AES GCM Issue

anouri · 2025-01-09 12:08:15

Encrypted string does not decrypt with AESDecrypt with error: TAesGcm.DecryptPkcs7: Invalid Input.

function AESEncrypt2(PlainText: string; Key: RawByteString): string;
var
  akey : RawByteString;
  CryptCipher: ICryptCipher;
  dest,Bytes: TBytes;
begin
  akey := HexToBin(SHA256(Key));
  Bytes := TEncoding.UTF8.GetBytes(PlainText);
  CryptCipher := Encrypt('aes-256-gcm', Pointer(akey));
  CryptCipher.Process(Bytes, dest, nil);
  Result := TNetEncoding.Base64.EncodeBytesToString(dest);
end;

function AESDecrypt(CipherText: string; Key: RawByteString): string;
var
  AES: mormot.crypt.core.TAesGcm;
  akey : RawByteString;
begin
  akey := HexToBin(SHA256(Key));
  AES := mormot.crypt.core.TAesGcm.Create(pointer(akey)^, 256);
  try
    Result := AES.DecryptPkcs7(Base64ToBin(CipherText), False);
  finally
    AES.Free;
  end;
end;

Last edited by anouri (2025-01-09 12:30:13)

ab · 2025-01-09 12:56:02

You need to follow TCryptAesCipher.Process() encoding, i.e. standard GCM algorithm with trailing 128-bit GMAC.
Your AESDecrypt() does not follow this encoding.

Why are you mixing APIs?
Use ICryptCipher on both sides.

anouri · 2025-01-09 16:26:55

I had used TAes for Aes Gcm before, you suggested I use ICryptCipher. I tried using the suggested method.
But I wanted to see if the string encrypted with the first method can be decrypted with high level ICryptCipher. My attempt was unsuccessful.

Last edited by anouri (2025-01-09 16:27:11)

ab · 2025-01-09 17:44:43

Yes, because you made it wrong.

ICryptCipher uses TAesGcm underneath.
If you are lost within details, just use only ICryptCipher.

anouri · 2025-01-11 09:03:26

TCryptAesCipher in mormot.crypt.secure is not visible?!
I can't use it

ab · 2025-01-11 11:18:04

No, it is not visible, on purpose.

You have to use the Encrypt() factory function to use it.

anouri · 2025-01-12 08:02:40

After couple of days I can't figure out right way to encrypt AES GCM.
Even AIs don't give the right answer. I can't find any educational resources on YouTube or anywhere else.

ab · 2025-01-12 08:32:45

What is wrong with
- Encrypt('aes-256-gcm', pointer(key)).Process()
- Decrypt('aes-256-gcm', pointer(key)).Process()

What do you want to achieve exactly?

Forget about AI they are far too limited to understand pascal.

anouri · 2025-01-12 09:11:00

I just wanted to make sure that what I was doing was correct and that I had done a standard and proper encryption. And I needed your confirmation.
Which seemed to be correct. Thank you.

mORMot Open Source

#1 2025-01-09 12:08:15

AES GCM Issue

#2 2025-01-09 12:56:02

Re: AES GCM Issue

#3 2025-01-09 16:26:55

Re: AES GCM Issue

#4 2025-01-09 17:44:43

Re: AES GCM Issue

#5 2025-01-11 09:03:26

Re: AES GCM Issue

#6 2025-01-11 11:18:04

Re: AES GCM Issue

#7 2025-01-12 08:02:40

Re: AES GCM Issue

#8 2025-01-12 08:32:45

Re: AES GCM Issue

#9 2025-01-12 09:11:00

Re: AES GCM Issue

Board footer