openssl ciphers - revisited

Discussion in 'Ruby' started by Terry, May 28, 2004.

  1. Terry

    Terry Guest

    After extensive searching I found only two examples of using openssl
    ciphers; both on this list. (The "OpenSSL for Ruby" home page is, IMHO,
    nearly worthless as a source of info.) The lack of available documentation
    for Ruby and related projects is very frustrating; even ruby-doc.org wasn't
    much help. But, I'm still here :)

    One of the two examples I found works, the other does not (using Ruby
    v1.8.0):

    ~~~~~ script start ~~~~~
    require 'openssl'

    myText = 'myTestString'
    myKey = 'myPassword'

    cipher = OpenSSL::Cipher::Cipher.new("DES")
    cipher.encrypt( myKey )
    result = cipher.update( myText )
    result << cipher.final

    puts "Encrypted \"#{myText}\" with \"#{myKey}\" to:\n\"#{result}\"\n"

    cipher.decrypt( myKey )
    result2 = cipher.update( result )
    result2 << cipher.final

    puts "Decrypted \"#{result}\" with \"#{myKey}\" to:\n\"#{result2}\"\n\n"
    ~~~~~ script end ~~~~~

    produces:

    ~~~~~
    Encrypted "myTestString" with "myPassword" to:
    "ä{
    1ÿ¯¿É8e[ú¯"
    Decrypted "ä{
    1ÿ¯¿É8e[ú¯" with "myPassword" to:
    "myTestString"
    ~~~~~

    while:

    ~~~~~ script start ~~~~~
    require 'openssl'

    myText = 'myTestString'
    myKey = 'myPassword'

    cipher = OpenSSL::Cipher::Cipher.new("DES")
    cipher.key = myKey
    cipher.encrypt(myText)
    result = cipher.final

    puts "Encrypted \"#{myText}\" with \"#{myKey}\" to:\n\"#{result}\"\n"

    cipher.decrypt( result )
    result2 = cipher.final

    puts "Decrypted \"#{result}\" with \"#{myKey}\" to:\n\"#{result2}\"\n\n"
    ~~~~~ script end ~~~~~

    produces:

    ~~~~~
    Encrypted "myTestString" with "myPassword" to:
    "7kCvDäï"
    ../cryptest.rb:14:in `final': wrong final block length (OpenSSL::CipherError)
    from ./cryptest.rb:14
    ~~~~~

    The above leads me to two questions:

    1) Could and would someone please tell me why one works and the other does
    not? Or at least point me to a reference doc so that I can figure it out
    for myself?

    2) Could and would someone please tell me what ciphers, other than DES, are
    available with the "OpenSSL for Ruby" project? Or at least point me to a
    reference doc? [The ChangeLog says all openssl ciphers have been added,
    and according to the openssl-0.9.7a README, Blowfish should be available,
    but attempting to initialize 'cipher' with #.new("Blowfish") produced
    "Unsupported cipher algorithm (Blowfish)"; trying #.new("BLOWFISH")
    produces "Unsupported cipher algorithm (BLOWFISH)"; and, oh look at that
    "blowfish" works ... uhhh ... sort of ...]

    3) Using Blowfish, the second script is still problematic changing its
    error to:

    ~~~~~
    ../cryptest.rb:7:in `key=': key length too short: (OpenSSL::CipherError)
    from ./cryptest.rb:7
    ~~~~~

    This brings me back to question #1.

    TIA,
    Terry
     
    Terry, May 28, 2004
    #1
    1. Advertising

  2. il Thu, 27 May 2004 23:48:16 GMT, Terry <<
    [remove.me]>> ha scritto::

    >After extensive searching I found only two examples of using openssl
    >ciphers; both on this list. (The "OpenSSL for Ruby" home page is, IMHO,
    >nearly worthless as a source of info.) The lack of available documentation
    >for Ruby and related projects is very frustrating; even ruby-doc.org wasn't
    >much help. But, I'm still here :)


    some more samples:
    http://savannah.nongnu.org/cgi-bin/viewcvs/rubypki/ossl2/examples/
    and
    http://ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/sample/openssl/
    and there are the unit tests:
    http://ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/test/openssl/utils.rb?rev=1.2

    HTH
     
    gabriele renzi, May 28, 2004
    #2
    1. Advertising

  3. Terry

    GOTOU Yuuzou Guest

    Hi,

    In message <>,
    `"Terry <" < [remove.me]>' wrote:
    > 1) Could and would someone please tell me why one works and the other does
    > not? Or at least point me to a reference doc so that I can figure it out
    > for myself?


    Cipher#encrypt and Cipher#decrypt take two arguments,
    passphrase and salt. The actual key is generated from these
    parameters. On the other hand Cipher#key= sets actual key to
    the cipher module directly.

    # I checked code and found that Cipher#encrypt doesdn't set IV;-)
    # In addition, the number of rouunds in key derivation is too small
    # than requirement of PKCS #5 spec. I think it should be refactored.

    require 'openssl'

    myText = "myTestString"
    myKey = "0123456789abcdef"
    myIV = "01234567"

    cipher = OpenSSL::Cipher::Cipher.new("BF-CBC")
    cipher.encrypt
    p [cipher.key_len, cipher.iv_len]

    cipher.key = myKey
    cipher.iv = myIV
    result = ""
    result << cipher.update(myText)
    result << cipher.final
    puts "Encrypted %p with %p to:\n%p\n" % [myText, myKey, result]

    cipher.decrypt
    cipher.key = myKey
    result2 = ""
    result2 << cipher.update(result)
    result2 << cipher.final
    puts "Decrypted %p with %p to:\n%p\n" % [result, myKey, result2]

    > 2) Could and would someone please tell me what ciphers, other than DES, are
    > available with the "OpenSSL for Ruby" project? Or at least point me to a
    > reference doc?


    Cipher.new() takes all cipher names defined by OpenSSL
    library. It seems not documented, but we can get it from the
    source code.
    ("BF-ECB", "BF-CBC", "BF-CFB" and "BF-OFB" are defiend in
    openssl-0.9.7d/crypto/objects/obj_dat.h, "blowfish" and "bf"
    are defeind in openssl-0.9.7d/crypto/evp/c_allc.c).

    > 3) Using Blowfish, the second script is still problematic changing its
    > error to:
    >
    > ~~~~~
    > ../cryptest.rb:7:in `key=': key length too short: (OpenSSL::CipherError)
    > from ./cryptest.rb:7


    Each cipher requires a key of enough length. Cipher#key_len
    returns it. (Cipher#iv_len returns the length of
    initialization vector (IV) for CBC, CFB and OFB mode ciphers.)

    regards,

    --
    gotoyuzo
     
    GOTOU Yuuzou, May 30, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Luc The Perverse

    Java Source For Asymmetric Key Ciphers

    Luc The Perverse, Jan 16, 2006, in forum: Java
    Replies:
    54
    Views:
    2,073
    WhatIThink
    Feb 8, 2011
  2. mattpryor
    Replies:
    0
    Views:
    1,527
    mattpryor
    Apr 28, 2006
  3. Jamis Buck

    openssl ciphers

    Jamis Buck, Apr 13, 2004, in forum: Ruby
    Replies:
    6
    Views:
    254
    Vance Heron
    Apr 16, 2004
  4. Redd Vinylene
    Replies:
    6
    Views:
    306
    Jakub Pawlowicz
    Nov 18, 2008
  5. Replies:
    0
    Views:
    327
Loading...

Share This Page