openssl ciphers - revisited

[Terry]

After extensive searching I found only two examples of using openssl
ciphers; both on this list. (The "OpenSSL for Ruby" home page is, IMHO,
nearly worthless as a source of info.) The lack of available documentation
for Ruby and related projects is very frustrating; even ruby-doc.org wasn't
much help. But, I'm still here

One of the two examples I found works, the other does not (using Ruby
v1.8.0):

~~~~~ script start ~~~~~
require 'openssl'

myText = 'myTestString'
myKey = 'myPassword'

cipher = OpenSSL::Cipher::Cipher.new("DES")
cipher.encrypt( myKey )
result = cipher.update( myText )
result << cipher.final

puts "Encrypted \"#{myText}\" with \"#{myKey}\" to:\n\"#{result}\"\n"

cipher.decrypt( myKey )
result2 = cipher.update( result )
result2 << cipher.final

puts "Decrypted \"#{result}\" with \"#{myKey}\" to:\n\"#{result2}\"\n\n"
~~~~~ script end ~~~~~

produces:

~~~~~
Encrypted "myTestString" with "myPassword" to:
"ä{
1ÿ¯¿É8e[ú¯"
Decrypted "ä{
1ÿ¯¿É8e[ú¯" with "myPassword" to:
"myTestString"
~~~~~

while:

~~~~~ script start ~~~~~
require 'openssl'

myText = 'myTestString'
myKey = 'myPassword'

cipher = OpenSSL::Cipher::Cipher.new("DES")
cipher.key = myKey
cipher.encrypt(myText)
result = cipher.final

puts "Encrypted \"#{myText}\" with \"#{myKey}\" to:\n\"#{result}\"\n"

cipher.decrypt( result )
result2 = cipher.final

puts "Decrypted \"#{result}\" with \"#{myKey}\" to:\n\"#{result2}\"\n\n"
~~~~~ script end ~~~~~

produces:

~~~~~
Encrypted "myTestString" with "myPassword" to:
"7kCvDäï"
../cryptest.rb:14:in `final': wrong final block length (OpenSSL::CipherError)
from ./cryptest.rb:14
~~~~~

The above leads me to two questions:

1) Could and would someone please tell me why one works and the other does
not? Or at least point me to a reference doc so that I can figure it out
for myself?

2) Could and would someone please tell me what ciphers, other than DES, are
available with the "OpenSSL for Ruby" project? Or at least point me to a
reference doc? [The ChangeLog says all openssl ciphers have been added,
and according to the openssl-0.9.7a README, Blowfish should be available,
but attempting to initialize 'cipher' with #.new("Blowfish") produced
"Unsupported cipher algorithm (Blowfish)"; trying #.new("BLOWFISH")
produces "Unsupported cipher algorithm (BLOWFISH)"; and, oh look at that
"blowfish" works ... uhhh ... sort of ...]

3) Using Blowfish, the second script is still problematic changing its
error to:

~~~~~
../cryptest.rb:7:in `key=': key length too short: (OpenSSL::CipherError)
from ./cryptest.rb:7
~~~~~

This brings me back to question #1.

TIA,
Terry

 

[gabriele renzi]

il Thu, 27 May 2004 23:48:16 GMT, Terry <<[email protected]
[remove.me]>> ha scritto::

After extensive searching I found only two examples of using openssl
ciphers; both on this list. (The "OpenSSL for Ruby" home page is, IMHO,
nearly worthless as a source of info.) The lack of available documentation
for Ruby and related projects is very frustrating; even ruby-doc.org wasn't
much help. But, I'm still here

some more samples:
http://savannah.nongnu.org/cgi-bin/viewcvs/rubypki/ossl2/examples/
and
http://ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/sample/openssl/
and there are the unit tests:
http://ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/test/openssl/utils.rb?rev=1.2

HTH

 

[GOTOU Yuuzou]

Hi,

1) Could and would someone please tell me why one works and the other does
not? Or at least point me to a reference doc so that I can figure it out
for myself?

Cipher#encrypt and Cipher#decrypt take two arguments,
passphrase and salt. The actual key is generated from these
parameters. On the other hand Cipher#key= sets actual key to
the cipher module directly.

# I checked code and found that Cipher#encrypt doesdn't set IV;-)
# In addition, the number of rouunds in key derivation is too small
# than requirement of PKCS #5 spec. I think it should be refactored.

require 'openssl'

myText = "myTestString"
myKey = "0123456789abcdef"
myIV = "01234567"

cipher = OpenSSL::Cipher::Cipher.new("BF-CBC")
cipher.encrypt
p [cipher.key_len, cipher.iv_len]

cipher.key = myKey
cipher.iv = myIV
result = ""
result << cipher.update(myText)
result << cipher.final
puts "Encrypted %p with %p to:\n%p\n" % [myText, myKey, result]

cipher.decrypt
cipher.key = myKey
result2 = ""
result2 << cipher.update(result)
result2 << cipher.final
puts "Decrypted %p with %p to:\n%p\n" % [result, myKey, result2]

2) Could and would someone please tell me what ciphers, other than DES, are
available with the "OpenSSL for Ruby" project? Or at least point me to a
reference doc?

Cipher.new() takes all cipher names defined by OpenSSL
library. It seems not documented, but we can get it from the
source code.
("BF-ECB", "BF-CBC", "BF-CFB" and "BF-OFB" are defiend in
openssl-0.9.7d/crypto/objects/obj_dat.h, "blowfish" and "bf"
are defeind in openssl-0.9.7d/crypto/evp/c_allc.c).

3) Using Blowfish, the second script is still problematic changing its
error to:

~~~~~
../cryptest.rb:7:in `key=': key length too short: (OpenSSL::CipherError)
from ./cryptest.rb:7

Each cipher requires a key of enough length. Cipher#key_len
returns it. (Cipher#iv_len returns the length of
initialization vector (IV) for CBC, CFB and OFB mode ciphers.)

regards,