The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

REST API - Decrypting AES Encrypted field

kosi
Kilo Contributor

‎05-28-2017 11:23 PM

Hi,

To decrypt an AES encrypted field through REST API, we have one issue of understanding the IV(Initialization Vector) and how to use that to decrypt the first block of 16 characters.

Encrypted field from the REST response JSON (description form field):

"description":"84d1d37bdb7a3200750573ffbf96191f:0aZdRxsIqSpFtuszNr73na/J9JuMLNB0J6T2f2FrV0sUlMmbW4prbZMmXGnLU4W6CDlb5F1lb8js\r\nRHw6tfyZd5ZL//ZUlozE916wvP+zd+uUfjpk2Bl9o2uAu+1bsNoAVdtP5m5fbnkjxf9yLRzREVVO\r\nIwYQOxNI/CeX2dzF/Uc="

Encryption method: AES 128 Bit.

Password: 1234567890123456

Original Text: "new description for new incident.

  1. www.google.com

lets see if the initial part is same or it changes for this new incident"

Decrypted output : "bGOn>22H~KH:38/_for new incident.

  1. www.google.com

lets see if the initial part is same or it changes for this new incident"

Decryption Used: AES/CBC/PKCS5Padding

How to decrypt the first block (that is highlighted in Red ). In other words, how to interpret 84d1d37bdb7a3200750573ffbf96191f in terms of IV to decrypt the first 16 characters ?

Any help would be appreciated.

0 Helpfuls
  • 3,341 Views
6 REPLIES 6

Jeet
Giga Expert

‎05-28-2017 11:54 PM

Can you please validate to encryption/decryption output online, Check that encryption you did, is that correct?



check below thread..


http://wiki.servicenow.com/index.php?title=Encryption_Support#gsc.tab=0


0 Helpfuls

kosi
Kilo Contributor
In response to Jeet

‎05-29-2017 12:17 AM

Hi, Encryption output provided here is taken from my own servicenow instance using REST API. Servicenow REST API json response had the "description" field which was encrypted.


0 Helpfuls

Jeet
Giga Expert
In response to kosi

‎05-29-2017 12:25 AM

can you use base64 to encode ? or restricted to AES only



check below thread:


Encryption Support - ServiceNow Wiki



Decrypt AES128 Encrypted field in Business Rule


0 Helpfuls

kosi
Kilo Contributor
In response to Jeet

‎05-31-2017 02:02 AM

Here is the code for Decryption using AES, but still first 16bits are scrambled. I've given new IvParameterSpec(new byte[16]).



public class AESDecryption {



  private static String key = "1234567890123456";


  private static String str = "0aZdRxsIqSpFtuszNr73na/J9JuMLNB0J6T2f2FrV0sUlMmbW4prbZMmXGnLU4W6CDlb5F1lb8js\r\nRHw6tfyZd5ZL//ZUlozE916wvP+zd+uUfjpk2Bl9o2uAu+1bsNoAVdtP5m5fbnkjxf9yLRzREVVO\r\nIwYQOxNI/CeX2dzF/Uc=";


  private static String paddingstr = "AES/CBC/PKCS5Padding";


  private static int iterationCount = 65536;


  private static int keyLength = 256;


  private static String secretKeyAlg = "PBEWithHmacSHA256AndAES_256";



  public static void main(String[] args) throws Exception {


  String finalStrDec = null;


  SecretKeyFactory factory = SecretKeyFactory.getInstance(secretKeyAlg);


  PBEKeySpec spec = new PBEKeySpec(key.toCharArray(), generateSalt(), iterationCount, keyLength);


  SecretKey secretKey = factory.generateSecret(spec);


  SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");



  IvParameterSpec ivSpec = new IvParameterSpec(new byte[16]);


  Cipher cipherDec = Cipher.getInstance(paddingstr);


  cipherDec.init(Cipher.DECRYPT_MODE, secretKeySpec, ivSpec);


  byte[] original = cipherDec.doFinal(org.apache.commons.codec.binary.Base64.decodeBase64(str));


  finalStrDec = new String(original);


  System.out.println(finalStrDec);


  }



  public static byte[] generateSalt() throws UnsupportedEncodingException {


  SecureRandom random = new SecureRandom();


  byte bytes[] = new byte[20];


  random.nextBytes(bytes);


  String salt = new String(bytes);


  return salt.getBytes("UTF-8");


  }


}