Openssl ciphers

This is just an update on my last message. I managed to figure out how
to use the OpenSSL ciphers to do the encryption/decryption–took a
little doing, but once I figured it out it was almost ridiculously easy.
For future reference, here’s how you do it:

require 'openssl’
require ‘base64’

cipher = OpenSSL::Cipher::DES.new

password = "hullabaloo"
cipher.encrypt( password )
result = cipher.update( “some text to encrypt” )
result << cipher.final

puts encode64( result )

cipher.decrypt( password )
result = cipher.update( result )
result << cipher.final

puts result

If anyone has any suggestions for doing it better, please let me know.

Hi,

From: “Jamis Buck” jgb3@email.byu.edu
Sent: Wednesday, April 14, 2004 1:02 AM

If anyone has any suggestions for doing it better, please let me know.

There seems nothing wrong with your sample.
Recent ruby has similar sample at sample/openssl/cipher.rb.

And here is a fxruby GUI sample.
http://rrr.jin.gr.jp/dav/NaHi/pkey_view.rb
http://rrr.jin.gr.jp/dav/NaHi/skey_view.rb

Regards,
// NaHi

Hello,
I’m a relatively new user, trying to build an app that
will do an NTLM authentication over HTTP.

Part of the algorithm involves DES encrypting the
string “KGS!@#$%” using a key consisting of the
following bytes:
“0x52 0xa2 0x51 0x6b 0x25 0x2a 0x51 0x61”

In the example, the encrypted text is supposed to be:
“0xff 0x37 0x50 0xbc 0xc2 0xb2 0x24 0x12”

but when using openssl in ruby I get
"0xc7 0x17 0x53 0x90 0x28 0x9e 0xa1 0xe3
0x04 0xa4 0xbe 0x0b 0x1a 0xb8 0xf6 0x29"

which is twice a long, in addition to being
different from what’s expected.

Here’s the ruby code segment I’m using…
des = OpenSSL::Cipher::Cipher.new(“DES”)
des.encrypt( key1 )
res1 = des.update( magic )
res1 << des.final

Instantiating des with
des = OpenSSL::Cipher::DES.new gives the same
undesired result

Using DES-ECB gives a different answer, also not the
expected/desired one.

It works in C with the following code …

/* encrypt magic w/DES using Key 1 */
des_set_key_checked((const_des_cblock *)key1, sked);
des_ecb_encrypt((const_des_cblock *) magic,
(const_des_cblock *)lmhash, sked, 1);

Any thoughts or help would be appreciated.

Thank You,
Vance
heron@jpl.nasa.gov

Here's the ruby code segment I'm using...
  des = OpenSSL::Cipher::Cipher.new("DES")
  des.encrypt( key1 )
  res1 = des.update( magic )
  res1 << des.final

Well, probably I've not understood but you don't want this ?

   des = OpenSSL::Cipher::Cipher.new("DES-ECB")
   des.key = key1
   des.encrypt(magic)
   p des.final

Guy Decoux

Wrote Vance Heron heron@jpl.nasa.gov, on Thu, Apr 15, 2004 at 11:47:16AM +0900:

Hello,
I’m a relatively new user, trying to build an app that
will do an NTLM authentication over HTTP.

Part of the algorithm involves DES encrypting the
string “KGS!@#$%” using a key consisting of the
following bytes:
“0x52 0xa2 0x51 0x6b 0x25 0x2a 0x51 0x61”

In the example, the encrypted text is supposed to be:
“0xff 0x37 0x50 0xbc 0xc2 0xb2 0x24 0x12”

but when using openssl in ruby I get
“0xc7 0x17 0x53 0x90 0x28 0x9e 0xa1 0xe3
0x04 0xa4 0xbe 0x0b 0x1a 0xb8 0xf6 0x29”

which is twice a long, in addition to being
different from what’s expected.

If its an extra block long, is it possible the APIs you use accept
variable length input, and implement a padding algorithm (thus an extra
block)? And that they default to CBC, which requires an IV (thus the
different first block)?

The ruby calls below have a “final”, the purpose of which is usually to
add padding.

Cheers,
Sam

Thank you for the quick response.

This seems better, but I’m still not getting the desired answer.

I’m using ruby-1.8.1 on Redhat 7.3 system.
Same system used for both Ruby and C versions …

Here are two short example
programs - first in C, giving the correct answer

The C compilation line is
gcc sample1.c -lssl -o sample1

— sample1.c —
#include <openssl/des.h>

void dmp_blk(int l, char *b)
{
int i;
for (i=0; i<l; i++) printf (“%02x “,(b[i] & 0xFF));
printf (”\n”);
}

main(int argc, char *argv)
{

char magic=“KGS!@#$%”;
char key1=“R¢Qk%*Qa”;
des_key_schedule sked;
unsigned char res[9];

/* encrypt magic w/DES Key 1 */
des_set_key_checked((const_des_cblock *)key1, sked);
des_ecb_encrypt((const_des_cblock *) magic,
(const_des_cblock *)res, sked, 1);

printf (“Results of DES encryption\n”);
printf (“Key: %s Plaintext: %s\n”, key1, magic);
dmp_blk(8,res);
}
— end of sample1.c —

Then in ruby - giving a different answer

— sample1.rb —
#! /usr/bin/env ruby

require ‘openssl’

class String
def dmp_blk
self.each_byte {|c| printf(“%02x “,c)}
printf (”\n”)
end
end

magic = ‘KGS!@#$%’
key1 = ‘R¢Qk%*Qa’

des = OpenSSL::Cipher::Cipher.new(“DES-ECB”)
des.key = key1
des.encrypt(magic)
res = des.final

puts “Results of DES encryption”
puts “Key: #{key1} Plaintext: #{magic}”
res.dmp_blk
— end of sample1.rb —

— results from C version —
$ sample1
Results of DES encryption
Key: R¢Qk%*Qa Plaintext: KGS!@#$%
ff 37 50 bc c2 b2 24 12
$

— results from ruby version
$ sample1.rb
Results of DES encryption
Key: R¢Qk%*Qa Plaintext: KGS!@#$%
ff c4 20 c7 c2 f9 74 e3
$

Sorry about the bad form replying to myself, but
have found the answer I needed …

The ruby code that works is:

des = OpenSSL::Cipher::Cipher.new(“DES-ECB”)
des.encrypt(nil, 0)
des.key=key1
res1 = des.update(magic)

The encrypt method hashes the password to generate
a key (not what I needed), and supplies an IV if the
2nd argument is nil (also not what I needed).

For a 2nd encryption, I do a des.reset
after the des.update.

V