Hi @Dino-at-Google,

Thanks for your reply. I have waited 2 days for getting the IV and Mode details from source team. BUt the source team is not aware of (IV) and Mode details as they have used inbuilt dot net framework for encrypting the logic.

Also below is the code they have used for decryption in dot net.

<machineKey decryption="AES" decryptionKey="DD224C8CCE734DD586D439457DB95794015D99C099719B4A" validation="HMACSHA256" validationKey="8A447A79362030107D94B91F52F9B9A3CFFE2F5A5A38C43225874F9B8B48A3FC4B3AA6AF35161F90FA3F0600F85CCE82A9F39AB85B5EB9F1CF44761875CB00D6" compatibilityMode="Framework20SP1" />

Now the requirement is to do the decryption in apigee.

So can you please guide me how to proceed further.

Header content to be decrypted: 8854AC7E7DD95A319F2E55DC1900BAF4D36EF04B6E203736CE0939021877997F17C774D40569624BE9C2043B305BFC51897CAE23CF77ACDBFDA950F94FC9846E5117B71FE99DA5592D2E9B1C0E39857C22F582DE476CF10276F45F811BF2299765868B49C9E1D837C647AF270120AF3BBE874905A4E59660666A7E3A57F2455FA877B88915364BC7AD569F240E4A71C3

That snip appears to be configuration from a web.config file for ASP.NET.

It tells .NET how to encrypt cookies. These cookies are then sent to clients, which hang on to them... and eventually replay them back to the ASP.NET server when the client reconnects. Encrypted cookies- the way ASP.NET asks clients to hang on to some state and present it back later.

Why would you want to use Apigee to decrypt that?

What are you really trying to accomplish?

I looked into the documentation for the machineKey section, and Microsoft does not document the mode nor the IV. Therefore we'd have to guess. We can guess the IV is an array of 16 zeros. (Not always but it's commonly used).

That leaves the mode; we'd have to guess that too. We could try various modes, but there's no way to validate that the decryption is correct. Using different modes, we'll get different cleartext byte arrays, and ... how do we know which is the correct one?

the cleartext is unencrypted, but it's encoded. Maybe it's .NET binary serialization, maybe something else. I don't know. But now you have to try to decode it.

Lots of reverse engineering.

If that doesn't work we'd want to look at the ASP.NET code (it's open source) to find what it uses for these parameters.

so I guess it would be possible with a lot of effort.

But I can't think of any good reasons to want to decrypt cookies produced by ASP.NET. Unless you're trying to subvert ASP.NET security.

What is your reason?

Hi @Dino-at-Google,

Actually the use case is, earlier they have used dot net for decryption of the cookie value, now it is getting replaced with APIGEE. So all the traffic from the client app's will pass through apigee hence apigee should be able to decrypt the cookie value and extract the content in the cookie value i.e it has associate ID. and then apigee should send this associate ID to the backend system.

Please guide me how to proceed on this.I am not at all of aware of Dot NET coding and the other teammates doesn't understand APIGEE.

So, your the hope for me to complete this.

Let me know if i need to get more details on this for you.

@Dino-at-google,

I am trying to upload the proxy from the given url https://github.com/DinoChiesa/ApigeeEdge-CustomPolicy-AesCrypto but it is not importing.. can you please help me providing the jar file so that i can try using java callout policy if this works.

Note: we are using on-prem apigee instance