Re: openssl ciphers

< ^ > P N |<>|^_>< --- | ~ ...Help
Hi,

In message <a37d34bb8e1fc9189470df9e5da42bfe / news.teranews.com>,
 `"Terry <" <nospam4.me / ottomate.biz [remove.me]>' wrote:
> 1)  Could and would someone please tell me why one works and the other does
> not?  Or at least point me to a reference doc so that I can figure it out
> for myself?

Cipher#encrypt and Cipher#decrypt take two arguments,
passphrase and salt. The actual key is generated from these
parameters. On the other hand Cipher#key= sets actual key to
the cipher module directly.

# I checked code and found that Cipher#encrypt doesdn't set IV;-)
# In addition, the number of rouunds in key derivation is too small 
# than requirement of PKCS #5 spec. I think it should be refactored.

  require 'openssl'

  myText = "myTestString"
  myKey = "0123456789abcdef"
  myIV =  "01234567"

  cipher = OpenSSL::Cipher::Cipher.new("BF-CBC")
  cipher.encrypt
  p [cipher.key_len, cipher.iv_len]

  cipher.key = myKey
  cipher.iv = myIV
  result = ""
  result << cipher.update(myText)
  result << cipher.final
  puts "Encrypted %p with %p to:\n%p\n" % [myText, myKey, result]

  cipher.decrypt
  cipher.key = myKey
  result2 = ""
  result2 << cipher.update(result)
  result2 << cipher.final
  puts "Decrypted %p with %p to:\n%p\n" % [result, myKey, result2]

> 2)  Could and would someone please tell me what ciphers, other than DES, are
> available with the "OpenSSL for Ruby" project?  Or at least point me to a
> reference doc?

Cipher.new() takes all cipher names defined by OpenSSL
library. It seems not documented, but we can get it from the
source code.
("BF-ECB", "BF-CBC", "BF-CFB" and "BF-OFB" are defiend in
openssl-0.9.7d/crypto/objects/obj_dat.h, "blowfish" and "bf"
are defeind in openssl-0.9.7d/crypto/evp/c_allc.c).

> 3)  Using Blowfish, the second script is still problematic changing its
> error to:
> 
> ~~~~~
> ../cryptest.rb:7:in `key=': key length too short:  (OpenSSL::CipherError)
>         from ./cryptest.rb:7

Each cipher requires a key of enough length. Cipher#key_len
returns it. (Cipher#iv_len returns the length of
initialization vector (IV) for CBC, CFB and OFB mode ciphers.)

regards,

-- 
gotoyuzo