AES encryption between c# and ruby

[Anth]

Having some issues getting this to work, dont know much about
encryption and I think im just doing a silly misstake somewhere. Would
appreciate a pointer or two in the correct direction.

Encrypting "a" in c# using AES 256 bit cbc yields

RZ8NxW9+S1qfzd9VRtzV4sFuHFuXJ3mzBpjwCTzbxJQ=

Whilst in ruby I get: uNL1Ogvi+mQyWGniJRY88g==

Ruby code: http://pastie.org/601527
c# code: http://pastie.org/601526

 

[Brian Candler]

Having some issues getting this to work, dont know much about
encryption and I think im just doing a silly misstake somewhere. Would
appreciate a pointer or two in the correct direction.

Encrypting "a" in c# using AES 256 bit cbc yields

RZ8NxW9+S1qfzd9VRtzV4sFuHFuXJ3mzBpjwCTzbxJQ=

Whilst in ruby I get: uNL1Ogvi+mQyWGniJRY88g==

Ruby code: http://pastie.org/601527
c# code: http://pastie.org/601526

Observe that the first gives 32 bytes (256 bits), while the second gives
16 bytes (128 bits).
=> 16

You should see http://en.wikipedia.org/wiki/Aes256

"AES has a fixed block size of 128 bits and a key size of 128, 192, or
256 bits, whereas Rijndael can be specified with block and key sizes in
any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256
bits."

Your C# code appears to be using Rijndael, presumably with a 256 bit
block size, whereas Openssl is using AES.

Anyway, I can get the same results from both Ruby and the openssl
command line tool, if I modify your Ruby program as follows:

cipher_enc.iv = "\x00" * 16
cipher_enc.key = "\x00" * 32
...
puts output_str.unpack("H*").first

$ echo -n "a" | openssl aes-256-cbc -K 0 -iv 0 | hexdump -C
00000000 b4 a5 e9 8a f6 81 0a 83 bd f5 2b 14 ae 82 2c 37
|..........+...,7|
00000010

This demonstrates you are doing AES encryption properly. But AES with a
256 bit key and a 128 bit block size is not the same as Rijndael with a
256 bit block size.

You may find the AES test vectors on the Wikipedia page helpful too.

HTH,

Brian.

 

[Anth]

Observe that the first gives 32 bytes (256 bits), while the second gives
16 bytes (128 bits).


=> 16

You should seehttp://en.wikipedia.org/wiki/Aes256

"AES has a fixed block size of 128 bits and a key size of 128, 192, or
256 bits, whereas Rijndael can be specified with block and key sizes in
any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256
bits."

Your C# code appears to be using Rijndael, presumably with a 256 bit
block size, whereas Openssl is using AES.

Anyway, I can get the same results from both Ruby and the openssl
command line tool, if I modify your Ruby program as follows:

    cipher_enc.iv = "\x00" * 16
    cipher_enc.key = "\x00" * 32
    ...
    puts output_str.unpack("H*").first

$ echo -n "a" | openssl aes-256-cbc -K 0 -iv 0 | hexdump -C
00000000  b4 a5 e9 8a f6 81 0a 83  bd f5 2b 14 ae 82 2c 37
|..........+...,7|
00000010

This demonstrates you are doing AES encryption properly. But AES with a
256 bit key and a 128 bit block size is not the same as Rijndael with a
256 bit block size.

You may find the AES test vectors on the Wikipedia page helpful too.

HTH,

Brian.

Thanks alot for the clarification. Problem now is that I want the ruby
code to decrypt the c# code (the way the c# code works is the way the
ruby code is supposed to work) but the documentation for this is
horrid, how would I go about decrypting the string I would get from
the c# example (eg rijndael 256 bit blocksize) any idea?

Cheers
David

 

[Brian Candler]

Thanks alot for the clarification. Problem now is that I want the ruby
code to decrypt the c# code (the way the c# code works is the way the
ruby code is supposed to work) but the documentation for this is
horrid, how would I go about decrypting the string I would get from
the c# example (eg rijndael 256 bit blocksize) any idea?

Well, you can google for "ruby rijndael", which turns up for example:
http://crypt.rubyforge.org/rijndael.html

That one's a pure Ruby implementation, so if it works, you'll need to
benchmark if it's fast enough for your purposes.

Or, you could ask on the openssl mailing list whether Rijndael variants
other than the AES-specified ones are available, and if so, how.
(However, my reading of 'man enc' suggests they are not)

Or, you could try to find some external program which implements this
Rijndael variant, and shell out to it from Ruby.

Or, you could query why the C# app is using a non-standard variant of
Rijndael, and suggest that it move to something more standard.

 

[John W Higgins]

[Note: parts of this message were removed to make it a legal post.]

Good Morning,

Having some issues getting this to work, dont know much about
encryption and I think im just doing a silly misstake somewhere. Would
appreciate a pointer or two in the correct direction.

Encrypting "a" in c# using AES 256 bit cbc yields

RZ8NxW9+S1qfzd9VRtzV4sFuHFuXJ3mzBpjwCTzbxJQ=

Whilst in ruby I get: uNL1Ogvi+mQyWGniJRY88g==

Ruby code: http://pastie.org/601527
c# code: http://pastie.org/601526

I would suggest switching your c# code to use AESManaged class which is a
proper implementation of the standard and not the RijndaelManaged class
which is not.

John

 

[Anth]

[Note:  parts of this message were removed to make it a legal post.]

Good Morning,

Having some issues getting this to work, dont know much about
encryption and I think im just doing a silly misstake somewhere. Would
appreciate a pointer or two in the correct direction.

Encrypting "a" in c# using AES 256 bit cbc yields

Whilst in ruby I get: uNL1Ogvi+mQyWGniJRY88g==

Ruby code:http://pastie.org/601527
c# code:http://pastie.org/601526

I would suggest switching your c# code to use AESManaged class which is a
proper implementation of the standard and not the RijndaelManaged class
which is not.

John

Problem is that I have no control over the c# part.
So I am just going to go with c# on my side as well which is a bit
annoying but will save me a lot of time. Thanks guys.

Cheers
David

 

[Brian Candler]

Problem is that I have no control over the c# part.

It's still worth flagging up that using non-standard encryption is
probably going to cause you pain in the future.

For example, hardware crypto accelators may not support it: see
http://lists.soekris.com/pipermail/soekris-tech/2008-December/015328.html