Michael Graff wrote:
> Don't worry, you know what an IV is and why using 0 is bad, so I won't
> 'yell' at you :)
>
> You are probably running into padding issues. Since AES is a block
> cypher, each block must be exactly the correct length I suspect.
>
> How are you calling the decrypt code? You're just feeding data into
> the encryption system and after you are all done with the data,
> calling final? That should work, but I do not have any way to write
> code in Flash to test this. If you could have Flash encrypt
> something, perhaps 101 bytes or so long (odd to ensure padding
> occurs), and send the plaintext, the key, and the encrypted string
> (uuencode, hex dump, whatever) I can experiment.
>
> --Michael
Hi,
Thanks... Definitely appears to be padding issues. We are using Bouncy
Castle CTS AES encrypt. The openSSL appears to be using CBC. I'm no
expert... In looking at the RFC, it appears there is a difference
between how CBC and CBC/CTS handles padding. There is a reference in
the rfc to swapping within the last partial block as part of the
process... not sure how/whether this is implemented.
Below is the output from my irb session. The clear text is supposed to
be:
AAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDCCCCCCCCDDDDDDDDAAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDCCCCCCCCDDDDDDDDXXXYYY
key: 4b1114cc73fed8b5428c3dee60d7773a
Please notice that the first part of the message is decrypted
correctly.... the partial at the end is not.
irb(main):821:0> a= OpenSSL::Cipher::Cipher.new('aes-256-cbc')
=> #<OpenSSL::Cipher::Cipher:0xb79b9378>
irb(main):822:0> a.key=d
=> "4b1114cc73fed8b5428c3dee60d7773a"
irb(main):823:0>
a.iv='00000000000000000000000000000000'.unpack('a2'*32).map{|x|
x.hex}.pack('c'*32)=>
"\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
irb(main):824:0>
data='TmI9HrNrsMBxSfwApvSaQrLIDsLboNhIW/FawPjNUB0x/G0ZDf+gfk4JaTc/tGxDg1s4mrIRFOoBJemK+txUF0+aPw8bxIgzxmB3gq18aJRoSo5PWqbzS8FCCHrb3leKf4UUNFaIAaVVY1a5ymZ/HMPhwAKbii8x9Uk/S0MxaDofHTluc1E='.unpack('m')[0]
=>
"Nb=\036\263k\260\300qI\374\000\246\364\232B\262\310\016\302\333\240\330H[\361Z\300\370\315P\0351\374m\031\r\377\240~N\ti7?\264lC\203[8\232\262\021\024\352\001%\351\212\372\334T\027O\232?\017\e\304\2103\306`w\202\255|h\224hJ\216OZ\246\363K\301B\bz\333\336W\212\177\205\0244V\210\001\245UcV\271\312f\177\034\303\341\300\002\233\212/1\365I?KC1h:\037\0359nsQ"
irb(main):825:0> s=a.update(data)
=>
"AAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDCCCCCCCCDDDDDDDDAAAAAAAABBBBBBBBAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD8\300u\003|\200\243jf\bkf\005\251\327\242"
irb(main):826:0> s<<a.final
OpenSSL::Cipher::CipherError: wrong final block length
from (irb):826:in `final'
from (irb):826
from :0
irb(main):827:0>
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
