openssl ciphers

[Jamis Buck]

This is just an update on my last message. I managed to figure out how
to use the OpenSSL ciphers to do the encryption/decryption--took a
little doing, but once I figured it out it was almost ridiculously easy.
For future reference, here's how you do it:

require 'openssl'
require 'base64'

cipher = OpenSSL::Cipher:ES.new

password = "hullabaloo"
cipher.encrypt( password )
result = cipher.update( "some text to encrypt" )
result << cipher.final

puts encode64( result )

cipher.decrypt( password )
result = cipher.update( result )
result << cipher.final

puts result

If anyone has any suggestions for doing it better, please let me know.

--
Jamis Buck
(e-mail address removed)
http://www.jamisbuck.org/jamis

ruby -h | ruby -e
'a=[];readlines.join.scan(/-(.)\[e|Kk(\S*)|le.l(..)e|#!(\S*)/) {|r| a <<
r.compact.first };puts "\n>#{a.join(%q/ /)}<\n\n"'

 

[NAKAMURA, Hiroshi]

Hi,

From: "Jamis Buck" <[email protected]>
Sent: Wednesday, April 14, 2004 1:02 AM

If anyone has any suggestions for doing it better, please let me know.

There seems nothing wrong with your sample.
Recent ruby has similar sample at sample/openssl/cipher.rb.

And here is a fxruby GUI sample.
http://rrr.jin.gr.jp/dav/NaHi/pkey_view.rb
http://rrr.jin.gr.jp/dav/NaHi/skey_view.rb

Regards,
// NaHi

 

[Vance Heron]

Hello,
I'm a relatively new user, trying to build an app that
will do an NTLM authentication over HTTP.

Part of the algorithm involves DES encrypting the
string "KGS!@#$%" using a key consisting of the
following bytes:
"0x52 0xa2 0x51 0x6b 0x25 0x2a 0x51 0x61"

In the example, the encrypted text is supposed to be:
"0xff 0x37 0x50 0xbc 0xc2 0xb2 0x24 0x12"

but when using openssl in ruby I get
"0xc7 0x17 0x53 0x90 0x28 0x9e 0xa1 0xe3
0x04 0xa4 0xbe 0x0b 0x1a 0xb8 0xf6 0x29"

which is twice a long, in addition to being
different from what's expected.

Here's the ruby code segment I'm using...
des = OpenSSL::Cipher::Cipher.new("DES")
des.encrypt( key1 )
res1 = des.update( magic )
res1 << des.final

Instantiating des with
des = OpenSSL::Cipher:ES.new gives the same
undesired result

Using DES-ECB gives a different answer, also not the
expected/desired one.

It works in C with the following code ...

/* encrypt magic w/DES using Key 1 */
des_set_key_checked((const_des_cblock *)key1, sked);
des_ecb_encrypt((const_des_cblock *) magic, \
(const_des_cblock *)lmhash, sked, 1);

Any thoughts or help would be appreciated.

Thank You,
Vance
(e-mail address removed)

 

[ts]

V> Here's the ruby code segment I'm using...
V> des = OpenSSL::Cipher::Cipher.new("DES")
V> des.encrypt( key1 )
V> res1 = des.update( magic )
V> res1 << des.final

Well, probably I've not understood but you don't want this ?

des = OpenSSL::Cipher::Cipher.new("DES-ECB")
des.key = key1
des.encrypt(magic)
p des.final


Guy Decoux

 

[Sam Roberts]

Hello,
I'm a relatively new user, trying to build an app that
will do an NTLM authentication over HTTP.

Part of the algorithm involves DES encrypting the
string "KGS!@#$%" using a key consisting of the
following bytes:
"0x52 0xa2 0x51 0x6b 0x25 0x2a 0x51 0x61"

In the example, the encrypted text is supposed to be:
"0xff 0x37 0x50 0xbc 0xc2 0xb2 0x24 0x12"

but when using openssl in ruby I get
"0xc7 0x17 0x53 0x90 0x28 0x9e 0xa1 0xe3
0x04 0xa4 0xbe 0x0b 0x1a 0xb8 0xf6 0x29"

which is twice a long, in addition to being
different from what's expected.

If its an extra block long, is it possible the APIs you use accept
variable length input, and implement a padding algorithm (thus an extra
block)? And that they default to CBC, which requires an IV (thus the
different first block)?

The ruby calls below have a "final", the purpose of which is usually to
add padding.

Cheers,
Sam

 

[Vance Heron]

--=-P3l961nwWZr1Avo90Fwz
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Thank you for the quick response.

This seems better, but I'm still not getting the desired answer.

I'm using ruby-1.8.1 on Redhat 7.3 system.
Same system used for both Ruby and C versions ...

Here are two short example
programs - first in C, giving the correct answer

The C compilation line is
gcc sample1.c -lssl -o sample1

--- sample1.c ---
#include <openssl/des.h>

void dmp_blk(int l, char *b)
{
int i;
for (i=3D0; i<l; i++) printf ("%02x ",(b & 0xFF));
printf ("\n");
}

main(int argc, char *argv[])
{

char magic[]=3D"KGS!@#$%";
char key1[]=3D"R=A2Qk%*Qa";
des_key_schedule sked;
unsigned char res[9];

/* encrypt magic w/DES Key 1 */
des_set_key_checked((const_des_cblock *)key1, sked);
des_ecb_encrypt((const_des_cblock *) magic, \
(const_des_cblock *)res, sked, 1);

printf ("Results of DES encryption\n");
printf ("Key: %s Plaintext: %s\n", key1, magic);
dmp_blk(8,res);
}
--- end of sample1.c ---

Then in ruby - giving a different answer

--- sample1.rb ---
#! /usr/bin/env ruby

require 'openssl'

class String
def dmp_blk=20
self.each_byte {|c| printf("%02x ",c)}
printf ("\n")
end=20
end

magic =3D 'KGS!@#$%'
key1 =3D 'R=A2Qk%*Qa'

des =3D OpenSSL::Cipher::Cipher.new("DES-ECB")
des.key =3D key1
des.encrypt(magic)
res =3D des.final

puts "Results of DES encryption"
puts "Key: #{key1} Plaintext: #{magic}"
res.dmp_blk
--- end of sample1.rb ---

--- results from C version ---
$ sample1
Results of DES encryption
Key: R=A2Qk%*Qa Plaintext: KGS!@#$%
ff 37 50 bc c2 b2 24 12=20
$

--- results from ruby version
$ sample1.rb
Results of DES encryption
Key: R=A2Qk%*Qa Plaintext: KGS!@#$%
ff c4 20 c7 c2 f9 74 e3=20
$

=20
V> Here's the ruby code segment I'm using...
V> des =3D OpenSSL::Cipher::Cipher.new("DES")
V> des.encrypt( key1 )
V> res1 =3D des.update( magic )
V> res1 << des.final=20
=20
Well, probably I've not understood but you don't want this ?
=20
des =3D OpenSSL::Cipher::Cipher.new("DES-ECB")
des.key =3D key1
des.encrypt(magic)
p des.final
=20
=20
Guy Decoux

--=-P3l961nwWZr1Avo90Fwz--

 

[Vance Heron]

Sorry about the bad form replying to myself, but
have found the answer I needed ...

The ruby code that works is:

des = OpenSSL::Cipher::Cipher.new("DES-ECB")
des.encrypt(nil, 0)
des.key=key1
res1 = des.update(magic)

The encrypt method hashes the password to generate
a key (not what I needed), and supplies an IV if the
2nd argument is nil (also not what I needed).

For a 2nd encryption, I do a des.reset
after the des.update.

V