QString QgsAuthCrypto::encryptdecrypt( QString passstr, QString cipheriv, QString textstr, bool encrypt ) { QString outtxt = QString(); if ( QgsAuthCrypto::isDisabled() ) return outtxt; QCA::InitializationVector iv( QCA::hexToArray( cipheriv ) ); QCA::SymmetricKey key( QCA::SecureArray( QByteArray( passstr.toUtf8().constData() ) ) ); if ( encrypt ) { QCA::Cipher cipher = QCA::Cipher( CIPHER_TYPE, CIPHER_MODE, CIPHER_PADDING, QCA::Encode, key, iv, CIPHER_PROVIDER ); QCA::SecureArray securedata( textstr.toUtf8() ); QCA::SecureArray encrypteddata( cipher.process( securedata ) ); if ( !cipher.ok() ) { qDebug( "Encryption failed!" ); return outtxt; } outtxt = QCA::arrayToHex( encrypteddata.toByteArray() ); // qDebug( "Encrypted hex: %s", qPrintable( outtxt ) ); } else { QCA::Cipher cipher = QCA::Cipher( CIPHER_TYPE, CIPHER_MODE, CIPHER_PADDING, QCA::Decode, key, iv, CIPHER_PROVIDER ); QCA::SecureArray ciphertext( QCA::hexToArray( textstr ) ); QCA::SecureArray decrypteddata( cipher.process( ciphertext ) ); if ( !cipher.ok() ) { qDebug( "Decryption failed!" ); return outtxt; } outtxt = QString( decrypteddata.toByteArray() ); // qDebug( "Decrypted text %s", qPrintable( outtxt ) ); // DO NOT LEAVE THIS LINE UNCOMMENTED } return outtxt; }
QString Security::encrypt(QString input) { //This uses QCA to encrypt passwords for FPT/SFTP before saving them with QSettings //This should probably have more randomness to be completely secure, but it's a bit better than plaintext. QCA::Initializer init = QCA::Initializer(); QCA::SymmetricKey key = QCA::SymmetricKey(QCA::SecureArray(ENC_KEY)); QCA::InitializationVector iv = QCA::InitializationVector(QCA::SecureArray(ENC_INIT_VECTOR)); QCA::Cipher cipher = QCA::Cipher(QString("aes128"), QCA::Cipher::CBC, QCA::Cipher::DefaultPadding, QCA::Encode, key, iv); //check if aes128 is available if (!QCA::isSupported("aes128-cbc-pkcs7")) { qDebug() << "AES128 CBC PKCS7 not supported - " "please check if qca-ossl plugin is" "installed correctly !"; return ""; } QCA::SecureArray secureData = input.toAscii(); QCA::SecureArray encryptedData = cipher.process(secureData); //check if encryption succeded if (!cipher.ok()) { return ""; } return QString(qPrintable(QCA::arrayToHex(encryptedData.toByteArray()))); }
QString Security::decrypt(QString input) { if(input.isEmpty()) { return input; } QCA::Initializer init = QCA::Initializer(); QCA::SymmetricKey key = QCA::SymmetricKey(QCA::SecureArray(ENC_KEY)); QCA::InitializationVector iv = QCA::InitializationVector(QCA::SecureArray(ENC_INIT_VECTOR)); QCA::Cipher cipher = QCA::Cipher(QString("aes128"), QCA::Cipher::CBC, QCA::Cipher::DefaultPadding, QCA::Encode, key, iv); if (!QCA::isSupported("aes128-cbc-pkcs7")) { qDebug() << "AES128 CBC PKCS7 not supported - " "please check if qca-ossl plugin is" "installed correctly !"; return ""; } cipher.setup(QCA::Decode, key, iv); QCA::SecureArray encryptedData = QCA::SecureArray(QCA::hexToArray(input)); QCA::SecureArray decryptedData = cipher.process(encryptedData); //check if decryption succeded if (!cipher.ok()) { return ""; } return QString(decryptedData.data()); }
/** * @paragraph This method decrypts a system encrypted hash * @brief ServerPanel::DecryptEntity * @param QByteArray qbaKey * @param QByteArray qbaVector * @param QByteArray qbaHash * @return QString */ QVariantMap ServerPanel::DecryptEntity(QByteArray qbaKey, QByteArray qbaVector, QByteArray qbaHash) { // Initialize the cryptographer QCA::Initializer qiInitializer = QCA::Initializer(); // Create the cipher QCA::Cipher qcrCipher = QCA::Cipher("aes128", QCA::Cipher::CBC, QCA::Cipher::DefaultPadding, QCA::Decode, QCA::SymmetricKey(qbaKey), QCA::InitializationVector(qbaVector)); // Decode the hash QCA::SecureArray qsaPlain = qcrCipher.process(QCA::SecureArray(qbaHash)); // Setup the return map QVariantMap qvmReturn; // Check the decryption status if (qcrCipher.ok()) { // Set the plain text entity qvmReturn.insert("sPlainText", QString(qsaPlain.data())); // Set the decryption status qvmReturn.insert("bSuccess", true); } else { // Set the decryption status qvmReturn.insert("bSuccess", false); } // Return the map return qvmReturn; }