20. 余談1(IVの渡し方)
• ApexのencryptWithManagedIV/decryptWithManagedIV
• 最初の16byte(=128bit)はInitVectorを表す
• 後ろは暗号化文字列
The algorithm requires an initialization vector of 16 bytes (128 bits). Use the
encryptWithManagedIV() function to have Salesforce generate the IV for you in the
first 16 bytes of the cipher text.Third party systems that receive the cipher should
extract the IV from the first 16 bits. If third party systems send the IV in the first 16
bytes of the cipher, then use the decryptWithManagedIV() method to decrypt.
出典: https://developer.salesforce.com/page/Apex_Crypto_Class
21. 余談1(IVの渡し方)
• Pythonのpycryptoのサンプルもそんな感じ
https://www.dlitz.net/software/pycrypto/api/2.6/
from Crypto.Cipher import AES
from Crypto import Random
key = b'Sixteen byte key'
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
msg = iv + cipher.encrypt(b'Attack at dawn')
• PHPのmcryptのサンプルもそんな感じ
http://php.net/manual/ja/function.mcrypt-encrypt.php
# prepend the IV for it to be available for decryption
$ciphertext = $iv . $ciphertext;
22. 余談2(ECB使っても良さそうなケース)
• LINEのChannel Web Application(CWA)のアクセストークンの暗号化はECB
• アクセストークンなので繰り返しの推測やブロックの入れ替えはどうでも良い
The encrypted string will be decoded using the Channel secret as a symmetric-key.
The algorithm used is AES, the block size is 128 bit, the encryption mode is ECB, and
the padding is PKCS#5. The Channel secret string will be interpreted as a hexadecimal
byte string and used as the symmetric-key. The encrypted string follows Base64
encoding and will be restored once it has been decoded.
出典: https://developers.line.me/in_app_web/api-reference
25. 補足(Base64エンコード)
• バイナリ表現をテキスト表現に変換するエンコード方式
• 半角英字の大文字小文字+半角数字+記号(/, +)の64文字で構成される
• 6bitごとにバイナリを分割(3byteのバイナリは4つのブロックに分割される)
• 6bitに満たない分は0埋め
• 分割されたブロック数が4の倍数になるように”=“で調整(パディング)
01000001 01000010 01000011 01000100
010000 010100 001001 000011 010001 000000
Q U J D R A = =
A B C D
パディング0埋め