H
Hal Vaughan
I've been using Crypt::CBC in Perl on Linux, Debian Sarge, for about 4 years
or so and I haven't had a problem. My Perl script has to output data that
is later read in by a Java program. The Java program is on a number of
different computers for friends and other people I work with and updating
the Java program would be a nightmare, so I want to be sure any changes I
make to fix this problem do not require me to change things on the Java end
of the situation.
I just recently had to upgrade my system from Debian Sarge to Etch, or, more
accurately, the system drive crashed and I decided I might as well put Etch
on the new one (since Lenny is expected out soon anyway). Etch uses
Crypt::CBC version 2.22. I don't remember what version was being used
previously.
Also, I am NOT a crypto person. When I set this up, I had to go over a lot
of examples and do a fair amount of testing and basically used what I could
easily get to work with the Perl and Java programs sending data back and
forth to each other. I've had a particularly hard time grasping
cryptography issues for some reason.
Here's the problem: My code that used to work doesn't and here's the
offending line:
$cipher = Crypt::CBC->new( { 'key' => $pw, 'iv' => $vector,
'prepend_iv' => 0, 'cipher' => 'Blowfish',
'regenerate_key' => 0 , 'padding' => 'standard'} );
Now when the interpreter gets here, I get this error message:
If specified by -literal_key, then the key length must be equal to the
chosen cipher's key length of 56 bytes at threshPerl/Encryption.pm line 82
I wasn't using literal_key and I put in:
'literal_key' => 0
Then ran it and finally figured out from the error that using
the 'regenerate_key' as false forced literal_key to be true, since the two
apparently have to match.
The passwords I am currently using are 8 bytes, or 64 characters and
changing them would be as much of a pain right now as updating the Java
program. Here's the code I use on the Java end for decrypting this same
data:
byte[] bDecrypted;
String cryptoKey, cryptoVector;
....
try {
SecretKeySpec oKey = new
SecretKeySpec(cryptoKey.getBytes("UTF8"), "Blowfish");
IvParameterSpec oIV = new
IvParameterSpec(cryptoVector.getBytes("UTF8"));
Cipher oCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
oCipher.init(Cipher.DECRYPT_MODE, oKey, oIV );
bDecrypted = oCipher.doFinal(bCrypto);
} catch (Exception e) {
// do error stuff, details don't matter here
}
What I'd like to be able to do is fix this one line of Perl code so I can
continue using the passwords and vectors I'm using (both 8 bytes, or 64
bits) and not have to change the Java code to get it to receive the data.
Also, I'm figuring I'm going to have the same problem with incoming data as
well, but I would expect the solution in that case to be almost the same.
Is there a way I can change this one line of code without having to change
anything on the Java end and still be able to use my current passwords?:
$cipher = Crypt::CBC->new( { 'key' => $pw, 'iv' => $vector,
'prepend_iv' => 0, 'cipher' => 'Blowfish',
'regenerate_key' => 0 , 'padding' => 'standard'} );
I know I should replace regenerate_key with literal_key, but is the actual
difference between using the literal key and and a hash? I take it if I
use the hash, then the Java program on the other end will not be able to
decode with the same password -- that it would need the hashed form of it.
Is that right?
Thanks for any help and insight on this!
Hal
or so and I haven't had a problem. My Perl script has to output data that
is later read in by a Java program. The Java program is on a number of
different computers for friends and other people I work with and updating
the Java program would be a nightmare, so I want to be sure any changes I
make to fix this problem do not require me to change things on the Java end
of the situation.
I just recently had to upgrade my system from Debian Sarge to Etch, or, more
accurately, the system drive crashed and I decided I might as well put Etch
on the new one (since Lenny is expected out soon anyway). Etch uses
Crypt::CBC version 2.22. I don't remember what version was being used
previously.
Also, I am NOT a crypto person. When I set this up, I had to go over a lot
of examples and do a fair amount of testing and basically used what I could
easily get to work with the Perl and Java programs sending data back and
forth to each other. I've had a particularly hard time grasping
cryptography issues for some reason.
Here's the problem: My code that used to work doesn't and here's the
offending line:
$cipher = Crypt::CBC->new( { 'key' => $pw, 'iv' => $vector,
'prepend_iv' => 0, 'cipher' => 'Blowfish',
'regenerate_key' => 0 , 'padding' => 'standard'} );
Now when the interpreter gets here, I get this error message:
If specified by -literal_key, then the key length must be equal to the
chosen cipher's key length of 56 bytes at threshPerl/Encryption.pm line 82
I wasn't using literal_key and I put in:
'literal_key' => 0
Then ran it and finally figured out from the error that using
the 'regenerate_key' as false forced literal_key to be true, since the two
apparently have to match.
The passwords I am currently using are 8 bytes, or 64 characters and
changing them would be as much of a pain right now as updating the Java
program. Here's the code I use on the Java end for decrypting this same
data:
byte[] bDecrypted;
String cryptoKey, cryptoVector;
....
try {
SecretKeySpec oKey = new
SecretKeySpec(cryptoKey.getBytes("UTF8"), "Blowfish");
IvParameterSpec oIV = new
IvParameterSpec(cryptoVector.getBytes("UTF8"));
Cipher oCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
oCipher.init(Cipher.DECRYPT_MODE, oKey, oIV );
bDecrypted = oCipher.doFinal(bCrypto);
} catch (Exception e) {
// do error stuff, details don't matter here
}
What I'd like to be able to do is fix this one line of Perl code so I can
continue using the passwords and vectors I'm using (both 8 bytes, or 64
bits) and not have to change the Java code to get it to receive the data.
Also, I'm figuring I'm going to have the same problem with incoming data as
well, but I would expect the solution in that case to be almost the same.
Is there a way I can change this one line of code without having to change
anything on the Java end and still be able to use my current passwords?:
$cipher = Crypt::CBC->new( { 'key' => $pw, 'iv' => $vector,
'prepend_iv' => 0, 'cipher' => 'Blowfish',
'regenerate_key' => 0 , 'padding' => 'standard'} );
I know I should replace regenerate_key with literal_key, but is the actual
difference between using the literal key and and a hash? I take it if I
use the hash, then the Java program on the other end will not be able to
decode with the same password -- that it would need the hashed form of it.
Is that right?
Thanks for any help and insight on this!
Hal