Hi TMS Crypto people. We are suscribers using your whole TMS pack.
We have this littel question: we have to make a development with these specifications. Below is our attempt.
-API-key encryption:
* The AES-256-CBC algorithm must be used.
* A specific key provided by us that you will use as a
password encryption.
* You also need a value called IV (Initialization Vector),
which must be generated randomly for each request.
- Data to send in the request headers:
* x-api-key: The result of encrypting the api-key.
* x-iv: The Initialization Vector used for encryption,
converted to hexadecimal format.
All requests will ask you to send those two fields in the
headers, the api-key of the client has to travel encrypted,
we are going to decrypt it to be able to use it
The key you have to use to encrypt it is this
“p@55w0rdu1tr@s3cr3t0”
The x-api-key is
“317301cc6cbbc-87e144ce-9ed2-a397192j9900”
Ok: What we did
var
aes: TAESEncryption;
cipher: string;
begin
aes:= TAESEncryption.Create;
aes.AType:= atCBC;
aes.KeyLength:= kl256;
aes.Unicode := yesUni;
aes.Key:= ‘p@55w0rdu1tr@s3cr3t0’; //here the key…
aes.OutputFormat:=hexa;
aes.PaddingMode:= TpaddingMode.PKCS7;
aes.IVMode:= TIVMode.rand; //test says so
cipher:= aes.Encrypt(‘317301cc6cbbc-87e144ce-9ed2-a397192j9900’);
aes.Free;
end;
The problem is this error message
class ECryptoPack with message ‘Keylength incorrect, must be 32’.
The client gave us that key, but it is not 32 characters long.
We don’t know about the subject, what can we do?
Regards
Pablo Romero
Flexxus SA