Views:

Issue:
When building a URL with PHP for example, when you try accessing it, you receive the error message,

500 – Internal Server Error
DocuWare.Gapi.Utils.Web.DWIntegrations.EX_INVALID_PASS_PHRASE


Solution:
This issue occurs due to not encrypting the URL correctly.
The following must be considered during the encryption.


The passphrase uses a symmetric encryption algorithm.
Advanced Encryption Standard (AES) in accordance with specification FIPS-197.
Following parameters are used:

  • Block Size = 128 Bits
  • Cipher size = CBC (Cipher Block Chaining)
  • Initialization vector (IV) = 128 bits
  • Key length = 256 bits
  • No salt
  • PKCS7 Padding

Furthermore, Base64 encoding is required two times. Parameters &lc and &q need to be Base64 encoded. 
Afterwards all parameters are encrypted and the result needs to be Base64 encoded again.


The following is a JavaScript example which can be used with the PHP language.


var dwuser = "<USERNAME>";
var dwpass = "<PASSWORD>";
var docid = "6";
var cabinetid = "File Cabinet GUID";

var key = encodeURI("PASSPHRASE");
var passphrase = sha512(key);
var passphraseArray = parseHexString(passphrase);
var encryption_key = createHexString(passphraseArray.splice(0, 8));
var iv = createHexString(passphraseArray.splice(0, 4));

console.log("Passphrase: " + passphrase);
console.log("passphrase array:\n" + passphraseArray);
console.log("Encryption_key: " + encryption_key);
console.log("IV: " + iv);

var loginstring = convertToUrlTokenFormat(window.btoa("User="+dwuser+"\\nPwd="+dwpass));
var searchstring = convertToUrlTokenFormat(window.btoa('[Index Field]='+docid));

var url = "https://server.docuware.cloud/DocuWare/Platform/WebClient/1/Integration";
var encrypturl = "&p=D&lc="+loginstring+"&fc="+cabinetid
encrypturl += "&q="+searchstring+"&dt=Download";
console.log("before encryption\n" + encrypturl);
var ep = encrypt(encrypturl, encryption_key, iv);
console.log("Encypted\n" + ep);
ep = convertToUrlTokenFormat(ep);
console.log("Encrypted in Base64 URL token format\n" + ep);
url += "?&ep=" + ep;

console.log("URL: " + url);

function sha512(str) {
    return (CryptoJS.SHA512(str)).toString(CryptoJS.enc.Hex);
}

function convertToUrlTokenFormat(str) {
    // Count equals for padding
    var padding = (str.split("=").length - 1);
    // Remove equals
    var returnVal = str.replace(/=/g,"");
    // Append padding
    returnVal = returnVal + padding;
    // Change + to - and / to _
    returnVal = returnVal.replace(/\+/g,"-");
    returnVal = returnVal.replace(/\//g,"_");

    return returnVal;


function encrypt(str, key, iv) {
    var cipher = CryptoJS.AES.encrypt(str, CryptoJS.enc.Hex.parse(key), {
        keySize: 256,
        blockSize: 128,
        iv: CryptoJS.enc.Hex.parse(iv),
        padding: CryptoJS.pad.Pkcs7,
        mode: CryptoJS.mode.CBC
    });
    return String(cipher);
}

function parseHexString(str) {
    var result = [];
    while (str.length >= 8) {
        result.push(parseInt(str.substring(0, 8), 16));
        str = str.substring(8, str.length);
    }
    return result;
}

function createHexString(arr) {
    var result = "";
    var z;

    for (var i = 0; i < arr.length; i++) {
        var str = arr[i].toString(16);

        z = 8 - str.length + 1;
        str = Array(z).join("0") + str;

        result += str;
    }

    return result;
}