Example code for openSSL-compatible AES encryption and decryption

[Ben Coffman]

Hi all,

I had a lot of trouble figuring things out so I thought I would post my working code for anyone that needs the same thing.  These two functions will allow you to interface with openssl AES encryption.  Both are based on the functions in the online demo.

*********************************************************************************************************************************

        import flash.utils.ByteArray;

import com.hurlant.crypto.symmetric.NullPad;

import com.hurlant.crypto.symmetric.PKCS5;

import com.hurlant.crypto.symmetric.ICipher;

import com.hurlant.crypto.symmetric.IPad;

import com.hurlant.util.Base64;

import com.hurlant.util.Hex;

import com.hurlant.crypto.Crypto;

import com.hurlant.crypto.symmetric.IVMode;

                 /*

* Uses the  AS3Crypto library to perform openSSL-compatible AES decryption.  Below is an example usage:

* 

* Openssl encryption command:

* 

* openssl enc -aes-256-cbc -base64 -A -in testdata.txt -out encryptedTestData.enc -K 0102030405060708090001020304050600000000000000000000000000000000 -iv 01020304050607080900010203040506

* 

* (This command reads the text "secretsecretsecret" from testdata.txt and writes the text "pNZCCJCcZiG6hk4kEYk8ACA+SJl9M/E7Z05+QnxHe8c=" to encryptedTestData.enc)

* 

* Flash decryption code:

* 

* private var hexKey:String = "0102030405060708090001020304050600000000000000000000000000000000";

* private var hexIV:String = "01020304050607080900010203040506";

* private var b64CipherText = "pNZCCJCcZiG6hk4kEYk8ACA+SJl9M/E7Z05+QnxHe8c="

* 

* openSSLDecrypt(b64CipherText, hexKey, hexIV);

* 

* (This will return "secretsecretsecret" as a ByteArray.)

* 

* @arg b64Input The base64 encoded ciphertext.

* @arg hexKey The hex encoded decryption key, should be 256 bits long for aes-256-cbc. (32 bytes/ 64 hex characters)

* @arg hexIV The hex encoded initialization vector, should be 128 bits long. (16 bytes/ 32 hex characters)

* @arg algorithm The decryption algorithm to use.  See openssl's documentation for a list of supported algorithms.

* @arg padding The padding mode to use.  Openssl uses pkcs5/7 by default, so that's what we use here.  Any other string than "pkcs5" will result in no padding.

*/

private function openSSLDecrypt(b64Input:String, hexKey:String, hexIV:String, algorithm:String = "aes-cbc", padding:String = "pkcs5"):ByteArray

{

// 1: get the key

var kdata:ByteArray = Hex.toArray(hexKey);

// 2: get the ciphertext

var data:ByteArray = Base64.decodeToByteArray(b64Input);

// 3: get the cipher

var pad:IPad = padding=="pkcs5"?new PKCS5:new NullPad;

var mode:ICipher = Crypto.getCipher(algorithm, kdata, pad);

pad.setBlockSize(mode.getBlockSize());

// 4: if the cipher takes an IV, set it.

if (mode is IVMode) 

{

var ivmode:IVMode = mode as IVMode;

ivmode.IV = Hex.toArray(hexIV);

}

// 5: do the decryption

mode.decrypt(data);

return data;

}

                // Performs openssl-compatible AES encryption using the as3crypto library.

// Sample openssl encryption command (will give identical output): 

                // openssl enc -aes-256-cbc -base64 -A -in testdata.txt -out encryptedTestData.enc -K 0102030405060708090001020304050600000000000000000000000000000000 -iv 01020304050607080900010203040506

                //

                // @returns a base64 representation of the encrypted input

private function openSSLEncrypt(input:String, hexKey:String, hexIV:String, algorithm:String = "aes-cbc", padding:String = "pkcs5"):String

{

// 1: get the key

var kdata:ByteArray = Hex.toArray(hexKey);

// 2: get the ciphertext

var data:ByteArray = new ByteArray();

data.writeMultiByte(input, "iso-8859-1");

// 3: get the cipher

var pad:IPad = padding=="pkcs5"?new PKCS5:new NullPad;

var mode:ICipher = Crypto.getCipher(algorithm, kdata, pad);

pad.setBlockSize(mode.getBlockSize());

// 4: if the cipher takes an IV, set it.

if (mode is IVMode) 

{

var ivmode:IVMode = mode as IVMode;

ivmode.IV = Hex.toArray(hexIV);

}

// 5: do the encryption

mode.encrypt(data);

var b64EncryptedData:String = Base64.encodeByteArray(data);

return b64EncryptedData;

}

******************************************************************************************************************************************************

The functions can be used with other cipher suites, not just aes-cbc, by changing the *algorithm* parameter.  I hope this helps!