AW: How do I (really) encrypt a string in ruby?

R

Roland Schmitt

Hello,=20
-----Urspr=FCngliche Nachricht-----
Von: (e-mail address removed)=20
[mailto:[email protected]] Im Auftrag von Michal Suchanek
Gesendet: Dienstag, 27. September 2005 13:09
An: ruby-talk ML
Betreff: How do I (really) encrypt a string in ruby?
=20
Hello
=20
I find the ruby crypto very confusing. It looks like the=20
methods are dynamically generated, and carry no rdoc=20
documentation that would appear on ruby-doc.
Yes, it is a sad, sad story...=20

I tried to look at the openssl samples supplied with ruby.
But they only show how to use a high level method which
...

Example:

require "openssl"
include OpenSSL
include Cipher

cipher =3D Cipher.new("AES-256-CBC")

key =3D cipher.random_key()
iv =3D cipher.random_iv()


#---- Encrypt
text =3D "Hello, World!"
cipher.encrypt(key,iv)
cipher.key=3Dkey
cipher.iv =3D iv
e =3D cipher.update(text)
e << cipher.final()

puts("Encrypted text: " + e.to_s())

#---- Decrypt
cipher =3D Cipher.new("AES-256-CBC")
cipher.decrypt(key,iv)
cipher.key =3D key
cipher.iv =3D iv
d =3D cipher.update(e)
d << cipher.final()

puts("Plain text: " + d.to_s())


Hope it helps,
Roland
 
B

Bill Kelly

From: "Michal Suchanek said:
However, encrypting 2.0M file gives 2.1M file.
Since doing encryption in C makes 2.0M ciphertext from 2.0M plaintext,
and it is also possible to decrypt the 2.0M ciphertext to the original
plaintext, something is rotten here.

Any chance you're using Windows? Maybe it's a "text mode" vs. "binary mode"
problem? (LF -> CRLF in the output)

If you're on Windows, try:

STDIN.binmode
STDOUT.binmode

at the top of your script?


HTH,

Bill
 
N

NAKAMURA, Hiroshi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Michal said:
However, encrypting 2.0M file gives 2.1M file.

It may be caused by PKCS#5 padding.
Since doing encryption in C makes 2.0M ciphertext from 2.0M plaintext,
and it is also possible to decrypt the 2.0M ciphertext to the original
plaintext, something is rotten here.

Am I missing something?

require "openssl"

CHLEN = 256
KBITS = 256
KLEN = 32
IVLEN = 16 # God knows why

AES is a 128 bits (16 bytes) block cipher.
f=File.open("testkey");
key=f.read(KLEN)
f.close
f=File.open("testiv")
iv=f.read(IVLEN)
f.close
while (chunk=STDIN.read(CHLEN))
cipher=OpenSSL::Cipher::Cipher.new("AES-256-CBC")
cipher.encrypt(key,iv)
cipher.key=key
cipher.iv=iv
STDOUT << cipher.update(chunk)
STDOUT << cipher.final()
end

This block should be:

cipher=OpenSSL::Cipher::Cipher.new("AES-256-CBC")
cipher.encrypt(key,iv)
cipher.padding=0 # avoid PKCS#5 padding
cipher.key=key
cipher.iv=iv
ciphertext = []
while (chunk=STDIN.read(CHLEN))
ciphertext << cipher.update(chunk)
end
ciphertext << cipher.final() rescue nil # no need to call final if
padding = 0
print ciphertext.join

Regards,
// NaHi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)

iD8DBQFDOegcf6b33ts2dPkRAul3AKCZStaQkGlmrPmWdNtDtlz5hTWr+wCgkxTg
YNdIRFCn/OZ7KB4zFcBYMRA=
=OSin
-----END PGP SIGNATURE-----
 
X

x1

:- )

Absolutely Excellent!!

You sir, are the man!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Michal said:
However, encrypting 2.0M file gives 2.1M file.

It may be caused by PKCS#5 padding.
Since doing encryption in C makes 2.0M ciphertext from 2.0M plaintext,
and it is also possible to decrypt the 2.0M ciphertext to the original
plaintext, something is rotten here.

Am I missing something?

require "openssl"

CHLEN =3D 256
KBITS =3D 256
KLEN =3D 32
IVLEN =3D 16 # God knows why

AES is a 128 bits (16 bytes) block cipher.
f=3DFile.open("testkey");
key=3Df.read(KLEN)
f.close
f=3DFile.open("testiv")
iv=3Df.read(IVLEN)
f.close
while (chunk=3DSTDIN.read(CHLEN))
cipher=3DOpenSSL::Cipher::Cipher.new("AES-256-CBC")
cipher.encrypt(key,iv)
cipher.key=3Dkey
cipher.iv=3Div
STDOUT << cipher.update(chunk)
STDOUT << cipher.final()
end

This block should be:

cipher=3DOpenSSL::Cipher::Cipher.new("AES-256-CBC")
cipher.encrypt(key,iv)
cipher.padding=3D0 # avoid PKCS#5 padding
cipher.key=3Dkey
cipher.iv=3Div
ciphertext =3D []
while (chunk=3DSTDIN.read(CHLEN))
ciphertext << cipher.update(chunk)
end
ciphertext << cipher.final() rescue nil # no need to call final if
padding =3D 0
print ciphertext.join

Regards,
// NaHi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)

iD8DBQFDOegcf6b33ts2dPkRAul3AKCZStaQkGlmrPmWdNtDtlz5hTWr+wCgkxTg
YNdIRFCn/OZ7KB4zFcBYMRA=3D
=3DOSin
-----END PGP SIGNATURE-----
 
N

NAKAMURA, Hiroshi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Michal said:
But I really want to encrypt (and decrypt) the blocks separately.

Oops.

cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
cipher.padding = 0
cipher.key = key
cipher.iv = iv
while (chunk = STDIN.read(CHLEN))
cipher.encrypt
STDOUT << cipher.update(chunk)
end

Regards,
// NaHi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)

iD8DBQFDOmzuf6b33ts2dPkRAudiAJ40o79ofWt/eSfP8twd6vdXYWkQBgCgtKXS
/S9V35M1a8WmHVyU+iUSfRM=
=M3oe
-----END PGP SIGNATURE-----
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
474,170
Messages
2,570,925
Members
47,467
Latest member
EmelyPogue

Latest Threads

Top