Initialization vector used in record encryption

Hi,

I'm a bit stuck in trying to port local encryption to javascript. It's no
problem to de/encrypt the symmetric key used and use the same encryption
algorithm as Briefcase/ODK Collect, but I can't seem to figure out how to
get the initialization vector correctly. Currently, my decryption test (of
a record encrypted with ODK Collect) results in something like this:

º­¥±ãluVÅ�‰í°/ÀV.0' ?>2
images1457984210252.jpg1457984197772.jpguuid:aab60510-f435-45ca-a7ae-dec99914a8c8

If I understand correctly the initialization vector is determined by:

  1. creating a md5 hash of the instanceId and the symmetric key, and getting
    the md5 digest as byte array
  2. shift/increment a byte
    https://github.com/opendatakit/briefcase/blob/b81c79384894939cb77d1f8877b4bcbcb3e6327f/src/org/opendatakit/briefcase/util/CipherFactory.java#L74in
    this array
  3. this is the initialization vector used for symmetric en/decryption of a
    file

I think step 2 is where I go wrong. If I understand correctly, with a
record that contains 2 mediafiles, to en/decrypt the submission.xml.enc
(i.e. the 3rd file), the 3rd item in the array (index 2) has to be
shifted/incremented. Is that correct?

Thanks much in advance for clarifying this.

Martijn

Got it (finally)!

By the time the 3rd file is reached the bytes in position 0, 1, and 2 have
been incremented, of course..... Phew.

··· On Wednesday, March 16, 2016 at 11:36:17 AM UTC-6, Martijn van de Rijdt wrote: > > Hi, > > I'm a bit stuck in trying to port local encryption to javascript. It's no > problem to de/encrypt the symmetric key used and use the same encryption > algorithm as Briefcase/ODK Collect, but I can't seem to figure out how to > get the initialization vector correctly. Currently, my decryption test (of > a record encrypted with ODK Collect) results in something like this: > > º­¥±ãluVÅ�‰í°/ÀV.0' ?>2 > images1457984210252.jpg1457984197772.jpguuid:aab60510-f435-45ca-a7ae-dec99914a8c8 > > > > > If I understand correctly the initialization vector is determined by: > > 1. creating a md5 hash of the instanceId and the symmetric key, and > getting the md5 digest as byte array > 2. shift/increment a byte > in > this array > 3. this is the initialization vector used for symmetric en/decryption of a > file > > I think step 2 is where I go wrong. If I understand correctly, with a > record that contains 2 mediafiles, to en/decrypt the submission.xml.enc > (i.e. the 3rd file), the 3rd item in the array (index 2) has to be > shifted/incremented. Is that correct? > > Thanks much in advance for clarifying this. > > Martijn > > >