Jump to content

CryptoNG UDF - Cryptography API: Next Gen


Recommended Posts

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Purpose Cryptography API: Next Generation (CNG) is Microsoft's long-term replacement for their CryptoAPI.  CNG is designed to be extensible at many levels and cryptography agnostic in behavior. 

What's New in Version v1.8.0 v1.8.0 (2021-04-12) Added asymmetric (public/private key) RSA encryption/decryption functions _CryptoNG_RSA_EncryptData

A new version (v1.3.0) was just published to the Downloads section of the forum. Added _CryptoNG_GenerateRandom and supporting internal function. Added an example of how to implement the

Posted Images

On 8/13/2021 at 3:05 PM, Than said:

PLEASE HELP ME BRO

First, If you want my help, DO NOT REFER TO ME AS BRO!  Second, you need to do a much better job explaining exactly what it is you want help with.  If you are not good with English than you need to get good with a language translation tool like Google Translate.

The reason the result is not the same is because the IV is different.  The AES-CBC IV used for the generic _CryptoNG_EncryptData() function is 0x000102030405060708090A0B0C0D0E0F.  So either change the IV on Cryptii to match the generic IV or use the _CryptoNG_AES_CBC_EncryptData() function and specify whatever IV you would like.

 

Example using your data, with your IV:

#include <Constants.au3>
#include <CryptoNG.au3>

aes_cbc_encrypt_decrypt_example()

Func aes_cbc_encrypt_decrypt_example()

    Const $ALG_ID       = $CNG_BCRYPT_AES_ALGORITHM, _
          $MESSAGE      = "Nam@225225", _
          $KEY          = Binary("0xBA82B18BB98A1B7367B44A3930545633"), _
          $IV           = Binary("0x00000000000000000000000000000000")

    Local $sDecryptedMessage = ""
    Local $vEncryptKey = ""
    Local $xEncryptedMessage = ""


    write_to_log("", True) ;Clear log

    ;Encrypt plain text message
    $xEncryptedMessage = _CryptoNG_AES_CBC_EncryptData($MESSAGE, $KEY, $IV)
    If @error Then
        write_to_log("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Decrypt encrypted message
    $sDecryptedMessage = _CryptoNG_AES_CBC_DecryptData($xEncryptedMessage, $KEY, $IV)
    If @error Then
        write_to_log("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Display results
    write_to_log(@CRLF)
    write_to_log("CryptoNG AES Data Encryption/Decryption Example" & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Plain text message          = %s", $ALG_ID, $MESSAGE) & @CRLF)
    write_to_log(StringFormat("%s Plain text message          = %s", $ALG_ID, Binary($MESSAGE)) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Encrypt Key                 = %s", $ALG_ID, $KEY) & @CRLF)
    write_to_log(StringFormat("%s Encrypt Key (Base64)        = %s", $ALG_ID, _CryptoNG_CryptBinaryToString($KEY, $CNG_CRYPT_STRING_BASE64 + $CNG_CRYPT_STRING_NOCRLF)) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Initialization Vector (IV)  = %s", $ALG_ID, $IV) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Encrypted Message           = %s", $ALG_ID, $xEncryptedMessage) & @CRLF)
    write_to_log(StringFormat("%s Encrypted Message (Base64)  = %s", $ALG_ID, _CryptoNG_CryptBinaryToString($xEncryptedMessage, $CNG_CRYPT_STRING_BASE64 + $CNG_CRYPT_STRING_NOCRLF)) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Decrypted Message           = %s", $ALG_ID, $sDecryptedMessage) & @CRLF)

EndFunc

Func write_to_log($sMsg = "", $bClear = False)
    Const $TITLE_NOTEPAD = "[RegExpTitle:(?i)untitled - notepad]"
    Static $hWndNotepad = -1

    ;If we don't have a handle to notepad yet
    If $hWndNotepad = -1 Then
        ;If there isn't an existing instance of notepad running, launch one
        If Not WinExists($TITLE_NOTEPAD) Then Run("Notepad.exe")

        ;Get handle to notepad window
        $hWndNotepad = WinWait($TITLE_NOTEPAD, "", 3)
        If Not $hWndNotepad Then Exit MsgBox($MB_ICONERROR, "ERROR", "Unable to find Notepad window.")
    EndIf

    ;Paste msg to notepad text
    If WinExists($hWndNotepad) Then
        If $bClear Then ControlSetText($hWndNotepad, "", "Edit1", "")
        ControlCommand($hWndNotepad, "", "Edit1", "EditPaste", $sMsg)
    EndIf
EndFunc

Output:

CryptoNG AES Data Encryption/Decryption Example

AES Plain text message          = Nam@225225
AES Plain text message          = 0x4E616D40323235323235

AES Encrypt Key                 = 0xBA82B18BB98A1B7367B44A3930545633
AES Encrypt Key (Base64)        = uoKxi7mKG3NntEo5MFRWMw==

AES Initialization Vector (IV)  = 0x00000000000000000000000000000000

AES Encrypted Message           = 0xEE243AD9A45DC7FF7177BE2483634A65
AES Encrypted Message (Base64)  = 7iQ62aRdx/9xd74kg2NKZQ==

AES Decrypted Message           = Nam@225225

 

 

Edited by TheXman
Link to post
Share on other sites
28 minutes ago, TheXman said:

You're welcome!  🙂

excuse me.
can i ask you something.

 


my c# source : 

 tde

s.Key = bArr2; //  hex  = ba82b18bb98a1b7367b44a3930545633 
            tdes.Mode = CipherMode.ECB;
            tdes.Padding = PaddingMode.PKCS7;
            ICryptoTransform crypt = tdes.CreateEncryptor();
            byte[] plain = Encoding.UTF8.GetBytes(text);
            byte[] cipher = crypt.TransformFinalBlock(plain, 0, plain.Length);
result : B4DB8A7353ACBDA1209CE0F41D5B9B07E3E903D07A1220773CFE7A32EF5DBA04


autoit source    

    $MESSAGE = "1000619100_00482_db"

     $IV   = Binary("0x00000000000000000000000000000000")

    Local $vEncryptKey = Binary("0xba82b18bb98a1b7367b44a3930545633")
    $xEncryptedMessage = _CryptoNG_AES_CBC_EncryptData($MESSAGE, $vEncryptKey, $IV)
result : B4DB8A7353ACBDA1209CE0F41D5B9B070D3038F15BCB93962A53C7FBC2675229

 

 

 

=> how to get results similar to c# :( . 

I use Google translate
sorry for the inconvenience. thanks you so much!


 

Edited by Than
Link to post
Share on other sites
  1. AES-CBC is not the same as AES-ECB.  They are totally different algorithms.  So you cannot use CBC functions to do ECB encryption/decryption.
  2. AES-ECB does not use an IV.
  3. The CryptoNG UDF library does not have specific AES-ECB encryption/decryption functions.  I did not create them because AES-ECB is not (or at least should not be) used very much any more because there are much better (more secure) AES algorithms, like CBC.  See this link for a very basic, high-level depiction of the difference between ECB and CBCHere is another article with a little more detail on why it isn't used very much anymore...except by companies like Zoom. 😉
  4. The CryptoNG UDF lib already has the API wrapper functions to do AES-ECB but I didn't create a standalone function for it, like I did for CBC.
Edited by TheXman
Link to post
Share on other sites
10 minutes ago, TheXman said:
  1. AES-CBC is not the same as AES-ECB.  The are totally different algorithms.  So you cannot use CBC functions to do ECB encryption/decryption.
  2. AES-ECB does not use an IV.
  3. The CryptoNG UDF library does not have specific AES-ECB encryption/decryption functions.  I did not create them because AES-ECB is not (or at least should not be) used very much any more because there are much better (more secure) AES algorithms, like CBC.  See this link for a very basic, high-level depiction of the difference between ECB and CBCHere is another article with a little more detail on why it isn't used much.
  4. The CryptoNG UDF lib already has the API wrapper functions to do AES-ECB but I didn't create a standalone function for it, like I did for CBC.

 

i searched everywhere, but there is no udf or example for ECB :(

Link to post
Share on other sites

What's New in Version v1.9.3

  • - Added 2 new algorithm-specific functions.

    • _CryptoNG_AES_ECB_EncryptData

    • _CryptoNG_AES_ECB_DecryptData

  • Added an AES ECB example to the example file.

  • Added AES ECB functions to the Help File.

  • Modified helper functions to accommodate AES ECB functions.

  • Updated the supplied calltips and userudfs files.

  • Misc aesthetic modifications to the code

Edited by TheXman
Link to post
Share on other sites

@Than

I just released a new version of CryptoNG that includes AES ECB encryption & decryption functions.  See the UDF's help file and example file for more information.

 

Example:

#include <Constants.au3>
#include <CryptoNG.au3>

write_to_log("", True) ;Clear the log file

aes_ecb_encrypt_decrypt_example()

Func aes_ecb_encrypt_decrypt_example()

    Const $ALG_ID  =  $CNG_BCRYPT_AES_ALGORITHM, _
          $MESSAGE = "1000619100_00482_db", _
          $KEY     = Binary("0xba82b18bb98a1b7367b44a3930545633")

    Local $sDecryptedMessage = ""
    Local $xEncryptedMessage = ""

    ;Encrypt plain text message
    $xEncryptedMessage = _CryptoNG_AES_ECB_EncryptData($MESSAGE, $KEY)
    If @error Then
        write_to_log("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Decrypt encrypted message
    $sDecryptedMessage = _CryptoNG_AES_ECB_DecryptData($xEncryptedMessage, $KEY)
    If @error Then
        write_to_log("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Display results
    write_to_log(@CRLF)
    write_to_log("CryptoNG AES ECB Data Encryption/Decryption Example" & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Plain text message         = %s", $ALG_ID, $MESSAGE) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Encrypt Key                = %s", $ALG_ID, $KEY) & @CRLF)
    write_to_log(StringFormat("%s Encrypt Key (Base64)       = %s", $ALG_ID, _CryptoNG_CryptBinaryToString($KEY, $CNG_CRYPT_STRING_BASE64)))
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Encrypted Message          = %s", $ALG_ID, $xEncryptedMessage) & @CRLF)
    write_to_log(StringFormat("%s Encrypted Message (Base64) = %s", $ALG_ID, _CryptoNG_CryptBinaryToString($xEncryptedMessage, $CNG_CRYPT_STRING_BASE64)))
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Decrypted Message          = %s", $ALG_ID, $sDecryptedMessage) & @CRLF)

EndFunc

Func write_to_log($sMsg = "", $bClear = False)
    Const $TITLE_NOTEPAD = "[RegExpTitle:(?i)untitled - notepad]"
    Static $hWndNotepad = -1

    ;If we don't have a handle to notepad yet
    If $hWndNotepad = -1 Then
        ;If there isn't an existing instance of notepad running, launch one
        If Not WinExists($TITLE_NOTEPAD) Then Run("Notepad.exe")

        ;Get handle to notepad window
        $hWndNotepad = WinWait($TITLE_NOTEPAD, "", 3)
        If Not $hWndNotepad Then Exit MsgBox($MB_ICONERROR, "ERROR", "Unable to find Notepad window.")
    EndIf

    ;Paste msg to notepad text
    If WinExists($hWndNotepad) Then
        If $bClear Then ControlSetText($hWndNotepad, "", "Edit1", "")
        ControlCommand($hWndNotepad, "", "Edit1", "EditPaste", $sMsg)
    EndIf
EndFunc

Output:

CryptoNG AES ECB Data Encryption/Decryption Example

AES Plain text message         = 1000619100_00482_db

AES Encrypt Key                = 0xBA82B18BB98A1B7367B44A3930545633
AES Encrypt Key (Base64)       = uoKxi7mKG3NntEo5MFRWMw==

AES Encrypted Message          = 0xB4DB8A7353ACBDA1209CE0F41D5B9B07E3E903D07A1220773CFE7A32EF5DBA04
AES Encrypted Message (Base64) = tNuKc1OsvaEgnOD0HVubB+PpA9B6EiB3PP56Mu9dugQ=

AES Decrypted Message          = 1000619100_00482_db

 

As you can see, the output matches the output in your previous post.

 

 

 

Edited by TheXman
Link to post
Share on other sites
6 hours ago, TheXman said:

@Than

I just released a new version of CryptoNG that includes AES ECB encryption & decryption functions.  See the UDF's help file and example file for more information.

 

Example:

#AutoIt3Wrapper_AU3Check_Parameters=-w 3 -w 4 -w 5 -w 6 -d


#include <Constants.au3>
#include <CryptoNG.au3>

write_to_log("", True) ;Clear the log file

aes_ecb_encrypt_decrypt_example()

Func aes_ecb_encrypt_decrypt_example()

    Const $ALG_ID  =  $CNG_BCRYPT_AES_ALGORITHM, _
          $MESSAGE = "1000619100_00482_db", _
          $KEY     = Binary("0xba82b18bb98a1b7367b44a3930545633")

    Local $sDecryptedMessage = ""
    Local $xEncryptedMessage = ""

    ;Encrypt plain text message
    $xEncryptedMessage = _CryptoNG_AES_ECB_EncryptData($MESSAGE, $KEY)
    If @error Then
        write_to_log("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Decrypt encrypted message
    $sDecryptedMessage = _CryptoNG_AES_ECB_DecryptData($xEncryptedMessage, $KEY)
    If @error Then
        write_to_log("ERROR: " & _CryptoNG_LastErrorMessage() & @CRLF)
        Exit 1
    EndIf

    ;Display results
    write_to_log(@CRLF)
    write_to_log("CryptoNG AES ECB Data Encryption/Decryption Example" & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Plain text message         = %s", $ALG_ID, $MESSAGE) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Encrypt Key                = %s", $ALG_ID, $KEY) & @CRLF)
    write_to_log(StringFormat("%s Encrypt Key (Base64)       = %s", $ALG_ID, _CryptoNG_CryptBinaryToString($KEY, $CNG_CRYPT_STRING_BASE64 + $CNG_CRYPT_STRING_NOCRLF)) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Encrypted Message          = %s", $ALG_ID, $xEncryptedMessage) & @CRLF)
    write_to_log(StringFormat("%s Encrypted Message (Base64) = %s", $ALG_ID, _CryptoNG_CryptBinaryToString($xEncryptedMessage, $CNG_CRYPT_STRING_BASE64 + $CNG_CRYPT_STRING_NOCRLF)) & @CRLF)
    write_to_log(@CRLF)
    write_to_log(StringFormat("%s Decrypted Message          = %s", $ALG_ID, $sDecryptedMessage) & @CRLF)

EndFunc

Func write_to_log($sMsg = "", $bClear = False)
    Const $TITLE_NOTEPAD = "[RegExpTitle:(?i)untitled - notepad]"
    Static $hWndNotepad = -1

    ;If we don't have a handle to notepad yet
    If $hWndNotepad = -1 Then
        ;If there isn't an existing instance of notepad running, launch one
        If Not WinExists($TITLE_NOTEPAD) Then Run("Notepad.exe")

        ;Get handle to notepad window
        $hWndNotepad = WinWait($TITLE_NOTEPAD, "", 3)
        If Not $hWndNotepad Then Exit MsgBox($MB_ICONERROR, "ERROR", "Unable to find Notepad window.")
    EndIf

    ;Paste msg to notepad text
    If WinExists($hWndNotepad) Then
        If $bClear Then ControlSetText($hWndNotepad, "", "Edit1", "")
        ControlCommand($hWndNotepad, "", "Edit1", "EditPaste", $sMsg)
    EndIf
EndFunc

Output:

CryptoNG AES ECB Data Encryption/Decryption Example

AES Plain text message         = 1000619100_00482_db

AES Encrypt Key                = 0xBA82B18BB98A1B7367B44A3930545633
AES Encrypt Key (Base64)       = uoKxi7mKG3NntEo5MFRWMw==

AES Encrypted Message          = 0xB4DB8A7353ACBDA1209CE0F41D5B9B07E3E903D07A1220773CFE7A32EF5DBA04
AES Encrypted Message (Base64) = tNuKc1OsvaEgnOD0HVubB+PpA9B6EiB3PP56Mu9dugQ=

AES Decrypted Message          = 1000619100_00482_db

 

As you can see, the output matches the output in your previous post.

 

 

 

Tks you so much ❤️

Link to post
Share on other sites

@Than

You're welcome! :)

In the future, there is rarely a need to quote entire posts.  So instead of clicking the "Quote" link to reply, just go to the bottom of the page and type your reply where it says "Reply to this topic...".  If you do want to quote a part of a reply, then highlight the part that you want to quote and click the "Quote selection" button that appears next to your selection.  It will add the highlighted selection, as a quote, to the reply area at the bottom of the page.

Edited by TheXman
Link to post
Share on other sites
  • 3 months later...
On 4/7/2020 at 2:44 AM, TheXman said:

That is an oddly specific request.  Why just AES-256-GCM?  What about AES-128-GCM?   :)

I will definitely add your request to my "Requested Features List.  Although I'm not entirely opposed to adding AES-GCM encryption & decryption, I'm not sure that it is worth the effort.  Since there are other tools available that can easily be incorporated into an AutoIt script that will encrypt & decrypt data using AES-GCM, the addition of that feature in the CryptoNG UDF would be a very low priority.  It would also have a very low priority because you are first person in this forum to ever request AES-GCM.  So it doesn't seem to be a very big need for that cryptographic algorithm.  But who knows, given the fact that I have a bit of extra time on my hands due the shelter-in-place orders related to the COVID-19 virus, I might get bored enough to work on it.  :)

Im the second now who requests AES-GCM. On my quest to get TLS working in autoit i stumbled across wikipedia saying that AES-CBC security "Depends on mitigations" but that AES-GCM is "Secure" and also significantly faster. Im messing around in your UDF for a while now to get GCM working, but with my lack of knowledge about cryptography, all of it is just a trial and error for me. And reading through libs of other languages that provide AES-GCM is quite hard cause im only into Autoit.

Edited by Rurorita
Link to post
Share on other sites
4 minutes ago, Rurorita said:

Im the second now who requests AES-GCM.

Yes, you're the second person in almost 2 years🤣

I'll take look to see how much effort it'll take to add AES-GCM functionality to the CryptoNG UDF.

Why are you trying to "reinvent the wheel" by writing your own TLS routines in AutoIt when there are much easier and robust ways to do it already?  Seeing how there are already ways of handling secure TCP communications, I still don't see a need for AES-GCM but I will look into it.

Link to post
Share on other sites
3 minutes ago, TheXman said:

Yes, you're the second person in almost 2 years🤣

I'll take look to see how much effort it'll take to add AES-GCM functionality to the CryptoNG UDF.

Why are you trying to "reinvent the wheel" by writing your own TLS routines in AutoIt when there are much easier and robust ways to do it already?  Seeing how there are already ways of handling secure TCP communications, I still don't see a need for AES-GCM but I will look into it.

Thanks for looking into it TheXman!

Because i simply dont know how to. The cryptography and tcp topic is fairly new to me. I want to learn these things by doing them but reading technical articles from wikipedia, msdn etc. just confuse me. By "reinventing the wheel" i also learn how it works. If there are other, maybe even better ways to secure sockets then im happy to hear about them 🙂

Link to post
Share on other sites
1 minute ago, Rurorita said:

If there are other, maybe even better ways to secure sockets then im happy to hear about them 🙂

There are a few web server implementations that exist in the AutoIt forums, including my wrapper for Microsoft's HTTP Server API (HTTPAPI UDF).  

Writing TLS routines to handle secure communications is no small task.  I'm not saying you shouldn't try if you want to, but it would be like writing a web browser from scratch, why do it when there are so many good ones already available?

Link to post
Share on other sites

@Rurorita

I looked at what it would take to add AES-GCM functionality.  It doesn't look too difficult, but it would take more effort than I think it's worth given the stated reason for wanting it, how rare the request for it is, and the availability of existing solutions to handle secure TCP communications.  Given how rare the request is, it would be like I'm writing the functionality specifically for you -- which would be fine but not without compensation.  Add to that the fact that you didn't just include my CryptoNG UDF in your _netcode_Core-UDF Concept, you basically lifted the UDF code as if it were your own.  I know that you gave me credit in your post, but lifting that much code, as if you wrote it, just doesn't sit well with me. 

If you want to try to add AES-GCM functionality yourself, then the following link has a pretty good example that could be ported to AutoIt.  Most of the AutoIt functionality and code already exists in my CryptoNG UDF, as you probably already know.  It would just be a matter of creating a couple of AES-GCM specific functions to expose the functionality.


https://stackoverflow.com/questions/30720414/how-to-chain-bcryptencrypt-and-bcryptdecrypt-calls-using-aes-in-gcm-mode

Edited by TheXman
Link to post
Share on other sites
35 minutes ago, TheXman said:

@Rurorita

I looked at what it would take to add AES-GCM functionality.  It doesn't look too difficult, but it would take more effort than I think it's worth given the stated reason for wanting it, how rare the request for it is, and the availability of existing solutions to handle secure TCP communications.  Given how rare the request is, it would be like I'm writing the functionality specifically for you -- which would be fine but not without compensation.  Add to that the fact that you didn't just include my CryptoNG UDF in your _netcode_Core-UDF Concept, you basically lifted the UDF code as if it were your own.  I know that you gave me credit in your post, but lifting that much code, as if you wrote it, just doesn't sit well with me. 

If you want to try to add AES-GCM functionality yourself, then the following link has a pretty good example that could be ported to AutoIt.  Most of the AutoIt functionality and code already exists in my CryptoNG UDF, as you probably already know.  It would just be a matter of creating a couple of AES-GCM specific functions to expose the functionality.


https://stackoverflow.com/questions/30720414/how-to-chain-bcryptencrypt-and-bcryptdecrypt-calls-using-aes-in-gcm-mode

Yes the lifted code is yours and you get full credit for it, i just havent noted it either in the udf itself or on the github page yet because i am focussed on other things. Sorry i hope i didnt offend you. Im gonna add your name and the link to CryptoNG UDF now (Done). Thank you however for the link. Im also gonna look into the HttpApi 🙂

Edited by Rurorita
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...