I need to use this Piece code in Jmeter to get the encryption of Strings.
Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC");
How can we achieve the same in Jmeter ? Help is appreciated!
You can use the same code in one of the JSR223 Test Elements like:
def cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5PADDING");
log.info(cipher.getAlgorithm())
Demo:
Once you get an encrypted string you will be able to store it in JMeter Variables using vars shorthand which stands for JMeterVariables class instance like:
vars.put('myEncryptedString', new String(cipher.doFinal(value.getBytes()))
And refer it as ${myEncryptedString} where required.
More information: Apache Groovy - Why and How You Should Use It
Related
SAP servers are capable of encrypting and hashing data. But there doesn't appear to be a suitable API to call. SAP Note 1456433 talks about the class CL_SEC_SXML_XENCRYPTION. The signature of basic encryption is clearly geared towards SSF and unsuitable to basic private key encryption/decryption. I don't want/need envelopes and user certificates. Just private keys.
I found an AES library on GitHub AES library in ABAP and tweaked that to suit us. But it is very slow. I would like to use the encryption libraries SAP has. Clearly, the libraries are there but find a suitably exposed API seems the issue.
Does anybody know how to use basic encryption in SAP?
In SAP ABAP stack, using ABAP.
Eg (a call to use AES-CBC 128, with PKCS7 padding
where only a private key and data to encrypt is required. As example:
public static method encrypt_xstring
importing i_key type xstring
i_data type xstring
i_initialization_vector type xstring optional
i_padding_standard type char10 optional
i_encryption_mode type char10 optional
exporting e_data type xstring
Use case is encrypting data on clients with a private key and sending the data to SAP system. The source supports private keys and libraries like AES-CBC.
And we have encrypted data interchange working.
Next step is to use a supported and faster library.
EDIT: In case anyone needs to encryption / decryption properly in abap
And is looking at the answer. Use class CL_SEC_SXML_WRITER.
CL_SEC_SXML_WRITER was exactly what i was looking for
BUT SAP didnt expose it properly. It is only useful for encryption no decryption.
When interacting with external libraries. Where PKCS7 padding is used and SALTs
or Initialization vectors are required.
SAP offer an ENCRYPT_IV but no Decrypt_IV. Why ????
So you cant use the tool and remain compliant. :(
It is not considered safe to use AES-CBC without IV.
Why would SAP do that ?
ENCRYPT_IV instead of ENCRYPT but no DECRYPT_IV
The offer an Add Padding but no remove padding. OK roll your own padding removal, no big deal. Its like the must be another library for the other direction.
So i can use the tool to encrypt but not decrypt.
My main problem was decrypting quickly strings sent from a mobile device.
So still need to use the old ABAP code for that :(
I have similar requirements and I found the cl_sec_sxml_writer class. Please have a look at the following example. Note that the writer requires XSTRING parameters which is why I'm using conversion classes.
REPORT zged_aes.
DATA lv_message_string TYPE string.
" create message
DATA(lr_conv_sec) = cl_abap_conv_out_ce=>create( ).
lr_conv_sec->write( data = 'This is my secret' ).
" create key
DATA(lr_conv_key) = cl_abap_conv_out_ce=>create( ).
lr_conv_key->write( data = 'MySymmetricKey' ).
" encrypt using AES256
cl_sec_sxml_writer=>encrypt(
EXPORTING
plaintext = lr_conv_sec->get_buffer( )
key = lr_conv_key->get_buffer( )
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem
IMPORTING
ciphertext = DATA(lv_message) ).
" decrypt message
cl_sec_sxml_writer=>decrypt(
EXPORTING
ciphertext = lv_message
key = lr_conv_key->get_buffer( )
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm_pem
IMPORTING
plaintext = DATA(lv_message_decrypted) ).
" convert xstring to string for output
cl_abap_conv_in_ce=>create( input = lv_message_decrypted)->read( IMPORTING data = lv_message_string ).
" output secret message
WRITE lv_message_string.
I tested it on a NetWeaver 7.50 SP 6 system.
I got the ENCRYPT_IV method to work alongside method DECRYPT of class CL_SEC_SXML_WRITER.
The caveat here is that I didn't generate the Symmetric Key and IV by making use of Class cl_abap_conv_out_ce.
I already had my keys and IV from a Java implementation test.
The only thing I needed was to create the Key and IV as an XSTRING and initializing them with the Hex format of my Java implementation (they were in Byte format.
Because of this, I first converted them to Hex and passed those values to the ABAP Xstring types).
The File Name in the Send Port should be set with the mask like ABC.txt.pgp. Since I have used the PGP Encryption Component it is generating the File name like ABC.pgp.txt.pgp. But what I need is just the ABC.txt.pgp. How can be this be done. Any help is greatly appreciated.
Thanks
What you are seeing is the expected behavior. If you are referring to this:
https://code.msdn.microsoft.com/windowsdesktop/BizTalk-Sample-PGP-ebcbc8b2
or one of it's derivatives, it will internally modify FILE.ReceivedFileName to append .pgp if that property is set.
So, if you use just %SourceFileName%, you will likely get the desired result. Otherwise, you will have to explicitly set FILE.ReceivedFileName to ABC.txt somewhere before the PGP component.
You can also modify the source code to remove this behavior.
(Same Answer)
Thanks Johns-305. I included the Message assignment shape before the send shape and used the
SendMessage(FILE.ReceivedFileName) = "ABC.txt";
In the Send Port I used Filename as "%SourceFileName%". Now I get the filename as ABC.txt.pgp in the Send Port
Based on file name prefix, I want to PGP encrypt and sign with different keys. I can use multiple encryption routes and direct them using a Message Router. Do anyone know a way to avoid multiple routs and get the related PGP keys at route running time?
final PGPDataFormat encryptAndSign01 = new PGPDataFormat();
encryptAndSign01.setKeyFileName(conf.pgpPublicKeyFile);
encryptAndSign01.setKeyUserid(conf.pgpEncryptUser01);
encryptAndSign01.setSignatureKeyFileName(conf.pgpPrivateKeyFile);
encryptAndSign01.setSignatureKeyUserid(conf.pgpSignUser01);
encryptAndSign01.setSignaturePassword(conf.pgpSignUser01Passphrase);
from("encrypt01")
.marshal(encryptAndSign01)
.to("file:tmp/output?fileName=${file:name}.pgp");
...
from("file:tmp/output?include=output.*.csv")
.choice()
.when(...)
.to(direct:encrypt01)
.when(...)
.to(direct:encrypt02);
You can specify the parameters of encryption by using the message header just like this
But I think it could be more easy if you use different routes to do the job.
I need a piece of code that defines functions which can encrypt and decrypt a piece of string. What I basically want is that the string should not be visible to third-party users, so that when the string originates in one file, it is converted to, say, an integer value using the encrypt function and then it is passed as parameter to another file. There the decrpyt function then decrypts it back and uses the string to perform actions on it.
Any suggestions or already available codes will be just fine!
Please help me out. Thanks!
Install tcllib. There are several standard encryption algorithms implemented in tcllib.
The following encryption algorithms are available:
blowfish: http://tcllib.sourceforge.net/doc/blowfish.html
aes: http://tcllib.sourceforge.net/doc/aes.html
des (including triple des): http://tcllib.sourceforge.net/doc/des.html
rc4: http://tcllib.sourceforge.net/doc/rc4.html
The des package in Tcllib should do what you want. It's pretty easy to use:
package require des
set key "12345678"; # Must be 8 bytes long
set msg "abcde"
##### ENCRYPTION
set encryptedMsg [DES::des -dir encrypt -key $key $msg]
# $encryptedMsg is a bunch of bytes; you'll want to send this around...
##### DECRYPTION
set decryptedMsg [DES::des -dir decrypt -key $key $encryptedMsg]
puts "I got '$decryptedMsg'"
Note that DES will pad the message out to a multiple of 8 bytes long.
Please visit the TCL/TK homepage e.g
here:http://wiki.tcl.tk/900
That's just one way of doing it. There will be much more, I'm sure.
I'm working on some RSA encryption/decryption unit tests and all of my functions require some certificates. I'm using dependency injection for these certs so for my unit tests, I'd like to just get some sample dummy (but functional) certificate to test my encryption/decryption library. I'd like to do this by hardcoding the RawData of valid certificate in my unit tests' SetUp method.
Where can I find something like this to put into my unit tests' SetUp method? Or how can I create this and pull this "raw data"? I'm not sure exactly what this "RawData" is. If somebody has something posted online (which would obviously be insecure, which is fine for my unit testing purposes), that would be preferable (from a lazy perspective) but I'm fine generating a cert and pulling this data as well.
Use .Export() instead of .RawData
When the X509Certificate2 has a private key within you can call:
var certBytes = certificateWithPrivateKey.Export(X509ContentType.Pkcs12);
Which returns a byte[] similar to .RawData, but it keeps the private key.
To store this in a unit test, you could just have a const string as Base64 of that data. Which you would get from:
var certAsString = Convert.ToBase64String(certBytes);
You can restore the key from this byte[] by constructing a X509Certificate2 with it:
var certificateCopy = new X509Certificate2(certBytes);
// Or from the string:
var certificateCopy2 = new X509Certificate2(Convert.FromBase64String(certAsString));
I don't understand it but this is what's going on...
I have a helper method that I call:
var cert = X509CertificateHelper.LoadCertificate(StoreName.My, StoreLocation.LocalMachine, "thumbprintgoeshere");
When I call this, cert is successfully populated and even HasPrivateKey is true. However, if I then do the following:
var cert2 = new X509Certificate2(cert.RawData);
then the resulting cert2 certificate, which is also what appears to be a valid certificate, has HasPrivateKey set to false. It appears that the RawData property "strips" out the private key (and yes, it's exportable - I have no problems creating a .pfx w/private key and importing it on another system and reproducing this behavior).
Now that I've discovered all of this, my solution is no longer to hardcode the RawData but instead to actually load up a certificate out of the certificate store - exactly what I was trying to avoid doing. If somebody has a better idea, please lay it on me. But until then, I'm calling this a failure and this is my end result. :-(