After extensive searching I found only two examples of using openssl
ciphers; both on this list. (The “OpenSSL for Ruby” home page is, IMHO,
nearly worthless as a source of info.) The lack of available documentation
for Ruby and related projects is very frustrating; even ruby-doc.org wasn’t
much help. But, I’m still here

One of the two examples I found works, the other does not (using Ruby
v1.8.0):

~~~~~ script start ~~~~~
require ‘openssl’

myText = 'myTestString’
myKey = ‘myPassword’

cipher = OpenSSL::Cipher::Cipher.new(“DES”)
cipher.encrypt( myKey )
result = cipher.update( myText )
result << cipher.final

puts “Encrypted “#{myText}” with “#{myKey}” to:\n”#{result}"\n"

cipher.decrypt( myKey )
result2 = cipher.update( result )
result2 << cipher.final

puts “Decrypted “#{result}” with “#{myKey}” to:\n”#{result2}"\n\n"
~~~~~ script end ~~~~~

produces:

Encrypted "myTestString" with "myPassword" to:
"ä{
   1ÿ¯¿É8e[ú¯"
Decrypted "ä{
             1ÿ¯¿É8e[ú¯" with "myPassword" to:
"myTestString"

Encrypted "myTestString" with "myPassword" to:
"7kCvDäï"
../cryptest.rb:14:in `final': wrong final block length (OpenSSL::CipherError)
        from ./cryptest.rb:14

../cryptest.rb:7:in `key=': key length too short:  (OpenSSL::CipherError)
        from ./cryptest.rb:7

    This brings me back to question #1.

some more samples:
http://savannah.nongnu.org/cgi-bin/viewcvs/rubypki/ossl2/examples/
and
http://ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/sample/openssl/
and there are the unit tests:
http://ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/test/openssl/utils.rb?rev=1.2

HTH

Hi,

In message a37d34bb8e1fc9189470df9e5da42bfe@news.teranews.com,

1. Could and would someone please tell me why one works and the other does
   not? Or at least point me to a reference doc so that I can figure it out
   for myself?

Cipher#encrypt and Cipher#decrypt take two arguments,
passphrase and salt. The actual key is generated from these
parameters. On the other hand Cipher#key= sets actual key to
the cipher module directly.

I checked code and found that Cipher#encrypt doesdn’t set IV;-)

In addition, the number of rouunds in key derivation is too small

than requirement of PKCS #5 spec. I think it should be refactored.

require ‘openssl’

myText = “myTestString”
myKey = “0123456789abcdef”
myIV = “01234567”

cipher = OpenSSL::Cipher::Cipher.new(“BF-CBC”)
cipher.encrypt
p [cipher.key_len, cipher.iv_len]

cipher.key = myKey
cipher.iv = myIV
result = “”
result << cipher.update(myText)
result << cipher.final
puts “Encrypted %p with %p to:\n%p\n” % [myText, myKey, result]

cipher.decrypt
cipher.key = myKey
result2 = “”
result2 << cipher.update(result)
result2 << cipher.final
puts “Decrypted %p with %p to:\n%p\n” % [result, myKey, result2]

2. Could and would someone please tell me what ciphers, other than DES, are
   available with the “OpenSSL for Ruby” project? Or at least point me to a
   reference doc?

Cipher.new() takes all cipher names defined by OpenSSL
library. It seems not documented, but we can get it from the
source code.
(“BF-ECB”, “BF-CBC”, “BF-CFB” and “BF-OFB” are defiend in
openssl-0.9.7d/crypto/objects/obj_dat.h, “blowfish” and “bf”
are defeind in openssl-0.9.7d/crypto/evp/c_allc.c).

3. Using Blowfish, the second script is still problematic changing its
   error to:

../cryptest.rb:7:in `key=': key length too short:  (OpenSSL::CipherError)
        from ./cryptest.rb:7

Each cipher requires a key of enough length. Cipher#key_len
returns it. (Cipher#iv_len returns the length of
initialization vector (IV) for CBC, CFB and OFB mode ciphers.)

regards,