Decrypt challenge - perl encrypt with ruby decrypt

ruby-talk
1

Ok, so I am trying integrate with someone who is sending me a string
that is triple des encrypted thru perl.
I need to decrypt the string thru ruby.

I have had no luck decrypting, so decided I would try to encrypt in
ruby as a sanity check...of course...I get different results.

HELP please :slight_smile:

Here is the perl...then the ruby. Oh yes, and I am so glad there are
no ; in ruby !

#========================= perl
use Crypt::TripleDES;
use URI::Escape;

my $key="AKJSAYOQWOEIQWLEKJQLKNDDOIQQLWEL";
my $token="1234567890";

my $des = new Crypt::TripleDES;
my $string= $des->encrypt3($token,$key);
#print "string=$string\n\n";
$string=uri_escape($string);
print "string=$string\n\n";

string=%0AP%91%06%0APq%7D%12%E83%DD%87%1C%7Cz

#========================= ruby
require 'openssl'
require 'cgi'
require 'uri'

key = "AKJSAYOQWOEIQWLEKJQLKNDDOIQQLWEL"
token = "1234567890"

e = OpenSSL::Cipher::Cipher.new 'DES-EDE3'
e.encrypt key
s = e.update token
s << e.final
puts URI.escape(s)

路路路

%ABL%3E%04F%FA%83%9A%C0%CB%A7Z5%FCb%E9

2

The problem with your code is that you are using two different encryption
algorithims.

You are implementing TripleDES in ECB mode in perl, and TripleDES in
DES_EDE3 mode in ruby. The latter being a block cipher that is expecting
data to be fed to it in 8-bit blocks one at a time. To match them up you
would have to use Crypt::DES_EDE3 in perl, however that would mean your data
would have to be supplied in 8-bit blocks which would be very inconvenient
unless you were operating on binary data and supplying some kind of padding
as needed. I would suggest finding out how to implement the ECB mode in
ruby to match up with your perl code. I looked online at ruby-lang.org but
couldn't find a list of ciphers that the .new method accepts. Good luck.

- Nathan

路路路

On 6/13/07, aktxyz@gmail.com <aktxyz@gmail.com> wrote:

Ok, so I am trying integrate with someone who is sending me a string
that is triple des encrypted thru perl.
I need to decrypt the string thru ruby.

I have had no luck decrypting, so decided I would try to encrypt in
ruby as a sanity check...of course...I get different results.

HELP please :slight_smile:

Here is the perl...then the ruby. Oh yes, and I am so glad there are
no ; in ruby !

#========================= perl
use Crypt::TripleDES;
use URI::Escape;

my $key="AKJSAYOQWOEIQWLEKJQLKNDDOIQQLWEL";
my $token="1234567890";

my $des = new Crypt::TripleDES;
my $string= $des->encrypt3($token,$key);
#print "string=$string\n\n";
$string=uri_escape($string);
print "string=$string\n\n";

>> string=%0AP%91%06%0APq%7D%12%E83%DD%87%1C%7Cz

#========================= ruby
require 'openssl'
require 'cgi'
require 'uri'

key = "AKJSAYOQWOEIQWLEKJQLKNDDOIQQLWEL"
token = "1234567890"

e = OpenSSL::Cipher::Cipher.new 'DES-EDE3'
e.encrypt key
s = e.update token
s << e.final
puts URI.escape(s)

>> %ABL%3E%04F%FA%83%9A%C0%CB%A7Z5%FCb%E9

3

"Nathan Taylor-Hoover" <onebitcipher@gmail.com> writes:

The problem with your code is that you are using two different encryption
algorithims.

Not quite; see http://www.openssl.org/docs/apps/enc.html - in brief:

des-ede3-cbc Three key triple DES EDE in CBC mode
des-ede3 Three key triple DES EDE in ECB mode
des3 Alias for des-ede3-cbc
des-ede3-cfb Three key triple DES EDE CFB mode
des-ede3-ofb Three key triple DES EDE in OFB mode

So the cipher being used should in theory work, but it clearly doesn't
at all. I can't find any decent information relating what
Crypt:TripleDES does to an equivalent operation for openssl. (openssl
in ruby or otherwise) I also don't know that passing the key as the
argument to encrypt is the appropriate behavior.

Openssl has both keys and initial values, which are derived from
passphrases in a manner I don't understand. Crypt::TripleDES uses
only a key, and I don't know how those two correspond to each other.