Unconfigured Ad Widget

Collapse

Announcement

Collapse
No announcement yet.

TDES encryption PC vs AS400

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • TDES encryption PC vs AS400

    Assuming that the data you are referring to is stored on the IFS, Have you checked the CCSID of the IFS file. If the system is treating that file as an EBCDIC file even though it has ASCII data in it, this could be the cause of your problem.

  • #2
    TDES encryption PC vs AS400

    At the moment, the two systems are seperate, but the data will be sent between the two systems (TDES encrypted ASCII) via a socket program. The PC encrypted data will be picked up from the socket, must be decrypted, then converted to EBCDIC, then used by the AS400, updated, converted back to ASCII, then re-encrypted, and placed back on the socket and sent back to the PC. Note: the process works fine at the moment (no encryption envolved) but we are trying to add encryption, and do not seem to get the PC TDES and AS400 TDES to match. We have verified to make sure the PADing is the same, still no joy...

    Comment


    • #3
      TDES encryption PC vs AS400

      I now understand better. I think the problem that you might be having is related to the key that you are using. If the key that you are supplying is the EBCDIC representation of the ASCII data, then it won't work. Make sure that the key that you supply to the decryption API is the real ascii string and not some constant that you typed into a program. Constants typed into a program would be in EBCDIC, not ASCII. Could this be the problem?

      Comment


      • #4
        TDES encryption PC vs AS400

        I am using it as a constant, but entering it in HEX, when in debug, and displaing with :A (for ASCII) it displays as provided by the 3rd parties code. When just displayed it shows in EBCDIC and is unreadable. So I do see where you are going. And to top it off if I take the ASCII statment and ASCII key encrypt it, then unencrypt it, it decrypts back into the correct ASCII string on the AS400

        Comment


        • #5
          TDES encryption PC vs AS400

          Can you provide a sample of how you are calling the Qc3DecryptData API along with the declaration of the variables that you are passing to it. Please don't share the key. I don't think you want us to know that, just the actual call and the variable declarations.

          Comment


          • #6
            TDES encryption PC vs AS400

            I know we are communicating on multiple forms, and appreciate your input, but I am converting the ASCII to HEX and entering it that way not in EBCDIC, so the string and key are both HEX reps of the ASCII and so should the encrypted string be...

            Comment


            • #7
              TDES encryption PC vs AS400

              This is a modified version of Bob Cozzi's sample code: see http://www.mcpressonline.com/mc?1@17...ae.1@.6b37c204

              Comment


              • #8
                TDES encryption PC vs AS400

                What do you have specified as the 4th and 6th paramters on the call to Qc3DecryptData?

                Comment


                • #9
                  TDES encryption PC vs AS400

                  4th parm -------------- myAlgo.Algorithm = ALGO_TDES myAlgo.blocklength = 8 myAlgo.mode = mode_ECB myAlgo.PadChar = X'00' myAlgo.PadOption = pad_PadChar myAlgo.reserved1 = X'00' myAlgo.macLength = 0 myAlgo.keySize = 0 myalgo.inzVector = *ALLX'00' 6th Parm --------------- myKey.type = ALGO_TDES nKeyLength = %Len(%TrimR(keyValue))

                  Comment


                  • #10
                    TDES encryption PC vs AS400

                    This may not be related to your problem, but there were PTFs recently issued for a problem with the Decrypt API and padded data. See http://www-912.ibm.com/n_dir/nas4apa...LAPARS/MA35000.

                    Comment


                    • #11
                      TDES encryption PC vs AS400

                      I tried posting earlier, but as nothing has shown up after a few hours here's an abbreviated posting... I don't know if this is the cause of your current problem, but there is an exposure with the posted code that will bite you at some point in the future... Namely the use of %trimr when calculating the length of the key value. Keys are byte/bit sensitive so removing one or more trailing blanks will impact the decryption. In your case, with an ASCII encoded key, there is also the exposure that your key ends with the ASCII character @. The ASCII @ is x'40', which just happens to be the EBCDIC blank. So the code right now is trimming off any trailing @'s in the key. If you have just one @ you would get a runtime error -- invalid key length as a TDES key must be 8, 16, or 24 bytes in length. If you happen to have 8 trailing @'s (for instance an ASCII key length of 16 with the last 8 bytes being @) then you would get no error (as the key would be trimmed to a valid 8 bytes in length) but you would also not get a successful decryption. I doubt that you have 8 (or 16) trailing @'s, but some day, some where, when you least expect it, you will get a key that ends with one or more ASCII @ characters. And you will then have a failure without an obvious reason why. Hope this helps, Bruce Vining

                      Comment


                      • #12
                        TDES encryption PC vs AS400

                        We are an AS400 shop and are using TDES encryption via the IBM supplied API's (Qc3EncryptData and Qc3DecryptData) and it works just fine. However when a 3rd party sends us ASCII encrypted data (we must decrypt then convert to EBCDIC) we are not even coming close to matching, have you any idea why? Note: we have verified the Key string and the unencrypted string, and that we are both using TDES (Us via the API's and them via JAVA code). We thought it might be ASCII vs. EBCDIC so I used the HEX version of their ASCII and encrypted/decrypted the HEX version of the sting, still no luck. Any help would be appreciated.

                        Comment


                        • #13
                          TDES encryption PC vs AS400

                          I understand the Hex '40' vs an ASCII blank and have allowed for that, but this is still not matching. Is there somthing I must do with the CCSID (such as a sort seq.) I am just reaching now, I can not even verify that I have an issue with the AS400 encryption, it could be the Java encryption on the server, but they can make the Java version match a example program on the web see - http://www.tero.co.uk/des/test.php So they feel theirs is operating correctly. The AS400 encrypted string in HEX is - 11BBB9F40DA3EB4825ABF0B08CB0E8721259ED34796B103841 C953D8DC95E9CDCA6A01CA872D622A The Server encrypted String in HEX is - 5ca21944595b5bdf0229554473bbbdcbcb4b3f501156fb3f5f 336de28819d1eb7b9882a2240a4167 As you can see they are incorrect right from the start.. Any suggestions? Any other TDES example sites on the web to use as verification? Anything?

                          Comment

                          Working...
                          X