Decryption of API Data in BC365 [SAAS]

ishyampandeyishyampandey Member Posts: 22
Hello Everyone,

I am getting encrypted value with key from API and I need to decrypt the data using that key in bc365 SAAS.
Encryption algo is SHA256. Thanks

Best Answer

  • ftorneroftornero Member Posts: 522
    Answer ✓
    Hello @ishyampandey,

    After a little more digging looks like AES256 is a subset of the Rijndael block cipher and this one it's implemented in the codeunit "Rijndael Cryptography", so I created an app to test this and after some tests with an online tool the combination that works is "Cypher Mode = ECB" and "Padding Mode = PKCS7".
    table 50100 EncDec
    {
        fields
        {
            field(1; PK; Code[10])
            {
    
            }
            field(2; Clave; Text[50])
            {
            }
            field(3; Texto2Encrypt; Text[100])
            {
    
            }
            field(4; Texto2Decrypt; Text[100])
            {
    
            }
            field(5; Salt; Text[100])
            {
    
            }
            field(6; Result; Text[100])
            {
    
            }
            field(7; CypherMode; Option)
            {
                OptionMembers = ECB,CBC,CFB,CTS,OFB;
            }
            field(8; PaddingMode; Option)
            {
                OptionMembers = PKCS7,ANSIX923,ISO10126,Zeros,None;
            }
        }
        keys
        {
            key(Key1; PK)
            {
    
            }
        }
    }
    
    page 50100 Encrypt_Decrypt
    {
        PageType = Card;
        SourceTable = EncDec;
        UsageCategory = Administration;
        ApplicationArea = All;
        ModifyAllowed = true;
        DeleteAllowed = false;
        InsertAllowed = false;
    
        layout
        {
            area(Content)
            {
                field(Clave; Rec.Clave)
                {
                    ApplicationArea = All;
                    Caption = 'Key';
                    trigger OnValidate()
                    begin
                        Rijndael.InitRijndaelProvider(Rec.Clave, 128, Format(Rec.CypherMode), Format(Rec.PaddingMode));
                    end;
                }
                field(CypherMode; Rec.CypherMode)
                {
                    ApplicationArea = All;
                    trigger OnValidate()
                    begin
                        Rijndael.SetCipherMode(Format(Rec.CypherMode));
                    end;
                }
                field(PaddingMode; Rec.PaddingMode)
                {
                    ApplicationArea = All;
                    trigger OnValidate()
                    begin
                        Rijndael.SetPaddingMode(Format(Rec.PaddingMode));
                    end;
                }
                field(Texto2Encrypt; Rec.Texto2Encrypt)
                {
                    ApplicationArea = All;
                    Caption = 'Text2Encrypt';
                }
                field(Texto2Decrypt; Rec.Texto2Decrypt)
                {
                    ApplicationArea = All;
                    Caption = 'Text2Decrypt';
                }
                field(Result; Rec.Result)
                {
                    ApplicationArea = All;
                    Editable = false;
                }
            }
        }
        actions
        {
            area(Processing)
            {
                action(Encrypt)
                {
                    ApplicationArea = All;
                    Promoted = true;
                    PromotedCategory = Process;
                    PromotedIsBig = true;
                    Image = EncryptionKeys;
    
                    trigger OnAction()
                    begin
                        if (Rec.Clave <> '') and (Rec.Texto2Encrypt <> '') then begin
                            Rec.Result := Rijndael.Encrypt(Rec.Texto2Encrypt);
                            Rec.Texto2Decrypt := Rec.Result;
                        end;
                    end;
                }
                action(Decrypt)
                {
                    ApplicationArea = All;
                    Promoted = true;
                    PromotedCategory = Process;
                    PromotedIsBig = true;
                    Image = Description;
    
                    trigger OnAction()
                    begin
                        if (Rec.Clave <> '') and (Rec.Texto2Decrypt <> '') then begin
                            Rec.Result := Rijndael.Decrypt(Rec.Texto2Decrypt);
                            Rec.Texto2Encrypt := Rec.Result;
                        end;
                    end;
                }
            }
        }
    
        trigger OnOpenPage();
        begin
            Rec.Reset();
            if not Rec.Get() then begin
                Rec.Init();
                Rec.Insert();
            end;
            if Rec.Clave <> '' then
                Rijndael.InitRijndaelProvider(Rec.Clave, 128, Format(Rec.CypherMode), Format(Rec.PaddingMode));
        end;
    
        var
    
            Rijndael: Codeunit "Rijndael Cryptography";
    }
    

    In this link you can test your results.

    https://encode-decode.com/aes-256-ecb-encrypt-online/

    Regards

Answers

  • ftorneroftornero Member Posts: 522
    Hello @ishyampandey

    You can take a look to the Cryptography Management codeunt

    https://github.com/microsoft/ALAppExtensions/tree/master/Modules/System/Cryptography Management/src

    Regards.
  • ishyampandeyishyampandey Member Posts: 22
    Hi @ftornero

    Thanks for your help.
    I am not able to find Cryptography Management CU in Cloud version.
    Decrypt function is there but i am not able to use it because it have only single string parameter is asking. I don't know where to use the key to decrypt the value.
    In your shared CU i can see there are few function available which are asking for key and value both.
    Can you help me bit more regarding this its highly appreciated. Thanks
  • ftorneroftornero Member Posts: 522
    Hello @ishyampandey,

    Could you elaborate a little more what is the encrypted data that you get, the key that you have, etc., because you can not decrypt a SHA256 hash.

    Regards
  • ishyampandeyishyampandey Member Posts: 22
    Hi @ftornero, I am getting account no. (KnLoHfEvogSHn4qQ2ar2vj==)
    and Key (S@h@y@o@p@t@e@p@I@n@d@e@y@a@2020)
    I have to decrypt account no using key.
  • ftorneroftornero Member Posts: 522
    Hello @ishyampandey,

    Ok, and what more information the API documentation give to you to decrypt the account no.

    Regards
  • ishyampandeyishyampandey Member Posts: 22
    Hi @ftornero ,
    Only encrypted account and key that's it.
  • ftorneroftornero Member Posts: 522
    Hello @ishyampandey,

    In your first post you said that encryption algorithm was SHA256, so I assume that there is something more that the API documentation explain.

    Regards
  • ishyampandeyishyampandey Member Posts: 22
    Hi @ftornero,

    Yes client said that algo is SHA-256 but they are providing this much only.
    Key and encrypted value.
    Thanks
  • ftorneroftornero Member Posts: 522
    Hello @ishyampandey,

    Then theres is something that is missing because SHA256 can be decrypted because is a hash, to encrypt/decrypt you need something like RSA o PGP.

    You need to ask for more information to the API owner.

    Regards
  • ishyampandeyishyampandey Member Posts: 22
    Hi @ftornero,
    Thanks, I asked to client and in reply they Said
    We are using SHA256 (AES256) algorithm for encryption.
    I will update you further about this. Thank you very much
    If you have any suggestion regarding new method of encryption which can be easily decrypt please let me know.
  • ftorneroftornero Member Posts: 522
    Hello @ishyampandey,

    If the algorithm is AES256 then you need to use an Azure Function o something similar to send the encrypted value and the key and get the decrypted value back, because BC in SaaS don't have the function to do that.

    Regards.
  • ftorneroftornero Member Posts: 522
    Answer ✓
    Hello @ishyampandey,

    After a little more digging looks like AES256 is a subset of the Rijndael block cipher and this one it's implemented in the codeunit "Rijndael Cryptography", so I created an app to test this and after some tests with an online tool the combination that works is "Cypher Mode = ECB" and "Padding Mode = PKCS7".
    table 50100 EncDec
    {
        fields
        {
            field(1; PK; Code[10])
            {
    
            }
            field(2; Clave; Text[50])
            {
            }
            field(3; Texto2Encrypt; Text[100])
            {
    
            }
            field(4; Texto2Decrypt; Text[100])
            {
    
            }
            field(5; Salt; Text[100])
            {
    
            }
            field(6; Result; Text[100])
            {
    
            }
            field(7; CypherMode; Option)
            {
                OptionMembers = ECB,CBC,CFB,CTS,OFB;
            }
            field(8; PaddingMode; Option)
            {
                OptionMembers = PKCS7,ANSIX923,ISO10126,Zeros,None;
            }
        }
        keys
        {
            key(Key1; PK)
            {
    
            }
        }
    }
    
    page 50100 Encrypt_Decrypt
    {
        PageType = Card;
        SourceTable = EncDec;
        UsageCategory = Administration;
        ApplicationArea = All;
        ModifyAllowed = true;
        DeleteAllowed = false;
        InsertAllowed = false;
    
        layout
        {
            area(Content)
            {
                field(Clave; Rec.Clave)
                {
                    ApplicationArea = All;
                    Caption = 'Key';
                    trigger OnValidate()
                    begin
                        Rijndael.InitRijndaelProvider(Rec.Clave, 128, Format(Rec.CypherMode), Format(Rec.PaddingMode));
                    end;
                }
                field(CypherMode; Rec.CypherMode)
                {
                    ApplicationArea = All;
                    trigger OnValidate()
                    begin
                        Rijndael.SetCipherMode(Format(Rec.CypherMode));
                    end;
                }
                field(PaddingMode; Rec.PaddingMode)
                {
                    ApplicationArea = All;
                    trigger OnValidate()
                    begin
                        Rijndael.SetPaddingMode(Format(Rec.PaddingMode));
                    end;
                }
                field(Texto2Encrypt; Rec.Texto2Encrypt)
                {
                    ApplicationArea = All;
                    Caption = 'Text2Encrypt';
                }
                field(Texto2Decrypt; Rec.Texto2Decrypt)
                {
                    ApplicationArea = All;
                    Caption = 'Text2Decrypt';
                }
                field(Result; Rec.Result)
                {
                    ApplicationArea = All;
                    Editable = false;
                }
            }
        }
        actions
        {
            area(Processing)
            {
                action(Encrypt)
                {
                    ApplicationArea = All;
                    Promoted = true;
                    PromotedCategory = Process;
                    PromotedIsBig = true;
                    Image = EncryptionKeys;
    
                    trigger OnAction()
                    begin
                        if (Rec.Clave <> '') and (Rec.Texto2Encrypt <> '') then begin
                            Rec.Result := Rijndael.Encrypt(Rec.Texto2Encrypt);
                            Rec.Texto2Decrypt := Rec.Result;
                        end;
                    end;
                }
                action(Decrypt)
                {
                    ApplicationArea = All;
                    Promoted = true;
                    PromotedCategory = Process;
                    PromotedIsBig = true;
                    Image = Description;
    
                    trigger OnAction()
                    begin
                        if (Rec.Clave <> '') and (Rec.Texto2Decrypt <> '') then begin
                            Rec.Result := Rijndael.Decrypt(Rec.Texto2Decrypt);
                            Rec.Texto2Encrypt := Rec.Result;
                        end;
                    end;
                }
            }
        }
    
        trigger OnOpenPage();
        begin
            Rec.Reset();
            if not Rec.Get() then begin
                Rec.Init();
                Rec.Insert();
            end;
            if Rec.Clave <> '' then
                Rijndael.InitRijndaelProvider(Rec.Clave, 128, Format(Rec.CypherMode), Format(Rec.PaddingMode));
        end;
    
        var
    
            Rijndael: Codeunit "Rijndael Cryptography";
    }
    

    In this link you can test your results.

    https://encode-decode.com/aes-256-ecb-encrypt-online/

    Regards
  • ishyampandeyishyampandey Member Posts: 22
    @ftornero Hi,

    Thank you very much, Let me try this by creating an extension. I will update my status.
  • ishyampandeyishyampandey Member Posts: 22
    @ftornero Hi,
    Your solution worked well and I got something good to learn from you. Thank you :)

Sign In or Register to comment.