Skip to Content

CL_SEC_SXML_WRITER=>DECRYPT AES decryption fails / CX_SEC_SXML_ENCRYPT_ERROR

Dear SAP-Community,

my goal is to encrypt a string in one program using a given password and to save the encrypted result in a file. In another program I will read the encrypted message from that file and decrypt it.

I'm using CL_SEC_SXML_WRITER=>ENRCYPT for encryption and CL_SEC_SXML_WRITER=>DECRYPT for decryption (algorithm: cl_sec_sxml_writer=>co_aes256_algorithm). Encrypting works smoothly. When I try to decrypt I'm getting the exception: CX_SEC_SXML_ENCRYPT_ERROR (UNCAUGHT_EXCEPTION).

If I encrypt and decrypt in the same program, everything works fine. Only when I split the encryption and decryption in two programs I get the exception.

My encryption demo:

REPORT y_enrypt_txt.

PARAMETERS:
p_msg TYPE string OBLIGATORY DEFAULT 'This is my test' LOWER CASE,
p_pwd TYPE string OBLIGATORY DEFAULT '1234' LOWER CASE,
p_file TYPE string OBLIGATORY LOWER CASE.

START-OF-SELECTION.

* create message
DATA(lr_conv_sec) = cl_abap_conv_out_ce=>create( ).
lr_conv_sec->write( p_msg ).

* create key
DATA(lr_conv_key) = cl_abap_conv_out_ce=>create( ).
lr_conv_key->write( p_pwd ).

* encrypt using AES256
cl_sec_sxml_writer=>encrypt(
EXPORTING
plaintext = lr_conv_sec->get_buffer( )
key = lr_conv_key->get_buffer( )
algorithm = cl_sec_sxml_writer=>co_aes256_algorithm
IMPORTING
ciphertext = DATA(lv_message) ).

OPEN DATASET p_file FOR OUTPUT IN BINARY MODE.
TRANSFER lv_message TO p_file.
CLOSE DATASET p_file.

My decryption demo:

REPORT y_decrypt_txt.

DATA:
lv_enc_msg_xstring TYPE xstring,
lf_plaintext_file TYPE xstring,
lv_decrypted_string TYPE string.

PARAMETERS:
p_pwd TYPE string OBLIGATORY DEFAULT '1234' LOWER CASE,
p_file TYPE string OBLIGATORY LOWER CASE.

START-OF-SELECTION.

OPEN DATASET p_file FOR INPUT IN BINARY MODE.
READ DATASET p_file INTO lv_enc_msg_xstring.
CLOSE DATASET p_file.

* create key
DATA(lr_conv_key) = cl_abap_conv_out_ce=>create( ).
lr_conv_key->write( p_pwd ).

* decrypt using AES256

cl_sec_sxml_writer=>decrypt(
EXPORTING
ciphertext = lv_enc_msg_xstring
key = lr_conv_key->get_buffer( )

algorithm = cl_sec_sxml_writer=>co_aes256_algorithm

IMPORTING
plaintext = lf_plaintext_file ).

cl_abap_conv_in_ce=>create( input = lf_plaintext_file )->read( IMPORTING data = lv_decrypted_string ).

WRITE: / 'Decrypted: ', lv_decrypted_string.

What am I doing wrong? Why is it possible to encrypt and decrypt in the same program? Why do I get an exception if I split the code in two programs?

Best regards,

Hanno

Add a comment
10|10000 characters needed characters exceeded

Related questions

5 Answers

  • Posted on May 24, 2019 at 03:05 PM

    Hi Ricardo,

    Instead of CL_SEC_SXML_WRITER=>ENCRYPT give a try to ENCRYPT_IV method, it have additional importing parameter Initialization Vector. I've used the IV parameter with initial value as you can see below and it worked this way. I hope it will work in your case as well!

    cl_sec_sxml_writer=>encrypt_iv(
      EXPORTING
        plaintext =  lr_conv_sec->get_buffer( )
        key =        lr_conv_key->get_buffer( )
        algorithm =  cl_sec_sxml_writer=>co_aes256_algorithm_pem
        iv = '00000000000000000000000000000000'
      IMPORTING
        ciphertext = DATA(lv_message) ).
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jun 10, 2019 at 03:46 PM

    Hello,

    I have the same problem, my class doesn't have ENCRYPT_IV (or decrypt_iv). Filip, we need decrypt, encryption success.

    Error appears when call DECRYPT method direct. I have tested to call just with same value getted from ENCRYPT method and it runs perfect but when try to do separately it gives us dump.

    Thanks in advance

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Juanmi, did you solve the issue?

      I'm currently facing the same issue with CL_SEC_SXML_WRITE. I'd wrote a test program that uploads an XML file from frontend, encrypts and downloads it to frontend again with addition in filename "crypted". Until that point everything it's ok.

      When i tryed to upload and decrypt the previously crypted file, an ABAP dump is raising: CX_SEC_SXML_ENCRYPT_ERROR: Decryption of XML data failed. In addition, when decrypted with rijndael_utility trailing characters where added at the end of XML.

      When i Decrypt inmeditly after encryption ther is no problem as you have already mentioned.

      I've tried with AES256, AES128.

      The external receiver said they have no way to handle it.

      Is ther some way to avoid that?

  • Posted on Jan 10 at 12:09 PM

    I have successfully used above encryption / decryption method. Please remember to use proper encryption key length i.e. for XSTRING it will be:
    AES128 - 32 chars
    AES192 - 48 chars
    AES256 - 64 chars.

    You can find usage examples in local test classes of CL_SEC_SXML_WRITER, e.g. in method LCL_XML_SECURITY_TEST -> SYMMTRIC_ENC_WITH_IV

    CONSTANTS: lf_aes128_key type xstring value '2B7E151628AED2A6ABF7158809CF4F3C'
    ,lf_aes192_key type xstring value '8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B'
    ,lf_aes256_key type xstring value '603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4'
    
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on May 23, 2019 at 02:18 PM
    -1

    Hi, Hanno.
    Same problem here. Did you find a solution?

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 16, 2019 at 11:27 AM
    -1

    Hello,

    I had the same problem and the issue is related to the algorithm 256 that does not work properly: https://answers.sap.com/questions/6654008/hmac-sha256.html

    Try to use the cl_sec_sxml_writer=>co_aes128_algorithm and check if it works. For me it was the solution.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.