Old 11th June 2018, 12:11   #1
otrub
Junior Member
 
Join Date: Mar 2018
Posts: 8
NsisCrypt plugin with AES128 algorithm

Hi all,

I try to use EncryptSymmetric function with aes128 algorithm, but getting an error: "Erro while trying to import key, consider your base64 string! Error Code: 80090008".

It looks like problem with "base64 encoded key" or "base64 encoded iv" I used. Tell me how can I prepare these params from text string (ex. key "123", iv "456").

Thank you.
otrub is offline   Reply With Quote
Old 11th June 2018, 15:22   #2
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,172
Show how you are calling the plug-in! Looking at the Wiki, it does seem like you should base64 encode the key and IV.

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 11th June 2018, 19:52   #3
otrub
Junior Member
 
Join Date: Mar 2018
Posts: 8
code:
InitPluginsDir ;make sure we have $pluginsdir
File "/ONAME=$pluginsdir\NsisCrypt.dll" "${NSISDIR}\Plugins\x86-ansi\NsisCrypt.dll" ;you must extract the Ansi plugin manually

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "123" "md5"
Pop $2
DetailPrint "Hash(123) = $2"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "456" "md5"
Pop $3
DetailPrint "Hash(456) = $3"

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" EncryptSymmetric 4 "test string" "aes128" "$2" "$3"
Pop $1
DetailPrint "EncryptSymmetric = $1"



Im newbie in encryption and nsis. Therefore I tried and this code:

code:
InitPluginsDir ;make sure we have $pluginsdir
File "/ONAME=$pluginsdir\NsisCrypt.dll" "${NSISDIR}\Plugins\x86-ansi\NsisCrypt.dll" ;you must extract the Ansi plugin manually

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "123" "md5"
Pop $2
DetailPrint "Hash(123) = $2"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "456" "md5"
Pop $3
DetailPrint "Hash(456) = $3"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "$2"
Pop $4
DetailPrint "Base64Encode(Hash(123)) = $4"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "$3"
Pop $5
DetailPrint "Base64Encode(Hash(456)) = $5"

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" EncryptSymmetric 4 "test string" "aes128" "$4" "$5"
Pop $1
DetailPrint "EncryptSymmetric = $1"



And just in case tried this one:

code:
InitPluginsDir ;make sure we have $pluginsdir
File "/ONAME=$pluginsdir\NsisCrypt.dll" "${NSISDIR}\Plugins\x86-ansi\NsisCrypt.dll" ;you must extract the Ansi plugin manually

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "123"
Pop $4
DetailPrint "Base64Encode(Hash(123)) = $4"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "456"
Pop $5
DetailPrint "Base64Encode(Hash(456)) = $5"

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" EncryptSymmetric 4 "test string" "aes128" "$4" "$5"
Pop $1
DetailPrint "EncryptSymmetric = $1"



And all trys has one result with error message. I use callansi plugin as opposed to normal way after I visited many forums and only one site told me how to solve other error with unknown chinese words.

With option ascii I had another results of functions but with no victory.
otrub is offline   Reply With Quote
Old 11th June 2018, 19:56   #4
otrub
Junior Member
 
Join Date: Mar 2018
Posts: 8
With another keystring and ivstring I had the same no result.
otrub is offline   Reply With Quote
Old 11th June 2018, 20:13   #5
otrub
Junior Member
 
Join Date: Mar 2018
Posts: 8
code:
InitPluginsDir ;make sure we have $pluginsdir
File "/ONAME=$pluginsdir\NsisCrypt.dll" "${NSISDIR}\Plugins\x86-ansi\NsisCrypt.dll" ;you must extract the Ansi plugin manually

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "123" "md5"
Pop $2
DetailPrint "Hash(123) = $2"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "456" "md5"
Pop $3
DetailPrint "Hash(456) = $3"

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" EncryptSymmetric 4 "test string" "aes128" "$2" "$3"
Pop $1
DetailPrint "EncryptSymmetric = $1"



Im newbie in encryption and nsis. Therefore I tried and this code:

code:
InitPluginsDir ;make sure we have $pluginsdir
File "/ONAME=$pluginsdir\NsisCrypt.dll" "${NSISDIR}\Plugins\x86-ansi\NsisCrypt.dll" ;you must extract the Ansi plugin manually

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "123" "md5"
Pop $2
DetailPrint "Hash(123) = $2"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Hash 2 "456" "md5"
Pop $3
DetailPrint "Hash(456) = $3"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "$2"
Pop $4
DetailPrint "Base64Encode(Hash(123)) = $4"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "$3"
Pop $5
DetailPrint "Base64Encode(Hash(456)) = $5"

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" EncryptSymmetric 4 "test string" "aes128" "$4" "$5"
Pop $1
DetailPrint "EncryptSymmetric = $1"



And just in case tried this one:

code:
InitPluginsDir ;make sure we have $pluginsdir
File "/ONAME=$pluginsdir\NsisCrypt.dll" "${NSISDIR}\Plugins\x86-ansi\NsisCrypt.dll" ;you must extract the Ansi plugin manually

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "123"
Pop $4
DetailPrint "Base64Encode(Hash(123)) = $4"

CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" Base64Encode 1 "456"
Pop $5
DetailPrint "Base64Encode(Hash(456)) = $5"

;StrCpy $1 "ascii"
CallAnsiPlugin::Call "$pluginsdir\NsisCrypt" EncryptSymmetric 4 "test string" "aes128" "$4" "$5"
Pop $1
DetailPrint "EncryptSymmetric = $1"



And all trys has one result with error message. I use callansi plugin as opposed to normal way after I visited many forums and only one site told me how to solve other error with unknown chinese words.

With option ascii I had another results of functions but with no victory.
otrub is offline   Reply With Quote
Old 11th June 2018, 20:21   #6
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,172
You should focus on making it work in a ANSI installer first, then you can deal with Unicode later.

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 12th June 2018, 08:45   #7
otrub
Junior Member
 
Join Date: Mar 2018
Posts: 8
Ok, I did it. Set Unicode to false. Unfortunately I still have an error "Erro while trying to import key, consider your base64 string! Error Code: 80090008"
otrub is offline   Reply With Quote
Old 12th June 2018, 22:46   #8
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,172
3DES works correctly but AES does not because the plug-in does not use PROV_RSA_AES in the symmetric functions.

After taking a look at the code I'd say the whole thing requires a rewrite, it is leaking memory and does not support Unicode.

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 13th June 2018, 18:09   #9
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,172
I played around a bit with a different plug-in and it seems to work:

Quote:
Crypto::Encrypt AES-128 "m:MyKey" "m:MyIV" "m:This is a test"
Pop $3
DetailPrint CT=$3


Crypto::Decrypt AES-128 "m:MyKey" "m:MyIV" "b64:$3"
Pop $4
DetailPrint PT(b64)=$4
Crypto::Decode BASE64 $4
Pop $0
DetailPrint PT=$0


Crypto::DeriveKey AES-128 "m:MyKey"
Pop $1
DetailPrint DK(b64)=$1

Crypto::Decrypt AES-128 "b64:$1" "m:MyIV" "b64:$3"
Pop $0
Crypto::Decode BASE64 $0
Pop $0
DetailPrint PT=$0
Input types are m (narrow string), w (wide string, Unicode only) and b64. The wide string type is a bit useless if you need to read the decrypted data back into a NSIS register because Decrypt returns it as raw UTF-16 encoded as Base64.

The input key is transformed with CryptDeriveKey:SHA1 unless you use the b64 type.

AES is AES CBC with padding.
Attached Files
File Type: zip Crypto 1.5 experimental.zip (7.4 KB, 163 views)

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 18th October 2019, 07:20   #10
otrub
Junior Member
 
Join Date: Mar 2018
Posts: 8
Hi, Anders. Thanks very much for your reply. I tried to solve with your plugin and code. But results are different( I should get the same, because application on the server side use same algo. What do dou think about compatibility with your solution?

I implemented solution like that. I use vbs script to get correct result. But I think it's bad way, because I'm passing secret key and vector via args(((

Quote:
On Error Resume Next
Dim resp,obj,arr,i,r,str,enc,asc,objStream,bin,bytes,bytesd,s,sc,sd,crypt,file,content,fso,result
Const typeBinary = 1
Const forReading = 1, forWriting = 2, forAppending = 8
Set objArgs = Wscript.Arguments

Set fso = CreateObject("Scripting.FileSystemObject")
Set file = fso.OpenTextFile(objArgs(1), 1, False, -1)
content = file.ReadAll
file.Close

If objArgs(0) = 1 Then
result = decryptAES128(content, objArgs(2), objArgs(3))
ElseIf objArgs(0) = 2 Then
result = encryptAES128(content, objArgs(2), objArgs(3))
End If

Set file = fso.OpenTextFile(objArgs(1), 2, False, -1)
file.WriteLine(result)
file.Close

If E******mber = 0 Then
Wscript.Quit(0)
Else
'MsgBox Err.Description
Wscript.Echo(Err.Description)
Wscript.Quit(1)
End If

private function decryptAES128(base64encrypted, key, iv)
Set obj=WScript.CreateObject("System.Security.Cryptography.RijndaelManaged")
Set asc = CreateObject("System.Text.UTF8Encoding")
Set crypt = WScript.CreateObject("System.Security.Cryptography.MD5CryptoServiceProvider")

obj.KeySize = 128
obj.Key = crypt.ComputeHash_2(asc.GetBytes_4(key))
obj.IV = crypt.ComputeHash_2(asc.GetBytes_4(iv))

Set dec = obj.CreateDecryptor()

bin = decodeBase64(base64encrypted)
byted = dec.TransformFinalBlock((bin),0,lenb(bin))
sd = asc.GetString((byted))

decryptAES128 = sd
end function

private function encryptAES128(source, key, iv)
Set obj=WScript.CreateObject("System.Security.Cryptography.RijndaelManaged")
Set asc = CreateObject("System.Text.UTF8Encoding")
Set crypt = WScript.CreateObject("System.Security.Cryptography.MD5CryptoServiceProvider")

obj.KeySize = 128
obj.Key = crypt.ComputeHash_2(asc.GetBytes_4(key))
obj.IV = crypt.ComputeHash_2(asc.GetBytes_4(iv))

Set enc = obj.CreateEncryptor()

bin = asc.GetBytes_4(source)
byted = enc.TransformFinalBlock((bin),0,lenb(bin))

encryptAES128 = encodeBase64(byted)
end function

private function encodeBase64(bytes)
dim DM, EL
Set DM = CreateObject("Microsoft.XMLDOM")
' Create temporary node with Base64 data type
Set EL = DM.createElement("tmp")
EL.DataType = "bin.base64"
' Set bytes, get encoded String
EL.NodeTypedValue = bytes
encodeBase64 = EL.Text
end function

private function decodeBase64(base64)
dim DM, EL
Set DM = CreateObject("Microsoft.XMLDOM")
' Create temporary node with Base64 data type
Set EL = DM.createElement("tmp")
EL.DataType = "bin.base64"
' Set encoded String, get bytes
EL.Text = base64
decodeBase64 = EL.NodeTypedValue
end function
If you have some advices to me, please tell me how I can use NSIS plugin and save compability.
Thanks a lot for your care.
otrub is offline   Reply With Quote
Old 20th October 2019, 00:33   #11
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,172
1) You are hashing the key and IV with MD5. The plug-in uses SHA1 on the key but it does allow you to specify base64 strings as input instead (see the 2nd Crypto::Decrypt call in my example above).

2) The plug-in does not support UTF-8. It only supports ANSI and UTF-16LE. Base64 can be used as a workaround.

3) I have no idea what GetBytes_4 in your code actually does.

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Old 26th October 2019, 17:32   #12
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,172
PHP Code:
Crypto::HashData MD5 "Password"
Pop $1
DetailPrint 
"Hashed password=$1"
Crypto::Encode BASE64 "hex:$1" ; Or "m:$1" if you want to encode the hex string instead of the actual hash bytes
Pop 
$1
DetailPrint 
"BASE64 hashed password=$1"

Crypto::Encrypt AES-128 "b64:$1" "m:MyIV" "m:This is a test"
Pop $3
DetailPrint 
"BASE64 CT=$3"


Crypto::Decrypt AES-128 "b64:$1" "m:MyIV" "b64:$3"
Pop $4
DetailPrint 
"BASE64 PT=$4"
Crypto::Decode BASE64 $4
Pop 
$0
DetailPrint PT
=$
Attached Files
File Type: zip Crypto 1.5.2 experimental.zip (4.6 KB, 18 views)

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

Tags
aes, nsis, nsiscrypt

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump