Hi! After a few days of trying to successfully authenticate to the OpenSRS server, and finally I made it. I get correct response 200 that the authetication was successfull, I don't get disconnected, YEEPIEE!
Well here's the catch. Based on the document Christina wrote, there is a small difference about the preparing the data that is to be encrypted and sent. If we focus on the authetication sequence, here are the steps: 1. connect to the server 2. receive server XML handshake 3. answer with client XML handshake 4. send authentication request 5. receive plain binary challenge data 6. --- now here is the tricky part --- we read the challenge data and get a MD5 digest of it. the MD5 digest we put into a buffer that we will send before the buffer is encrypted and sent we must pad it. The length must be modulated by 8 (if we divide it by 8 we must get no leftovers, must be dividable by 8). If it is not dividable by 8 we add chars until it is. If the primary buffer is dividable by 8 we must add 8 characters. These charaters we add are #0n where 'n' is the number of charaters that are missing i.e. 'test12' as buffer, we add #02#02 at the and so that it is long 8 chars. Now we just encrypt the data as stated in the document and send it as stated in API. 7. we should now receive authentication successfull. Hope this helps for who ever would like to make his own implementation in some language other than PERL. I have developed this in Delphi with DCPCrypt2 controls. Uroš Gaber PowerCom d.o.o. Kersnikova 6, 1234 Mengeš, Slovenia P.E.: Slovenska 24, 1234 Mengeš, Slovenia Mobile: +386 (0)41 400-801 Phone office: +386 (0)1 723-01-62 Fax office: +386 (0)1 723-01-63 eMail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uros Sent: Wednesday, July 23, 2003 1:26 AM To: [EMAIL PROTECTED] Subject: Re: Question about a document Hi! I've gone through the CBC perl module that is used by the OpenSRS PERL Client, and I now managed to create the encryption / decryption functions that can encrypt and decrypt to the same result as the functions used by OpenSRS client. If someone is interested I am willing to write a more detailed document on how the encryption works, of course the document would be based on the document that Christina wrote... Uros Gaber PowerCom d.o.o. eMail: [EMAIL PROTECTED] --------- Prvotno sporoèilo -------- Od: [EMAIL PROTECTED] Za: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Tema: Re: Question about a document Datum: 22/07/03 22:06 > > > Code reuse occurs in many ways. In the case of Blowfish I > did already state that if you spend a few minutes you can find > Blowfish source code on the internet in just about any language you > want -- Again, that was the very intention of the author of Blowfish. > Thus when someone refers to "getting their code working" > that does not mean they wrote every line of code ...... The same is > true of MD5 regarding available code etc. > > For those who might be interested the author of Blowfish maintains the > following "support" page for Blowfish at, > > http://www.counterpane.com/blowfish.html > > Free source code in C, C#, Java, C++, Forth, and VB are available > here, > > http://www.counterpane.com/blowfish-download.html > > Blowfish test vectors are avaiable here, > > http://www.counterpane.com/vectors.txt > http://www.counterpane.com/vectors.txt > > MD5 is detailed in RFC 1321, > > http://www.faqs.org/rfcs/rfc1321.html > > Test vectors are provided at the end of the RFC. > > Look around the net and you'll find source code for MD5 in many > languages to. > > > > >What I don't understand, though, is why anyone working on >an > OpenSRS- >related project wants to implement Blowfish for > >themselves. I've now > >worked on three separate systems interfacing to OpenSRS > >(PHP/Web, > >Perl/Web and Perl/email), and at no point did I even > >consider writing > >my own Blowfish routine -- I just used a library. > > > >All my systems have been on Unix, though. Are there *no* > >encryption > >libraries available on Windows? > > > > > >Chris. > > > > >
