• Abulafia
  • NEWBIE
  • 5 Points
  • Member since 2009

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 5
    Replies

In the controller of an externally exposed VF page, I am accepting a bank notification after the payment completion.

The parameter being sent are encrypted using AES with Cipher Block Chaining, using PCKS-5 Padding. The decryption algorithm should be initialised with a 16 byte, zero-filled initialization vector, and should use your encryption key.  

 

Before the decryption the parameters look like:

EncryptedParameters=QzFtdn0%2B66KJV5L8ihbr6ofdmrkEQwqMXI3ayF7UpVlRheR7r5fA6
IqBszeKFoGSyR7c7J4YsXgaOergu5SWD%2FvL%2FzPSrZER9BS7mZGckriBrhYt%2FKMAbTSS8F

XR72gWJZsul9aGyGbFripp7XxE9NQHVMWCko0NlpWe7oZ0RBIgNpIZ3JojAfX7b1j%2F5ACJ79S
VeOIK80layBwCmIPOpB%2B%2BNI6krE0wekvkkLKF7CXilj5qITvmv%2FpMqwVDchv%2FUNMfCi
4uUA4igHGhaZDQcV8U%2BcYRO8dv%2FnqVbAjkNwBqxqN3UPNFz0Tt76%2BP7H48PDpU23c61eM
7mx%2FZh%2Few5Pd0WkiCwZVkSZoov97BWdnMIw5tOAiqHvAR3%2BnfmGsx

 

Signature=huq1shmZ6k7L5BYxjGI2lJvQxffqa%2FogZR5oO8Ln2oc%3D

 

The signature is a base-64 encoded MD5 hash of the encrypted text, and can be used to verify that the text was transmitted correctly.


After decryption, the parameters will appear as follows:
bank_reference=1234&card_type=VI&payment_amount=100...

 

Following I specify the VF controller constructor:

    public sbBankNotification() {
        System.debug('>>>>> sbPDC->>>>> 100 >>>>>sbBankNotification contructor' );

        String myEncrypPar	= Apexpages.currentPage().getParameters().get( 'EncryptedParameters' ) ;
        String mySignature	= Apexpages.currentPage().getParameters().get( 'Signature' );

        if ( myEncrypPar != null ) this.encrypPar	= myEncrypPar ;
        if ( mySignature != null ) this.signature	= mySignature ;
	
        System.debug('>>>>> sbPDC->>>>> 103 >>>>>sbBankNotification:encrypPar('+this.encrypPar.length()+')=['+this.encrypPar+']' );
        System.debug('>>>>> sbPDC->>>>> 105 >>>>>sbBankNotification:Signature=['+this.signature+']' );
        
        try {
           String algorithmName = 'AES192' ;
           Blob privateKey = Blob.valueOf(ENCRYPTIONKEY) ;
           Blob initializationVector = Blob.valueOf('0000000000000000') ;
           Blob cipherText = Blob.valueOf(this.encrypPar) ;
           Blob params = Crypto.decrypt(algorithmName, privateKey, initializationVector, cipherText ) ;
           System.debug('>>>>> sbPDC->>>>> 105 >>>>>sbBankNotification:params=['+params.toString()+']' );

        } catch (Exception ex) {
           System.debug('>>>>> sbPN->>>>> 107 >>>>>sbBankNotification:Exception['+ ex +'] ');
        }
    }

 I keep on getting the debug information followed by exception message:

USER_DEBUG|[18]|DEBUG|>>>>> sbPDC->>>>> 103 >>>>>sbBankNotification:encrypPar(408)=[xxUSjEJ2Hp2pycHLe13Xy9N0CGhnqixzD8ZpNZyyBx0oFemyzq8QGnTMoqDwmreT0OzYPVOkQ2iFsUT2gxHxansC3Bp2G31G0V1IxnjZckKzWNCf6o5n6OrTsCeQbgr0YAFzSowY6MJV2yY2RB//xFxlRJ0ShWfn4EAsodWsP6L25PuzIM0XxdpEyWuqgBl1DWOcqKQurnye2cdQJiAXvpP+lpogCikXf0KbZ9WnDTTV4ABdefU5wlCobUomz7x5SldmFhyHLs1hUXxFhF0inM+Bkii5zBPVWNf2OlEfs8uG94kczxDHmw3T7qDtlayW0mOtDw5GstMtl1K4KM/VksGzNbfL1wGM0ONTDmH0liXTaxlSj+SBmO4ouYq30bpnCYoVtx5VUnP1jvCjbicoeg==]
USER_DEBUG|[19]|DEBUG|>>>>> sbPDC->>>>> 105 >>>>>sbBankNotification:Signature=[XhIsA4bPLbCMVHhdYN+5ieZHKWkF3JDt4uso+A5v8Og=]
SYSTEM_METHOD_ENTRY|[26]|system.Crypto.decrypt(String, Blob, Blob, Blob)
SYSTEM_METHOD_EXIT|[26]|system.Crypto.decrypt(String, Blob, Blob, Blob)
USER_DEBUG|[30]|DEBUG|>>>>> sbPN->>>>> 107 >>>>>sbBankNotification:Exception[System.SecurityException: Input length must be multiple of 16 when decrypting with padded cipher] 

The length of the encrypted parameters I get from the bank is 408 chars, which are using pcks-5 padding.

 

I have tried shortening the last lengh of the string up to 400 chars (to be mulple of 16) but the I got another exception error notifying that the string does not finalize with the correct character.

 

Please help

 

 

Hello,

 

I am trying to encrypt and decrypt a password using the Crypto class.

 

 

 try{
     Blob cryptoKey = Crypto.generateAesKey(128);
    	 Blob data = Blob.valueOf(weUserRec.password__c);
      Blob encryptedData = Crypto.encryptWithManagedIV('AES128', cryptoKey, data);
    
      Blob decrypt = Crypto.decryptWithManagedIV('AES128', cryptoKey, data);
 
  }catch(Exception e){
     System.debug(e.getMessage());
 }

 

The above is throwing an exception with message "Invalid initialization vector. Must be 16 bytes" (InvalidParameterValue).


Since the SF provided Managed IV methods are used here (the code is almost exactly like the sample), why does it throw this error?

Thanks.

  • November 24, 2010
  • Like
  • 0

Hi Guys,

 

I am using windows7 - 64 bit and office 2010 beta .. just check out the error and suggest what can be done ...

 

Error is as follows: The code in this project must be updated for use on 64 bit system.Please review and update Declare statements and then mark them with the PtrSafe attribute.

 

 

 

Thanks in Advance

Hi folks - I've got mixed answers on this one. If I create an AppExchange application that uses Apex Code as part of it, can I install that application into a customer's professional edition org?

If not, that would severely reduce the chance that we could actually use Apex Code since it would mean that we couldn't sell to a big chunk of customers.

Ryan