You cannot pass an IV, DataPower uses a random IV for each encryption. So you will get different output when DataPower encrypts the same data. That is for security, what you do is highly insecure.
In general you do not campare AES encryption by looking whether same encrypted string is created, but you just decrypt the encrypted string and verify that was that encyrption was good. Take DataPower encrypted string, take first 16bytes as IV and then decrypt the rest of the message with your PHP and you should see the original message encrypted by DataPower.
------------------------------
Hermann Stamm-Wilbrandt
Compiler Level 3 support & Fixpack team lead
IBM DataPower Gateways (⬚ᵈᵃᵗᵃ / ⣏⠆⡮⡆⢹⠁⡮⡆⡯⠂⢎⠆⡧⡇⣟⡃⡿⡃)
------------------------------
Original Message:
Sent: Fri February 28, 2020 09:22 PM
From: santhosh yelimineti
Subject: AES-256-CBC Encryption in Datapower vs PHP Script
Hi Hermann - Thanks for the reply
I have used IV as "00000000000000000000000000000000"
Data Value : 746573746d6f6e657907070707070707 (actual string : testmoney , padded 07070707070707 for avoid encryption failed error)
key : 6224a383862b5ebb3a785b6fb1026e5a31eadf6b6a995fc918fe9eac2b46d60e
Is there anything else i need to change to make the output same as PHP Script
Below is the XSLT.
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions" xmlns:dpconfig="http://www.datapower.com/param/config" extension-element-prefixes="dp" exclude-result-prefixes="dp dpconfig">
<xsl:template match="/">
<xsl:copy-of select="."/>
<xsl:variable name="incomingIVInHex" select= "'00000000000000000000000000000000'"/>
<xsl:variable name="key" select="'hex:6224a383862b5ebb3a785b6fb1026e5a31eadf6b6a995fc918fe9eac2b46d60e'"/>
<xsl:variable name="EncryptOut" select="dp:encrypt-binary-block('aes256-cbc',$key,'746573746d6f6e657907070707070707',$incomingIVInHex,'hex')"/>
<xsl:variable name="EncryptOut1" select="dp:encode($EncryptOut,'base-64')"/>
<xsl:message>
EncryptOut::::: <xsl:copy-of select="$EncryptOut"/>
</xsl:message>
<xsl:message>
EncryptOut_Encode::::: <xsl:copy-of select="$EncryptOut1"/>
</xsl:message>
</xsl:template>
</xsl:stylesheet>
PHP Script
<?php
$restApiKey = "HG58YZ3CR9";
$key =pack('H*', hash('sha256', $restApiKey));
echo "key:".$key;
$iv = array_fill(0,16,chr(0));
$iv1=implode('',$iv);
$encrytest=openssl_encrypt("testmoney", "AES-256-CBC", $key,1, $iv1);
$encryptedData = base64_encode($encrytest);
echo " Encrypted:".$encryptedData;
?>
------------------------------
santhosh yelimineti
Original Message:
Sent: Fri February 28, 2020 04:30 PM
From: Hermann Stamm-Wilbrandt
Subject: AES-256-CBC Encryption in Datapower vs PHP Script
The base64 string is encoding of 32byte data:
$ echo -n "NTI1NWZkNzI4ZDA4YzI2ODM3YzI1NWJiZjZjMTQ4N2Y=" | base64 -d | wc --bytes32$
DataPower creates a random IV (Initial Value) needed for CBC, and prepends it to the encoded data.
So the first 16 bytes are the randon IV, and then follows the encrypted data.
Block size for AES-128/192/256 is always 128bit=16byte:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
------------------------------
Hermann Stamm-Wilbrandt
Compiler Level 3 support & Fixpack team lead
IBM DataPower Gateways (⬚ᵈᵃᵗᵃ / ⣏⠆⡮⡆⢹⠁⡮⡆⡯⠂⢎⠆⡧⡇⣟⡃⡿⡃)
Original Message:
Sent: Fri February 28, 2020 08:22 AM
From: santhosh yelimineti
Subject: AES-256-CBC Encryption in Datapower vs PHP Script
Hi Support
I have php script which is used for encryption , so i have used for encrypting the data and i have received the encrypted data as
UlX9co0Iwmg3wlW79sFIfw==
I have tried to apply the same logic in datapower whereas in datapower i am getting different output
NTI1NWZkNzI4ZDA4YzI2ODM3YzI1NWJiZjZjMTQ4N2Y=
Please suggest what caused output to be so different
Scripts attached
------------------------------
santhosh
------------------------------