Alpha Video Training
Results 1 to 19 of 19

Thread: AES-128 Encryption

  1. #1
    Member
    Real Name
    Antony
    Join Date
    May 2004
    Posts
    67

    Default AES-128 Encryption

    Hey all,

    My site has taken payments via Sagepay for over 6 years now, but they have now increased security and I need to move to encrypting a block of xml using AES-128 with 128-bit block size CBC mode with PCKS#5 (AES-128-CBC-PKCS#5).

    I cannot find any documentation within Alpha to achieve this - please can someone help - else our business is dead!!

  2. #2
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: AES-128 Encryption

    Quote Originally Posted by Antony View Post
    Hey all,

    My site has taken payments via Sagepay for over 6 years now, but they have now increased security and I need to move to encrypting a block of xml using AES-128 with 128-bit block size CBC mode with PCKS#5 (AES-128-CBC-PKCS#5).

    I cannot find any documentation within Alpha to achieve this - please can someone help - else our business is dead!!
    Maybe it can be done with help of nodejs (require crypto).

  3. #3
    "Certified" Alphaholic Keith Hubert's Avatar
    Real Name
    Keith Hubert
    Join Date
    Jul 2000
    Location
    London, UK
    Posts
    6,930

    Default Re: AES-128 Encryption

    Hi Ken,

    What is "nodejs (require crypto)." and how would that be used from a UX?
    Regards
    Keith Hubert
    Alpha Guild Member
    London.
    KHDB Management Systems
    Skype = keith.hubert


    For your day-to-day Needs, you Need an Alpha Database!

  4. #4
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: AES-128 Encryption

    Quote Originally Posted by Keith Hubert View Post
    Hi Ken,

    What is "nodejs (require crypto)." and how would that be used from a UX?
    Long story but very shortly: crypro is Nodejs module and you can activate nodejs using xbasic so sure you can use it with UX just like any other xbasic script.

  5. #5
    "Certified" Alphaholic Keith Hubert's Avatar
    Real Name
    Keith Hubert
    Join Date
    Jul 2000
    Location
    London, UK
    Posts
    6,930

    Default Re: AES-128 Encryption

    Hi Ken,

    Is it possible you could give the long story. I'm sure Antony and Terry Morgan would appreciate your help with this. Looks like they both have the same issues with Sagepay.

    I'm sure I will on a another project soon.
    Regards
    Keith Hubert
    Alpha Guild Member
    London.
    KHDB Management Systems
    Skype = keith.hubert


    For your day-to-day Needs, you Need an Alpha Database!

  6. #6
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: AES-128 Encryption

    Quote Originally Posted by Keith Hubert View Post
    Hi Ken,

    Is it possible you could give the long story. I'm sure Antony and Terry Morgan would appreciate your help with this. Looks like they both have the same issues with Sagepay.

    I'm sure I will on a another project soon.

    Howto use crypto is documented here. How to use Nodejs with Alpha is documented in release Notes and two videos in Alpha channel in Youtube.

    What comes to UX I did use it with Phonegap development but because Phonegap is now a PRO feature and I have stopped using any PRO or Enterprise features so in my case I do not use UX anymore so I can not help with it.

  7. #7
    Member
    Real Name
    Terry Morgan
    Join Date
    Nov 2014
    Location
    Essex, England
    Posts
    275

    Default Re: AES-128 Encryption

    Hi
    Anthony, have you managed to write the node file & xbasic to provide the string and password to return the encoded string. I have been trying for a couple of hours & getting nowhere.
    Thanks
    Terry

  8. #8
    Member
    Real Name
    Terry Morgan
    Join Date
    Nov 2014
    Location
    Essex, England
    Posts
    275

    Default Re: AES-128 Encryption

    Has anyone got anywhere with this?
    Thanks
    Terry

  9. #9
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: AES-128 Encryption

    I wonder what is the problem here. If you are stuck with this and you are a subscriber then you can ask from Alpha success hours mentoring.

  10. #10
    Member
    Real Name
    mumfie
    Join Date
    Dec 2008
    Location
    UK
    Posts
    203

    Default Re: AES-128 Encryption

    Quote Originally Posted by Terrymorgan View Post
    Has anyone got anywhere with this?
    Thanks
    Terry
    This link indicates you can use a .net dll provided by sage pay. Not tried it is I don't have a sage pay account to test.

    http://stackoverflow.com/questions/3...ryption-vb-net


    Sent from my iPad

  11. #11
    "Certified" Alphaholic Keith Hubert's Avatar
    Real Name
    Keith Hubert
    Join Date
    Jul 2000
    Location
    London, UK
    Posts
    6,930

    Default Re: AES-128 Encryption

    Hi Colin,

    Thanks for the link. As this is all in VB and we are using Xbasic, could you please help with a little translation.

    I have added the @ which I can see is required as a prepend.

    All this code is on our Cart page before being submitted to Sage. The FUNCTION SimpleXor is the original to process the string into a blob and then the Base64encode which fortunately is a built in Alpha function, is used to finally encode the complete string to the Sage URL.

    Here is the existing data string before encoding.
    Code:
    Inv_Str="@VendorTxCode="+session.__protected__ad_id+"&Amount="+session.__protected__total_cost+"&Currency=GBP"
    Inv_Str=Inv_Str+"&Description="+"Recruitment Advert from: "+session.__protected__ad_start+" to: "+session.__protected__ad_end+" = "+session.__protected__ad_days+" days"
    Inv_Str=Inv_Str+"&SuccessURL="+"http://www.churchjobfinder.co.uk/success.a5w"
    Inv_Str=Inv_Str+"&FailureURL="+"http://www.churchjobfinder.co.uk/failurePage.a5w"
    Inv_Str=Inv_Str+"&BillingSurname="+session.__protected__l_name+"&BillingFirstnames="+session.__protected__f_name
    Inv_Str=Inv_Str+"&BillingAddress1="+session.__protected__inv_addr1
    Inv_Str=Inv_Str+"&billingCity="+session.__protected__inv_town
    Inv_Str=Inv_Str+"&billingPostCode="+session.__protected__inv_postcode
    Inv_Str=Inv_Str+"&billingCountry="+session.__protected__inv_country
    Inv_Str=Inv_Str+"&DeliverySurname="+session.__protected__l_name+"&DeliveryFirstnames="+session.__protected__f_name
    Inv_Str=Inv_Str+"&DeliveryAddress1="+session.__protected__house+" "+session.__protected__addr1
    Inv_Str=Inv_Str+"&DeliveryCity="+session.__protected__town
    Inv_Str=Inv_Str+"&DeliveryPostCode="+session.__protected__cust_postcode
    Inv_Str=Inv_Str+"&DeliveryCountry="+session.__protected__country_code
    
    FUNCTION SimpleXor AS B (InString as C, Key as C )
     dim bxor as B 
    bxor=char_to_blob(instring)
    dim KeyList[len(key)] as N 
    
    for i = 1 to len(Key) 
    KeyList[i] = asc(substr(Key, i, 1)) 
    next 
    
    for i = 1 to len(InString) 
    output = asc(substr(InString, i, 1)) .xor. keylist[mod(i-1,len(Key))+1] 
    bxor.poke(i,output) 
    next
    
    SimpleXor=bxor
    END FUNCTION
    
    Str_crypt= SimpleXor(inv_Str,session.__protected__sage_password)
    
    Strcrypt= base64encode(Str_crypt)
    
    %>
    </p>
    <form id=SagePayForm method=post name=SagePayForm 
    action="<%a5 ?session.__protected__sageURL%>"><input 
    value="<%a5 ?session.__protected__protocol%>" type=hidden name=VPSProtocol> 
    <input value="<%a5 ?session.__protected__TxType%>" type=hidden name=TxType> 
    <input value="<%a5 ?session.__protected__vendor%>" type=hidden name=Vendor> 
    <input value="<%a5 ?Strcrypt%>" type=hidden name=Crypt> </form>
    Please let me know if you require any further info.

    Dont worry about the test page to Sage, we have that set up.
    Regards
    Keith Hubert
    Alpha Guild Member
    London.
    KHDB Management Systems
    Skype = keith.hubert


    For your day-to-day Needs, you Need an Alpha Database!

  12. #12
    "Certified" Alphaholic Keith Hubert's Avatar
    Real Name
    Keith Hubert
    Join Date
    Jul 2000
    Location
    London, UK
    Posts
    6,930

    Default Re: AES-128 Encryption

    Hi Antony,

    I hope your business is not dead.

    Did you get any satisfaction in resolving the new encoding process?
    Regards
    Keith Hubert
    Alpha Guild Member
    London.
    KHDB Management Systems
    Skype = keith.hubert


    For your day-to-day Needs, you Need an Alpha Database!

  13. #13
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: AES-128 Encryption

    And here is some Node example for AES-256/CBC with PKCS5.

  14. #14
    "Certified" Alphaholic Keith Hubert's Avatar
    Real Name
    Keith Hubert
    Join Date
    Jul 2000
    Location
    London, UK
    Posts
    6,930

    Default Re: AES-128 Encryption

    Hi Ken,

    Thanks for reply. I'm sure you are trying to help, but this only makes our problem clear as mud.

    Is it possible you can help to translate this into an Xbasic funtion?

    Your help will be greatly appreciated by a number of Alpha developers.
    Regards
    Keith Hubert
    Alpha Guild Member
    London.
    KHDB Management Systems
    Skype = keith.hubert


    For your day-to-day Needs, you Need an Alpha Database!

  15. #15
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,570

    Default Re: AES-128 Encryption

    It is Node code and it is javascript and it will stay javascript also with Alpha. You can run above code without modifications inside Alphas exports.handler function and it will work. Check Selwyns videos. I suppose his purpose is that somebody will watch them and learn something.

  16. #16
    Member
    Real Name
    mumfie
    Join Date
    Dec 2008
    Location
    UK
    Posts
    203

    Default Re: AES-128 Encryption

    Quote Originally Posted by Keith Hubert View Post
    Hi Colin,

    Thanks for the link. As this is all in VB and we are using Xbasic, could you please help with a little translation.



    Please let me know if you require any further info.

    Dont worry about the test page to Sage, we have that set up.
    Hi Keith,
    the link I provided indicates you can probably use the SagePay .net dll to do the encryption etc using xBasic .net integration.

    If you download the .NET developer kit from SagePay it includes a dll SagePay.IntegrationKit.DotNet.dll
    This DLL provides methods to encrypt and decrypt.
    The ASP.NET sample website provided by SagePay with the .net developers kit has a c# class SagePayFormIntegration.cs
    this calls the encrypt and decrypt methods using
    Code:
       formPayment.Crypt = Cryptography.EncryptAndEncode(RequestQueryString, SagePaySettings.EncryptionPassword);
    
       string cryptDecoded = Cryptography.DecodeAndDecrypt(crypt, SagePaySettings.EncryptionPassword);
    I have not tested it but I suspect you could easily convert this to call these same methods from xbasic following the alpha help documentation and related forum posts.
    e.g
    http://wiki.alphasoftware.com/.NET+F...+in+Version+11
    http://www.alphasoftware.com/alphafo...=assy.filename
    http://www.alphasoftware.com/blog/al...t-web-service/

    I will take a look if I get time later.
    Last edited by mumfie; 02-22-2016 at 04:19 PM.

  17. #17
    Member
    Real Name
    Terry Morgan
    Join Date
    Nov 2014
    Location
    Essex, England
    Posts
    275

    Default Re: AES-128 Encryption

    Hi Ken
    There are many node js example codes available on the web and I have watched the videos, but I have been unable to figure out if the node js need some change or how to pass the encrypt or decrypt, the input string & the key into the node and also how to get back the result string.
    I have been able to write some working node js myself but very simple & cannot combine my limited capabilities with the codes available on the web.
    A number of us need someone to crack this bit for us.
    Btw I have also contacted Alpha success hours mentoring and am waiting a response.
    Thanks to all that have given responses so far on this.
    Terry

  18. #18
    Member
    Real Name
    mumfie
    Join Date
    Dec 2008
    Location
    UK
    Posts
    203

    Default Re: AES-128 Encryption

    Here is a very simple xBasic desktop demo example which appears to work but has not been tested extensively and use is at own risk.
    This uses the .NET dll you can download from SagePay.
    Code:
    FUNCTION SagePayDemo AS C ( )
    	'SagePay test encryption
    	'
    	Dim Sv as DotNet::Services
    	Dim Assy as DotNet::AssemblyReference
    	Dim Namespace as C = "SagePayNamespace"
    	Assy.FileName = "E:\SagePay\SagePay.IntegrationKit.DotNet.dll"
    	if .not. file.exists(assy.filename) then
    		ui_msg_box("","File not there.")
    		END
    	end if
    	rs = sv.RegisterAssembly(NameSpace,Assy)
    	if .not. rs then
    		UI_Msg_Box("Error registering assembly " + Assy.fileName, sv.CallResult.Text)
    		End
    	End if
    	
    	dim SagePayCrypto as SagePayNamespace::SagePay::IntegrationKit::Cryptography
    	dim strPassword as c="8JQc4w5MUsZ47Z8z"
    	dim strDecodedResult as c="This is a very very secret piece of data!"
    	dim strEncryptedResult as c=""
    	showvar(strDecodedResult,"Original value")
    	strEncryptedResult =SagePayCrypto.EncryptAndEncode(strDecodedResult,strPassword)
    	showvar(strEncryptedResult,"Encrypted value")
    	strDecodedResult="any old value"
    	strDecodedResult=SagePayCrypto.DecodeAndDecrypt(strEncryptedResult,strPassword)
    	showvar(strDecodedResult,"Decoded value")
    END FUNCTION

  19. #19
    Member
    Real Name
    Terry Morgan
    Join Date
    Nov 2014
    Location
    Essex, England
    Posts
    275

    Default Re: AES-128 Encryption

    Thank you Colin, all up & testing.
    Terry

Similar Threads

  1. Encrypting database with AES
    By orunbhuiyan in forum Application Server Version 11 - Web/Browser Applications
    Replies: 2
    Last Post: 12-10-2013, 01:38 PM
  2. Using AES algorithm with a5_encrypt_string
    By azz211 in forum Application Server Version 11 - Web/Browser Applications
    Replies: 0
    Last Post: 07-29-2012, 10:50 PM
  3. Encryption
    By John Burke in forum Alpha Five Version 7
    Replies: 11
    Last Post: 01-30-2008, 10:16 PM
  4. encryption help
    By DaveM in forum Alpha Five Version 7
    Replies: 4
    Last Post: 10-03-2006, 08:06 PM
  5. Encryption?
    By Phil Danz in forum Alpha Five Version 4
    Replies: 3
    Last Post: 02-08-2004, 07:17 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •