cancel
Showing results for 
Search instead for 
Did you mean: 

Decrypting AES in C# encrypted in SQL Anywhere 12.0 or earlier

cigaras
Participant
12,127

There is a similar discussion on stackoverflow about encrypting and decrypting in SA16 where it works with minor issues, but there I have a more specific and problematic question: I do understant why SA12 can not decrypt stuff encrypted in other systems, because it does not has the capability of setting up specific parameters, but what about the other way around, decrypting stuff in C# encrypted in SA12 or earlier? All I know from SA12 documentation is that it uses Rijndael algorithm and has a random IV and the size 128 or 256 can be specified, but I do not know the padding, the cipher mode and am not sure about the data rawness format.

So long story short: Is it possible to decrypt data encrypted in SA12 outside of the database?

Accepted Solutions (1)

Accepted Solutions (1)

graeme_perrow
Advisor
Advisor

No, it is not possible in v12. The algorithm itself is AES, but the way we break the data up into blocks for encryption, the IV we use, and the way we store the encrypted data are all proprietary and unpublished.

cigaras
Participant
0 Kudos

Thank you for clarification.

Answers (1)

Answers (1)

VolkerBarth
Contributor

While I can't tell the details, here's a link to an older similar question from the NNTP archives:

@sybase.com/>">Is encrypt function algorithm true AES

EDIT: Unfortunately, the link seems to be rendered incorrectly because of the contained "@", I suspect), so I paste it as pure text...here

nntp-archive.sybase.com/nntp-archive/action/article/<42d81576.5b5e.1681692777@sybase.com>

In my understanding, that would mean the encryption/decryption with v12 and below is done in a proprietary fashion and cannot be decrypted/encrypted externally.

You may however go the opposite way and use an external crypto lib within SQL Anywhere via the external call interface and make sure that way that encryption/decryption within and outside the database are compatible.

As to the IV: AFAIK, before v10.0.1 there was no random IV used, v10.0.1 introduced a database option (i.e. the "encrypt_aes_random_iv database option) to use a random IV on demand, and v11 and above will always use a random IV.

VolkerBarth
Contributor
0 Kudos

@Graeme: Aside: Can you tell me why my cited NNTP archive link won't be displayed accordingly, and what I would need to correct that?

graeme_perrow
Advisor
Advisor
0 Kudos

Even by looking at the original link you posted, I can't get to the right page. nntp-archive.sybase.com is pointing me at the web site for a law school in Florida so something weird is going on. But something's wrong with the URL to begin with - angle brackets are not allowed in a URL.

VolkerBarth
Contributor
0 Kudos

Hm, for me (and FF 27.1) that exact link does show the desired page, as can be seen here:

And it's also the link I get when I search for "Is encrypt function algorithm true AES" with Google - though there the angle brackets are encoded with "%3C" and "%3E". Weird.

The following is just a test whether the link works when angle brackets and the at sign are encoded...:

nntp-archive.sybase.com/nntp-archive/action/article/%3C42d81576.5b5e.1681692777%40sybase.com%3E

EDIT: Apparently, that won't work either though the preview seems to display the link itself correctly.

So linking to the NNTP archives seems somewhat errorprone here... - possibly that will raise a general question:(

graeme_perrow
Advisor
Advisor
0 Kudos

Nope, I still get a 404. Tried with FF 27.0 and 28.0 as well as Chrome 33.0, IE 9, and IE 11. I think the web server is having trouble - a Google search for "sybase nntp encryption function algorithm true aes" finds the page, with the same URL as you posted, but I still get a 404 when I click on it.

VolkerBarth
Contributor
0 Kudos

Do you also get a 404 if you add the "%3E" which seem to be omitted from the displayed link? For me, this shows the cited page.

MarkCulp
Participant
0 Kudos

Volker: Your links work... if we use them on an 'outside' internet connection (i.e. the problem that Graeme is seeing appears to be related to the internet proxy)

graeme_perrow
Advisor
Advisor
0 Kudos

The 404 has to do with the SAP proxy. Without that, I do see the right page.

VolkerBarth
Contributor
0 Kudos

So your employer wants you to have a look at a web site for a law school in Florida instead of the own old archives - hm, what am I supposed to think of that?