> [[email protected] - Thu Jan 01 10:43:14 2009]: > > I tried to decrypt the encrypted objects in PDF documents. These are > encrypted using RC4 and, > as far as I can see at the moment, key of key length 16 byte derived > from a master file key of 5 byte length. > > After calculation of that master file key and before decryption of these > encrypted objects a test is performed to verify whether the 5 byte file > master key is correct (e.g. if the given password was correct), which > looks in the C source of a PDF interpreter like > > > > if (encRevision == 2) { > rc4InitKey(fileKey, keyLength, fState); > fx = fy = 0; > for (i = 0; i < 32; ++i) { > test[i] = rc4DecryptByte(fState, &fx, &fy, userKey->getChar(i)); > } > ok = memcmp(test, passwordPad, 32) == 0; > } > > > where keyLength = 5 at this time. So the rc4 code this library uses > seems to be able to use 5 byte keys, which is plausible since RC4 is of > variable key length. > > But with openssl I get an error message from the Ruby-openssl-lib when > trying to set a 5 byte key, because EVP_CIPHER_CTX_key_length(ctx) > returns a value of 16 (which means 16 bytes I assume). The > Ruby-openssl glue code compares with EVP_CIPHER_CTX_key_length(ctx) and > throws an exception if the key is too short. > > Ruby example code: > > require 'openssl' > c=OpenSSL::Cipher::Cipher.new("rc4") > c.encrypt > c.key="abcde" > > > Why does openssl's RC4 implemention require that key length? Is that a > restriction of SSL? Is that implementation meant to be a general cipher > library or is it just to fulfill the needs of SSL? >
The function EVP_CIPHER_CTX_set_key_length() needs to be called to set a key length other than the default value (which is 128 bits for RC4). You need to see how to do that from Ruby. If there is no such mechanism then this is a Ruby wrapper issue and nothing to do with OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
