Original Message:
Sent: Wed September 13, 2023 02:00 AM
From: Jyoti Yadav
Subject: Hybrid encryption decryption using AES and RSA key pairs
Hello Rajesh,
I am getting "Unknown hashing mechanism: 'http://www.w3.org/20'" in response while using below XSLT in datapower, please guide how to resolve this issue.
Please find below XSLT.
<xsl:stylesheet
version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:dp="http://www.datapower.com/extensions"
xmlns:dpconfig="http://www.datapower.com/param/config"
xmlns:apim="http://www.ibm.com/apimanagement"
xmlns:webapi="http://www.ibm.com/apimanagement"
xmlns:func="http://exslt.org/functions"
xmlns:wxsl="http://www.w3.org/1999/XSL/TransformAlias"
xmlns:exsl="http://exslt.org/common"
extension-element-prefixes="dp dpconfig exsl apim"
exclude-result-prefixes="wxsl func dp">
<xsl:value-of select="dp:encrypt-key($GeneratedKey,$recipient,'http://www.w3.org/2009/xmlenc11#rsa-oaep','http://www.w3.org/2000/09/xmldsig#sha256','http://www.w3.org/2009/xmlenc11#mgf1sha256')"/>
------------------------------
Jyoti Yadav
Original Message:
Sent: Mon September 04, 2023 01:32 AM
From: Rajesh Rajaratnam
Subject: Hybrid encryption decryption using AES and RSA key pairs
Hi @Joseph Morgan
We are still working on this and have noticed that decryption is failing in DataPower when the client is performing the RSA-OAEP encryption with SHA-256 OAEP digest and MGF algorithm
We are using dp:decrypt-key() with the RSA-OAEP key transport identifier and the algorithm for the mask generation function like this:
dp:decrypt-key(encryptedKey, recipient, http://www.w3.org/2009/xmlenc11#rsa-oaep, OAEPParameters, OAEPDigestAlgorithm, MGFAlgorithm)
Tested it further by encrypting the key (using Java code) and then decrypt the key in DataPower by providing various OAEPDigestAlgorithm
and MGFAlgorithm
combinations as below: (Note: Each time we have adjusted the encryption so that both encryption and decryption matches)
#1
Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
OAEPDigestAlgorithm
='http://www.w3.org/2001/04/xmlenc#sha256'
and MGFAlgorithm
='http://www.w3.org/2009/xmlenc11#mgf1sha1'
This one worked in DataPower
#2
Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
OAEPDigestAlgorithm
='http://www.w3.org/2000/09/xmldsig#sha1
' and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha1'
This one worked in DataPower
Key transport algorithm = 'http://www.w3.org/2009/xmlenc11#rsa-oaep'
OAEPDigestAlgorithm='http://www.w3.org/2001/04/xmlenc#sha256'
and MGFAlgorithm='http://www.w3.org/2009/xmlenc11#mgf1sha256'
This one failed in DP
Even though both dp:decrypt-key() - IBM Documentation , dp:encrypt-key() - IBM Documentation lists the SHA-256 as a valid algorithm for both digest (http://www.w3.org/2001/04/xmlenc#sha256) and MGF(http://www.w3.org/2009/xmlenc11#mgf1sha256); this combination is not working in our tests
Regards
------------------------------
Rajesh Rajaratnam
Original Message:
Sent: Tue August 29, 2023 03:58 PM
From: Joseph Morgan
Subject: Hybrid encryption decryption using AES and RSA key pairs
So, in my experience, when DataPower just fails decryption, it has something to do with what is being decrypted. I doubt it is the base64 conversion, and from your description it doesn't seem to be an algorithm mismatch, but I'm wondering what DataPower "sees" after it is turned into binary after converting from base64. Is the key the right length? Is it padded correctly if padding is applied? What encoding is applied before encryption or when converting to base64?
In your Java example, is "decrypt" being invoked after decoding the client generated message from base64?
------------------------------
Joseph Morgan
Original Message:
Sent: Mon August 28, 2023 10:09 PM
From: Rajesh Rajaratnam
Subject: Hybrid encryption decryption using AES and RSA key pairs
Thanks Joseph, Yes you are right, the client is sending the key (encrypted using the pub key) as part of the message and It is base64 encoded
This is what at high level client is doing :
generate symmetric key (buffer) -> encrypt using public key (buffer) -> convert buffer to base64
------------------------------
Rajesh Rajaratnam
Original Message:
Sent: Mon August 28, 2023 09:49 PM
From: Joseph Morgan
Subject: Hybrid encryption decryption using AES and RSA key pairs
OK. So I think I misunderstood the scenario. If I understand correctly, you don't have a Secret Key Object, but instead, you have the client sending you the key, encrypted by their public key provided via the message request to DataPower?
From what you have described, I'd be focused on the encoding of the key. Your Java example uses a byte array for the decryption. What does the key look like in the request? Base64?
------------------------------
Joseph Morgan
Original Message:
Sent: Mon August 28, 2023 03:58 PM
From: Rajesh Rajaratnam
Subject: Hybrid encryption decryption using AES and RSA key pairs
Thanks a lot Joseph for checking this.
Yes, We can not have a shared symmetric key with the client as the client doesn't have a secured way to store the keys and it is public facing application. Hence the client has been asked to generate random symmetric key for each request and pass it along with the encrypted data. For this transport we are RSA asymmetric key cryptography.
We could have rely on the secured connection (https) between client and DataPower for this exchange, however this message further flow to another ESB layer before ultimately submitted to an external provider through another DataPower domain. The channel between DP and ESB is not secured (http).
We were initially planning to use the RSA public and private key pair between the client and DataPower for the data encryption, however DP is restricting this usage (probably due to a good reason that RSA ideally used for key exchange and signing scenarios)
Regards
------------------------------
Rajesh Rajaratnam
Original Message:
Sent: Mon August 28, 2023 12:06 PM
From: Joseph Morgan
Subject: Hybrid encryption decryption using AES and RSA key pairs
I'd have to build out a similar scenario to test this, but, I don't think decrypt-key was meant for decrypting symmetric keys on the box.
So, the first question I have is: Is it absolutely necessary to encrypt the symmetric key on the appliance?
------------------------------
Joseph Morgan
Original Message:
Sent: Mon August 28, 2023 03:14 AM
From: Rajesh Rajaratnam
Subject: Hybrid encryption decryption using AES and RSA key pairs
Hi there ,
We are trying to implement the hybrid cryptography between java script client and DataPower IDG.2018.4.1.8, at high level
- The client app to generate a random symmetric key (aes128_cbc) and use that key to encrypt the data (an element in the payload)
- The client app to encrypt the symmetric key using a RSA public key (RSA OAEP Padding) corresponding private key is loaded to DataPower
- The client app to call the DataPower service with the public key encrypted symmetric key and encrypted data
- The DataPower component should first decrypt the symmetric key using the private key
- The DataPower component to decrypt the data using the decrypted symmetric key received in previous step (step 4)
We have tested this , however the decryption of symmetric key (step 4) is failing in DataPower, logging the error "Ephemeral key decryption failed: *Key decryption failed* in logs.
The AES key is passed as base64 format(converted from array Buffer to base64 from client app)
We are using DP extension function and the details are below:
dp:decrypt-key(<EncryptedKey>, <Private Key>, <DecryptionAlgorithm>, <OAEPParameters>, <OAEPDigestAlgorithm>, <MGFAlgorithm>)
The values that we are providing are mentioned below.
EncryptedKey :The encrypted symmetric/session key provided by consuming system which we are trying to decrypt(in order to get symmetric key which was encrypted).
Private Key : Name of the crypto key object configured in DataPower. The value of this parameter is of the form "name:<CryptoKeyObjectName>"
DecryptionAlgorithm: http://www.w3.org/2009/xmlenc11#rsa-oaep
OAEPParameters: Base 64 encoded value of following OAEP parameters "sha256,mgf1sha256,pSpecifiedEmpty"
OAEPDigestAlgorithm: http://www.w3.org/2001/04/xmlenc#sha256
MGFAlgorithm: http://www.w3.org/2009/xmlenc11#mgf1sha256
This decryption is failing in DataPower and we have tried the same decryption using Java and it is working fine, respective Java code is as below
public static byte[] decrypt(byte[] data, PrivateKey privateKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT);
cipher.init(Cipher.DECRYPT_MODE, privateKey, oaepParams);
return cipher.doFinal(data);
}
Could you help us in this please? Thanks
------------------------------
Rajesh Rajaratnam
------------------------------