Archived Forum Post

Index of archived forum posts

Question:

Leading and Trailing Garbage DecryptStringENC

Sep 09 '15 at 12:32

When Decoding a given File (lagacy VB6 app) it works, butt the Resulting string Contains "Garbage" before and behind the Resulting (XML) String -- what is wrong ?

Dim ckGlobal        As New Chilkat_v9_5_0.ChilkatGlobal
Dim DeCrypt         As New Chilkat_v9_5_0.ChilkatCrypt2
Dim Cert            As New Chilkat_v9_5_0.ChilkatCert
Dim b64String       As String
Dim Success         As Long
Dim decryptedText   As String
Dim iFd             As Integer

' encodedb64.dat contains crypted data
iFd = FreeFile
Open "c:\s3c\encodedb64.dat" For Binary As #iFd
b64String = Space(LOF(iFd))
Get #iFd, 1, b64String
Close iFd

' keystore.p12 enthält das Arzt-Zertifikat
Success = ckGlobal.UnlockBundle("Hello Hello Hello")
Success = Cert.LoadPfxFile("c:\s3c\keystore.p12", "12345678")
'Success = DeCrypt.AddPfxSourceFile("c:\s3c\keystore.p12", "12345678")
Success = DeCrypt.SetDecryptCert(Cert)

DeCrypt.Charset = "us-ascii"
DeCrypt.CryptAlgorithm = "pki"
decryptedText = DeCrypt.DecryptStringENC(b64String)
' decryptedText with Leading and Trailing Garbage
' -- returns Error:
'Call DeCrypt.CkDecryptFile("c:\s3c\encodedb64.dat", "c:\s3c\encodedb64.xml")
Debug.Print DeCrypt.LastErrorText
' Remove garbage Q&D
decryptedText = Mid$(decryptedText, 50)
decryptedText = Left$(decryptedText, 2874)
MsgBox decryptedText

Answer

Some thoughts:

Is your encrypted file indeed DER-encoded (ASN.1) PKCS#7 data in Base64? Perhaps you could post it for examination?

Does it work if you explicitly set DeCrypt.EncodingMode = "base64"?

Does it work if you use Decrypt.Charset = "unicode"?


Answer

Below ist the Base 64 decoded String to be encrypted, the fallowing is what I get when i try to Call DeCrypt.CkDecryptFile("c:s3cencodedb64.dat", "c:s3cencodedb64.xml")

ChilkatLog: CkDecryptFile: DllDate: Aug 26 2015 ChilkatVersion: 9.5.0.52 UnlockPrefix: FoooooooAD.CBX0816 Username: MA-PCNOTE:ma Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 0 Component successfully unlocked using purchased unlock code. inputFile: [c:s3cencodedb64.dat] outputFile: [c:s3cencodedb64.xml] decryptPkcs7: algorithm: pki Using specific decrypt certificate. certSerialNumber: 43A2825EA295ED3B certIssuerCN: KV Telematik GmbH User CA 1 Getting pre-installed private key. loadPkcs7Der: der_to_xml: ASN data length exceeds remaining number of bytes available. tag: 15 idClass: 1 bConstructed: 1 headerLen: 2 dataLen: 74 inlen: 8 Abort ASN.1 processing... recursiveDepth: 1 --der_to_xml loadPkcs7Xml: Expected oid tag for 1st child in PKCS7 --loadPkcs7Xml --loadPkcs7Der Not PKCS7 DER --decryptPkcs7 Failed to decrypt. Failed. --CkDecryptFile --ChilkatLog

MIIT0wYJKoZIhvcNAQcDoIITxDCCE8ACAQAxggF3MIIBcwIBADBbME8xJDAiBgNVBAMMG0tWIFRlbGVtYXRpayBHbWJIIFVzZXIgQ0EgMTEaMBgGA1UECgwRS1YgVGVsZW1hdGlrIEdtYkgxCzAJBgNVBAYTAkRFAghDooJeopXtOzANBgkqhkiG9w0BAQcwAASCAQBBQe5A2sXiXaWbZjF+PuZFSS/YHhYug+bVu6satUB28shvFPwTQC9Z/dhEVljT9OjnZmF+zOpkc7O9O93v8MseqTQChU4hT5ZvRWwPnOe38N3AftnS/bUqXast7Zy6sC1D8TyhRkyrh+2BhXXPIyb0OETuwnSOsWQZuuH3V5nyXuj3LdRa/SZbV30kNwWR+E86K+8p+LCeCeUeprKHaXDo/4mZibIGS6DXeFg867Y17TC2pYWVO9RJwlh0rNiHtHCwZ1wwE0RgRUV8essh1GCsyGLASpKkYY2h0UnevE0jKvSM6iCBQFUgjTQTj/gw9HfWtBXt5coo6Q/tNXqxDyvLMIISPgYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQAjkZJkk4r8Xfjf2gskSDdYCCEhAc+yow3o2cb4HsYfINu4F4uUh8qNpHrc3zPbmTgjhJUakKIRVt0GyGuifr6XsB5Cx5aibJmo52P5OIemMSvOUc868vpsmPxl/uwd5DPaTxkFN4qPnbhj0BwPVP+ukQ3XYYRvpFis2PrJyHo/6dOhCTMhaGNfNu4j02Jnu4xHchYb9naQNbJpAOoQp6e9ThOwVUsicyueZJxfNTvjjHUIxQp5DjLug5OopBzGz03XI1uDZ2lJluB8XkpRmmEbpRvNfYZOlmUIBDs0RGqixFa8Z2mLsRafE5feuRd9FKRMoGASKQR6lQHaDozuebeGwCsIbKKh0byY+uK17O5nhpx2Msl3m1PZha8UTQMAJgRwz7Tx+mCW+3XgocHnlKTk2W1RcFM8mki13+SwOteBzx9fYvTldHwNEklQUI6X/vLa8d1/Ftj2PNcsQCeiC+ez/sDqnL9N91OPaxH9fKWrAOlT9qGvBiZZ2VRcN0RujwS+PnkyN6rrjMtZx2BjRcV8lDIAUaWQsQVhMV2CbOJmoulhax2QXTix1Y702Ub6yef+CYdVk6hOMb77KN+DUI/FCaT39l0QQy6eqTLJB6K4k9un5yO704LsrdsMLDA+3Bxw4ZO+AsGNAt9rq7PMoO9FCyybcA1s/ee1mCOs+kac22AHXFdi6MaQKwbpUWsn98PvmtEc8PJu8qAs3TkUCAOy8Nd46mcAKO8Y+H2njRYTriz61V7RZFLkGcTFkPUI3tpYHEwdWcZojpaSH58xTjRMX1TPYN3YbSWTxrqZGo4r3ryh78CuRDCMhWlHWP21DfkJ72mDYvwV5+poQRdfP2qDhrt6dmKoPrleu6HavPGk+CLXZ/x1nEtS11Pkjt1uVw5gkzB24a/2Vtq9JbGqTjmCmY1OX/kcgAV1/PP8C8atV/ZcdlotyAR0n7Ex5vU5p++ciFElD/OPydenI5TtTU2ioYj71mNPWz5eDnTVLWH8Ley2RnzPYk7fDW6n+RdDJnGGHWPzMIyxhYLLFB+aw+T/J5wcND4NVDNy1fV0ThPpo0lh7tseAyhkNjR5r7C0NouLn+xyc01lv5jbEoJqJ1/DZ4Hr62OqGAhki/HcPFSYmjdoV5GL5UOhfSPu+Y3m1512+f1jO5CmDqyMiq0LuvtMECNuWwPtPn4J/g6EzNXRYS35tKa6gZTbohs6llVHYAt+Vt528LTv59kyamntXHn/kX6sBJVCZiZ0tPSkypUEAkOaXYds3uucSI3AnAluBCDXX1Ye+A/OyclMVSd4a7J2FQm7LbyznkMaHZKsZLBa56ZI+43OqtUv1yWXP1ypeGSbdsW4GsKRtdF8eT2YbDhbikAhsefNHe7RZTqU9ttZI73JoBJk1U5ZDrd1Cl2UN1VvghO4yU8CVlhouKnOj2vBP2DDFatLBuRmVwS3MeVTA5P8Wt8zFa8govT4pzDB9h1GZsmcE++zfy5WsDRZHaMRHCuvhsgU5c+pei+z0OdqL2x1qW/KNLIozWmhlSALVMXhT2ijod6GXCCI+phJTgYauN3zLlJ38TastYHLN3IjOCERupx3wkWQ0ldWuWrfW6ye5yKcr2RKnLmxUuUakzvsorkWD93yyAjFUIaOftOP95TZsDIVMAAeEgsby1/nlH47t5rFPyOG6FzvTBeP6prabUG13GtdWgrg1HpQWJY4TeYhQhSQEBvZyYf8S+DlNB0EPOfkf4NXNJbtWyX2hnDimh6P7kCGAADkfDxu3iXRFK1hxkcicCkN1l9TS2GJxQYsD1FMhedfNJy/yQJExwWO15rtnj3dNmEIXbAWuPmpnIICX2doYIp7TkdXpL18HcMSsLdcpKxhOffnHGwNc87bnsV/C7mLe3wk1yAhTjnvZOJnUyFWAAFOn8ClO/cNIste/ahGNjhMITRt23E23hWOTV3RgMjUSwTobmSTe8ATNFX+OjgMjQNCBQQLc1xVenWM40Bvm7ZxhBncrUAtZqK/DbdneNXUTe4e/2YsOxuJfyNu9jBLAG4dRxxwrckyoE8KgTcZQ9vpsVoZurpHyCzetz+zK26csdGSv3AGz4xqkXKxyWi1eyq3wBMeeKtDmn2EtBmrcHT8ttqV3apCUJu8amapLaIEFbWsQBUOnmqCZVustfXmlfv1UxYn7sPLQyWS8V1Ho9Pu2bnFPyUN5FcSoi6ikgsQP9bBNIAFKo+CmufCnJBJvdeKW0Xlzg1bQV0UHNVuepq3uJV3DUz+RWA9Mf194o/bDktuyFqVmpburYoEz3Aa2DgIZiOyrtg+URXDGPOD17+gaqm7PNQZAFBZKIfYl5q+dpRe/HTP/hpoPt4JlMa/qihxsv+7NGzAAUDvr61Dp2ittPPdRRxTgW8kW5x2fVgt2ln7+aBKBYjWrNnfTX3GEQ+FrvRGGQjnuSSeF16SeYwBhloCfOwTKlDXfiioxofTnnQauFVp7KsCseeWEk8+MIaMiEmLRVbWNJ+OV/ojQ/yrBqRqHbmCAcw0rE0nhqN9KmtPGH8OyaIh5BSn3DLUasQ3GwrXDhHeCrMq/WYKVdRY4m4aYckeyzW23M2zTbHzqu+uYOEV2rO3+4sPi7IecMiI0SeoS6GFqfhSS25a3HpU0l58szEMR60ddfcnB4yZVXXNqE9b9muivn1SYL67o/BFsPDw43Qxma353DGNE6b6TAS9t3jaxv6lR5IwfOxW5lmmjCJvKHXcdtOMtcBdNrqind007k2ZDnHiR47TNXEOb5Au0krEVLF8er7I8pNYZXJwAIz1STiSjrp/iY7jPoogw5HAc1V2XRAH94wPUz+iNFcfkYdzhXmybpWr+kFy76PZIPpPcSHKeBHxMyqewRzfZNP6p+7rIoKsntBAoPPPqg2PWc175CfTyCqh8LRRIrU7Ot1vdsRVXtLjmS60q/J5qgdK8E4nmCek2tzCNFMJsN6tsTLZX4f+xG9rj0HuUV3vKJWmCY8fucjggWGFO3aEXLcQisoz2xmTZuELH1Viz5Oyg95rigEphubNVuDmNJhhfF5HRE9PEZSJ+lNE4k/QKxB9xNuHfr+GGgEdyDHRix2xRhYYKt3v7akON+FoK9w9wLVtNDTdTzgbbhd9xiQAzxtB5n/1EZAUusyZkCnmatIXo5sqS/H0UG8SoXUyFAneUj5BPHhHqd9CM7H5WOA2IT6+Ory3OWa/XWu7sycDdfCf1tw/t+EOWMnKV1KUYFX4NSEcfSaq89G4CdeueHbftAYY1sJMW9RgPsr61ytI43JLiMkFrtxCoXgkq77HBj7ae8vz44PgQLxQgKfZH0HYz/NAGPq9q+VrvuN/P42VKFQG1ftYk/M6F5FSVKV/rE13UKeN+snhc7ueCyf2Q7Y8+HHbfLWehnA8OM8Z4HHztC/n0X5mZEOO0r3ktJNIQZ7BVmVNKUyjDtKjwvChhE1EI5B7Em+tTuz1aTXecrCtyG/SlsQHnvkIrgQjLhH4keeNh8HHaj0lRjolaaWQnqgdUlCJYKApfBByzYJ2w3HBxY6b8oCYXrjsFCCyR9GR4FgZvcy6MIMJZVlemcU4K4/utiK6W5sNxRGupuQEc57MAxMSRIEKuVpW4LpiwDNx09OBeAFR2WxQ71zo2mvSJbtrohP52iZm1pCwBG1VsLAI7UEWM3y9B+9jNdYeOAz1CLomyor6Jgl6Jq1QtpQlqZQ3ip/IVX/NPIJlKfzvsGb9AIhi0gtMvLFkoMJCP92Gn+mPHnbBIRLWPngRkOnZJ5riG1nxiu842Y+IiJil6qaxH8DmDYEKpUSq+eza770yb0PvUpd0Qe2hLQMFVUE8r8mMhuQ4kPjcjyxd1/aIu3OpMK6FUH7iW2x1hV+ROIT8SE6U7FmmBrJtWCO5R6IBDLvUxP6uroTnvy8e+q61Av4fTvmFsWGegcqurBmQt/R07TMnqqSi9cfhB8Pir18yXrijPir4CPfazi0bkMXdfq+1M/ujJCLAKyPcj3XF6N+Jphy8xR3XCXXzdxGZua2eEEVnVTew0rpyk26ZFlpmfAs8TWwSEs6TW8D2p1+Q90yG8vl4/2fF5ctu8c7qtI4oiBSA4kl61D4gDmOLnk22VXEuz96GI7pjiWG56DaXcuIGbJ7RjNpDXdHCG5oXx5wv85ClSu3e5tE2wy0rJKTfB+PFLbpEwY2Iyl2GT1rgPrbd4Wx0ZZ3Bu10j5IVYhh4kPPt7JEkOrfSxNeYliHs7qVPFfAXGzoN+v1s3dJCEfYGnPhCoyEe6iltCcIjF8CAYSdg012eHRCKHgaEO3YNl71Sinf3x6FMiyh0emiDtU6CQGdQ+pn2lKQIfwaS8DCYnwcKXzCIhgGqfPJ7iOJvsKg1tSApvhYyk2we0UYf/daMUc7pOcpdD+KN9c+oFLZi1lSk/VjxVzggkr51Dzhx3bjKclETEAL+MPWGNP7ui6JwbtgfT5GXcJePZv5KDHj2NxyYNZUhUP22QkcqczzrRWsuygreuGqkbL5hnQG8EhLq3Ai9nRvbYuXA4sq3sVYPtl4RSUEXkVjIlNO+mG6+4XaPIvFHQZ8WfjPafvKJCbPLG5lJTf3vCJbIFCPLIGWqdWC46WKfJQKw+ZW1apyf3v3AY1jqdlN9ZMFWIhQmapEa015i3wjUuxXpHUu7Ej8lf1qL6NlVnL45aK6uanx4GGE9SEMmTrxZ4m690UIQ4GIg1p6gUXWqRB5wChIw1ZEW3p7CQEeV5aynzlhf8x3JowGax4ii3JP6CEsnzteWxQ0uOt9u+G7mlrVBkgAs8/C7mTXkTApqaSbk54GAatX++Z6slc02IQAnbgHHGLBDxFETV4/q8iZbImT8NhdVaQtPU3WxqP1LPCviRKXj52zAykdGeWQnn2K8R2rmY/x4mgaEDzdq7cVW47GinLS2/a0PEiJUYo5cmhzZHrc3Xazt0L5d1q3bBaX7qzM2EH76MPgBMc9UeyLu0DNqpgwOuM4DhPcV0zfAV2JrauW0JflMwDolcM8g3H2DXkW/bOPuSBOBLHvxbrRD9pXMzoiSEdfJFB1+PY4q9sAKuLAGOpOz4N4Na0UUIn70K3vC4l9ZeqTp263Pw2+L23ZzdI8k5HvrtICNbfAX0pnQhw/rVBbCEdl3zt0aZBwWX6DLBWxXllA41jx98FOSEnF1wQQfatxq9Fabcz67PWyPXsD3PmBnBc83Y7wzAcz4fd7JohI5EEEGsB6euNln1+H1srPuN2mEpXG86A4pYS92jqFt+cakZN/RgAi27z9z0n8xfFCicN6W8QurLpDmFAgl0fSC2/rxaHb7RuwSNCGZuKZWx1Tpikrrw8T4K/CRiKd6oZjcWok+/Rn7E17qXRhDGjtI3zBZFFhPsPDgRKTORCfA5MyeEXp3kbi2fPXMDsteGHyg5sVyuY5aM7ki5cN6efDp7A3Q5sMEfm6Jj2917Bh1VvejwqenUn6g7W+qnyK/9OOpSjcg3/nsDbNN8XUEr6p4WbXiXoLSuzSKao5R7w4hpxIUtDsXrboYpZr37kZuLd7mFfUJRzwYTuzAl8n5XjXZvXHQJ24P+/KujPSOd+GfpYkC1BaAxK0ncM3Jt1dFH+ogUbA2DVYL5doUznOW7IWlQD3OliBFI9LFAn+PD5OIN4FyC+XjC0NLMZnqQABGtgaP3Mlmb30O9heJIWZ3cwBGCPxuA9bbgqWv4IFcwwNG+jJc7GWV5Rm4SoPIlfu0ySsia69hiWL60rD1WzIEWMvSCCOj1q4ppFwCGvNanOBD+0SmKOK1oTt8dZHJlocrYE7j81rCeyowY4O21A1pp/GNM87VeZ32/wjv+gP5PluSjAJrrQJOmJ97mdbsz3AT3GXkpESYiMR00s/Lq7RcL/swvKUg+L5uISff004k8TSRFPHg0YXErT35m2apMxFZ2r9eW9On3SOIU3Q/g06FFEDMe6U0npsEeHUpfi9AGDQQpyMZmdt+DO4O/O6PL/i4vifmObUcSELlr16YvioCrfDmjdxo/kLSDqn3PDQEK30AwMuyAN69unjlo6uPjkEf6ikpBBqFTH61DCxX27lcCYlNkiFblsQhrAoRJQQgHasBoiZSsjhULjHvajEx9PqCoNAWs1sOSuI1RobKBM//92lqGzo0D8kxBZjNwQVBLIQjDVJ9tJc1Zx7Cm+aj9kXV7lsglneau3O16Z2LgFK0kPPXp63


Answer

I see now that you are a customer with non-expired support. When this is the case, please let me know by sending email to support@chilkatsoft.com. It is good to post to the Forum, but it's not an official support channel. If I know the question is from a customer with valid support, then I will respond on the forum the same as in email. :-)

I will investigate this problem..


Answer

Encryption is a deterministic, computational, transformation of input bytes to output bytes that resemble random data. There is no format to the output. With PKCS7, what gets encrypted is an ASN.1 structure that contains the actual data. The output, as I just said, is non-structure random-looking bytes.

The reverse process is to decrypt. We start with the random-looking bytes, decrypt, and the result (if successful) should be the original ASN.1, from which the actual data is extracted. When the decryption occurs using an invalid key or the wrong key, the result will be garbage (it will not be ASN.1). There is no way to know this unless we try to parse it as ASN.1 -- and this is the error you see: "ASN data length exceeds..."

I noticed in your code snippet above, you are not checking the success/failure return values for many calls: UnlockBundle, LoadPfxFile, etc. Make sure you do. If any of these methods failed, you want to catch and fix that failure first.

If you still have trouble, I need an actual dataset (.p12 + .dat) to reproduce the issue.