Symptoms

When using GlideEncrypter, you could encrypt one of the fields and send the encrypted text over a REST API message, which the 3rd party can decrypt at their end using the shared Keys and an agreed algorithm.

The encryption algorithm to establish the communication with any third part tool uses 3DES encryption with following parameters:

• CipherMode = ECB
• PaddingMode = PKCS7
• Keylength of 24 chars.

Without setting the algorithm, you will see a difference output for the encrypted value as compared to their output using above parameters.

Release

Madrid and later versions

Cause

Without the correct configuration, decryption could fail. There are several parameters needed for decrypted text coming from our GlideEncrypter methods correctly.

Resolution

We can decrypt text that comes from glideencrypter using java "DESede/ECB/PKCS5Padding" mode and DESede is TripleDes. 

GlideEncrypter return text encoded with Ciphertext in base64 format. 

• KCS5Padding is padding method
• DESede is cipher mode
• ECB is block mode

Please find bellow a 3rd party example of a program in Visual Basic:

Dim MyTripleDESCryptoService As TripleDESCryptoServiceProvider =
New TripleDESCryptoServiceProvider();
MyTripleDESCryptoService.Key = "MysecurityKeyArray";
MyTripleDESCryptoService.Mode = CipherMode.DESede;
MyTripleDESCryptoService.Padding = PaddingMode.PKCS5Padding;

Dim MyCrytpoTransform = MyTripleDESCryptoService.CreateEncryptor()
Dim MyresultArray As Byte() = MyCrytpoTransform.TransformFinalBlock("cEncrypt_TokenKey", 0, cEncrypt_TokenKey.Length)
MyTripleDESCryptoService.Clear()

For more information, please refer to the official documentation of GlideEncrypter API.

Note: As any third-party development, Servicenow does not support custom code