> On 11 April 2019 00:49 David Salisbury via dovecot <[email protected]> > wrote: > > > >>> > >> Yes. I gave it a try here, and it seems to work. Does it give any extra > >> information if you include -i flag? > >> > >> Aki > >> > > > > Yes, I had tried that, and it doesn't give much extra information, at > > least to my eye, that seems to help my issue. Above the previous > > output it outputs the Version, Flags, Header length, Cipher algo, and > > Digest algo, and then the Key derivation Rounds. Then it does the > > previous output and exits as before. > > > > I tried using pry to debug through the script a little, and strace as > > well, but have not found anything pointing me in the direction of a > > solution or what may be causing it not to work for me yet. Will keep > > looking. > > > > Out of curiosity, what version of ruby were you using to run the > > script? My ruby version is 2.5.1p57. > > > > -Dave > > So, I found that in decrypt.rb there is a point where this section is > reached: > > [code] > unless our_key == nil > # decrypt data! > [/code] > > While testing I discovered that, for me, our_key was apparently equal to > nil because the code was never even making it into that block. There > was a block right above that that was setting our_key to nil if a > certain condition happened, but I could tell that condition wasn't > happening as the accompanying error message wasn't printing. Looking > farther up, I found: > > [code] > our_key = key if key[:digest] == options[:key_digest] > [/code] > > I printed the values of key[:digest] and options[:key_digest], and they > are in fact different. Since our_key is nil by default, our_key was > just remaining nil, hence no decryption for me. > > The key[:digest] variable is filled a little above that part of the code: > > [code] > (key[:type],key[:digest]) = options[:input].read(33).unpack('Ca*') > [/code] > > and options[:key_digest] is filled as the private key option is passed in: > > [code] > opts.on("-k","--key KEY", "Private key to decrypt file") do |k| > options[:key] = OpenSSL::PKey.read(File.open(k)) > options[:key_digest] = get_pubid_priv(options[:key]) > end > [/code] > > It's apparently using the key from the command line to get the key > digest with the get_pubid_priv() function, and for some reason that > value is coming back as different than the key digest that is > ascertained by the "options[:input].read" line. > > Out of curiosity, and since I know I'm using the correct key, I > commented out the if statement in the our_key line so as not to make the > comparison between the digests: > > [code] > our_key = key #if key[:digest] == options[:key_digest] > [/code] > > .... and then it worked! The script successfully decrypted the message! > > So, not being an expert at encryption, what are the ramifications of > those digests being read as different values in the two different > places?? I do notice that the get_pubid_priv() function is internal to > the decrypt.rb script and calls several OpenSSL functions. > > -Dave
Hmm... can you show me how you made the keypair for encryption? Maybe there is some difference? Aki
