'MySQL AES-CBC decryption key padding - what if String is too small? (no multiple of 16)
I successfully encrypted Strings in MySQL using AES-128-CBC algorithm. The official documentation and tutorials helped a lot. From my understanding, MySQL uses key padding PKCS#7 in order to fill the binary data in chunks of 16 Byte-size.
Problem: I am not able to decrypt Data using MySQL, although these Data is successfully decrypted using online decryption tools?!
Data:
0x568aed71e43af834900bec738e08c4fa2637b8915fb401fd6296f19c3aeeceebc3164b967cd5445e6aafe90f416314191cb1839210b7cd2efe168911fd465dab56ccda9c82862b90f29353ab57532b49
This is a telegram that I received from a smoke detector. I can easyly decrypt it via online tools, e.g. 'online-domain-tools.com':
AES Key: 0xDDCCFA1971D96B759B6A20400E00A535 iv: 2515485001000C1A2323232323232323
Result in online-AES-decryptor-webpage: 0x2f2f0bfd0f070101046d3209972702fd17000082206c9225426c90278440ff2c000f13ff8250fd61000082506c01018260fd6105008360fd31e87a0082606c9b258270fd61070082706c97272f2f2f2f
I can confirm the result beeing correct, due to the prefix (2f2f) and suffix (2f2f2f2f).
I tried the same decryption in MySQL using aes-128-CBC algorithm, but the result is NULL?!?!
SET @@SESSION.block_encryption_mode = 'aes-128-cbc';
SET @iv = 0x2515485001000C1A2323232323232323;
SET @pass = 0xDDCCFA1971D96B759B6A20400E00A535;
SET @raw = 0x568aed71e43af834900bec738e08c4fa2637b8915fb401fd6296f19c3aeeceebc3164b967cd5445e6aafe90f416314191cb1839210b7cd2efe168911fd465dab56ccda9c82862b90f29353ab57532b49;
SELECT HEX(AES_DECRYPT(@raw,@pass, @iv));
After a weekend of frustration my only understanding was, that if I encrypt the above data within the same procedure, the Result is as follows:
Encryption: 0x568aed71e43af834900bec738e08c4fa2637b8915fb401fd6296f19c3aeeceebc3164b967cd5445e6aafe90f416314191cb1839210b7cd2efe168911fd465dab56ccda9c82862b90f29353ab57532b49ac0e75a2663f9a22b1036d03e2f9b9a6
Heureka! The Result is different to the Result that I expected (addition of 16 Bytes, bold formatting). My suggestion is, that MySQL was unable to decrypt my initial data due to key padding? If i decrypt the longer data above, the only difference is key padding bytes at the end of the original data:
Decrypted:
0x2f2f0bfd0f070101046d3209972702fd17000082206c9225426c90278440ff2c000f13ff8250fd61000082506c01018260fd6105008360fd31e87a0082606c9b258270fd61070082706c97272f2f2f2f10101010101010101010
The bold bytes at the end is key padding data, from my understanding.
Other decryption result in MySQL (no key padding?!):
SET @@SESSION.block_encryption_mode = 'aes-128-cbc';
SET @iv = 0x2515485001000C1A2323232323232323;
SET @pass = 0xDDCCFA1971D96B759B6A20400E00A535;
SET @raw = 0x568aed71e43af834900bec738e08c4fa2637b8915fb401fd6296f19c3aeeceebc3164b967cd5445e6aafe90f416314191cb1839210b7cd2efe168911fd465dab56ccda9c82862b90f29353ab57532b49ac0e75a2663f9a22b1036d03e2f9b9a6;
SELECT HEX(AES_DECRYPT(@raw,@pass, @iv));
Is there a way to 'add' the missing bytes to encrypted data, in order to enable MySQL to decrypt it?
Thanks a lot!
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|