Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
comp.lang.ruby
OpenSSL decryption problem
Roland Schmitt
10/18/2004 10:18:00 AM
Hello,
i have a problem with decryption with the openssl module of ruby.
I try to decrypt a message which is encrypted by another java program.
I have the initialization vector and the key, and I know that the algorithm is Triple-DES with CBC.
What i try is this:
iv = ...
key = ...
cipher = Cipher.new("DES-EDE3-CBC")
cipher.decrypt(key, iv)
cipher.key = key
out = cipher.update(text)
puts("\n\nResult: " + out)
out << cipher.final()
What i get is an exception "final': bad decrypt (OpenSSL::CipherError)" in the cipher.final() line.
But the output from puts() before the cipher.final() is:
"zó?INý±This is the message number ".
So, there a 8 bytes in front of the cleartext that seem not decrypted, but one byte at the end is missing, e.g. the message number "1".
To me it shows that the key, iv and algorithm is correct, but what i am missing?
Regards,
Roland
________________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt neu bei WEB.DE FreeMail:
http://freemail.web.de/...
1 Answer
Jamis Buck
10/18/2004 3:50:00 PM
0
Roland Schmitt wrote:
> Hello,
>
> i have a problem with decryption with the openssl module of ruby.
> I try to decrypt a message which is encrypted by another java program.
> I have the initialization vector and the key, and I know that the algorithm is Triple-DES with CBC.
> What i try is this:
>
> iv = ...
> key = ...
> cipher = Cipher.new("DES-EDE3-CBC")
> cipher.decrypt(key, iv)
> cipher.key = key
>
> out = cipher.update(text)
>
> puts("\n\nResult: " + out)
>
> out << cipher.final()
>
> What i get is an exception "final': bad decrypt (OpenSSL::CipherError)" in the cipher.final() line.
> But the output from puts() before the cipher.final() is:
>
> "zó?INý±This is the message number ".
>
> So, there a 8 bytes in front of the cleartext that seem not decrypted, but one byte at the end is missing, e.g. the message number "1".
>
> To me it shows that the key, iv and algorithm is correct, but what i am missing?
Well, first of all: I'm no OpenSSL guru. So if I say anything stupid or
ignorant, you know why. (Hopefully, if I say anything stupid or ignorant
enough, we can tease the real OpenSSL guru's into the open.)
Second, when I use encrypt/decrypt, I invoke them without any
parameters, and then set both the iv and key explicitly:
cipher.decrypt
cipher.iv = iv
cipher.key = key
Don't know if that makes any difference at all.
Is there any chance you could post an example (complete with iv, key,
and encrypted text) that one could use to duplicate the error? I'd be
happy to hack on it to see if I can help figure out what's going on, but
I can't get an example that gives the same error. Naturally, I don't
want you to compromise your own security, but if you can give use some
bogus iv and key to generate the encrypted text in your Java app, that
would be great.
- Jamis
--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck...
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
OpenSSL decryption problem
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password