'firstname.lastname@college.edu'

This is the AutoIt code to generate the comparison return value. I used an Inputbox to allow copy and paste:

#Include <Crypt.au3>

$sPassword = "3n(ryp73d"
$sString = "firstname.lastname@college.edu"
Inputbox("","", _Crypt_EncryptData($sString, $sPassword, $CALG_AES_128))

Share this post


Link to post
Share on other sites



I couldn't find anything besides the reference manual for MySql, and it doesn't explain how they implement Rijndael encryption. I bet it is more likely a matter of how they "salt" it, versus how they handle the strings. It certainly appears to be a correct length when compared to the AutoIt result. As far as I know, the AutoIt AES implementation does no use "salt", but I could be wrong.

Share this post


Link to post
Share on other sites

Beware of how exactly the hash (any kind) is done each side: does it run over a UTF-8 string, a UTF-16LE string, a UTF-16BE string, some UTF-32 string, ...

Both sides have to perform exactly the same hash over the same representation!


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

I'll return to this armed with the new information later and see if I can confirm that it is related to UTF8, which is the MYSQL database setting. I have much more debugging to do before I can return to this. Thanks for the tips!

Share this post


Link to post
Share on other sites

Might not be the proffered method, but you could also just rely on the AES encryption in AutoIt if your goal is to use AutoIt for data transactions. Sounds like you might be on the right track though with the encoding.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0