Behavior:
When building a URL with PHP for example, you receive the error message when trying to access it:
500 – Internal Server Error
DocuWare.Gapi.Utils.Web.DWIntegrations.EX_INVALID_PASS_PHRASE
Solution:
This issue occurs due to not encrypting the URL correctly. The following must be considered during the encryption:
The passphrase uses a symmetric encryption algorithm. Advanced Encryption Standard (AES) in accordance with specification FIPS-197.
The following parameters are used:
- Block Size = 128 Bits
- Cipher size = CBC (Cipher Block Chaining)
- Initialization vector (IV) = 128 bits
- Key length = 256 bits
- No salt
- PKCS7 Padding
Base64 encoding is required two times. Parameters &lc and &q need to be Base64 encoded. Afterward, all parameters are encrypted, and the result needs to be Base64 encoded again.
The following is a JavaScript example that can be used with the PHP language:
var dwuser = "<USERNAME>";
var dwpass = "<PASSWORD>";
var docid = "6";
var cabinetid = "File Cabinet GUID";
var key = encodeURI("PASSPHRASE");
var passphrase = sha512(key);
var passphraseArray = parseHexString(passphrase);
var encryption_key = createHexString(passphraseArray.splice(0, 8));
var iv = createHexString(passphraseArray.splice(0, 4));
console.log("Passphrase: " + passphrase);
console.log("passphrase array:\n" + passphraseArray);
console.log("Encryption_key: " + encryption_key);
console.log("IV: " + iv);
var loginstring = convertToUrlTokenFormat(window.btoa("User="+dwuser+"\\nPwd="+dwpass));
var searchstring = convertToUrlTokenFormat(window.btoa('[Index Field]='+docid));
var url = "https://server.docuware.cloud/DocuWare/Platform/WebClient/1/Integration";
var encrypturl = "&p=V&lc="+loginstring+"&fc="+cabinetid
encrypturl += "&q="+searchstring+"&dt=Download";
console.log("before encryption\n" + encrypturl);
var ep = encrypt(encrypturl, encryption_key, iv);
console.log("Encypted\n" + ep);
ep = convertToUrlTokenFormat(ep);
console.log("Encrypted in Base64 URL token format\n" + ep);
url += "?&ep=" + ep;
console.log("URL: " + url);
function sha512(str) {
return (CryptoJS.SHA512(str)).toString(CryptoJS.enc.Hex);
}
function convertToUrlTokenFormat(str) {
// Count equals for padding
var padding = (str.split("=").length - 1);
// Remove equals
var returnVal = str.replace(/=/g,"");
// Append padding
returnVal = returnVal + padding;
// Change + to - and / to _
returnVal = returnVal.replace(/\+/g,"-");
returnVal = returnVal.replace(/\//g,"_");
return returnVal;
}
function encrypt(str, key, iv) {
var cipher = CryptoJS.AES.encrypt(str, CryptoJS.enc.Hex.parse(key), {
keySize: 256,
blockSize: 128,
iv: CryptoJS.enc.Hex.parse(iv),
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
});
return String(cipher);
}
function parseHexString(str) {
var result = [];
while (str.length >= 8) {
result.push(parseInt(str.substring(0, 8), 16));
str = str.substring(8, str.length);
}
return result;
}
function createHexString(arr) {
var result = "";
var z;
for (var i = 0; i < arr.length; i++) {
var str = arr[i].toString(16);
z = 8 - str.length + 1;
str = Array(z).join("0") + str;
result += str;
}
return result;
}
KBA applicable for both Cloud & On-premise Organizations.
