[erlang-questions] blowfish cbc mode decrypt

Dmitry Kolesnikov dmkolesnikov@REDACTED
Tue Nov 10 12:15:40 CET 2015


Yes, this want I thought. You are using wrong key to decrypt data on Erlang side.

Please notice that 

“Crypt::CBC can derive the key and the IV from a passphrase that you provide, or can let you specify the true key and IV manually…

The -key argument provides either a passphrase to use to generate the encryption key, or the literal value of the block cipher key. If used in passphrase mode (which is the default), -key can be any number of characters; the actual key will be derived by passing the passphrase through a series of MD5 hash operations.”

So, in your example Key is not an encryption key, this is a pass-phrase. The Erlang’s implementation expects that you provides actual key. 

I do not know how perl’s Crypt::CBC derives the key from perspires. You can either reverse engineer that piece of code or you can use literal key.

Best Regards, 

> On Nov 10, 2015, at 11:58 AM, Bogdan Andu <bog495@REDACTED> wrote:
> use strict;
> use warnings;
> use MIME::Base64;
> use Crypt::CBC;
> #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
> use PHP::Serialization qw(serialize unserialize);
> my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl 7bap 71district XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"";s:4:"cuip";s:18:"Cererea nr 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"xxx123@REDACTED";s:4:"nume";s:55:"\xc3\x88\xc2\x99 \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2 \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e \xc3\x84\xc2\x82 \xc3\x88\xc2\x98 \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';
> print $pt, "\n";
> my $key = "12345678900987654321001234567890";
> my $cipher = Crypt::CBC->new(
>                    -key    => $key,     
>                 -cipher => 'Blowfish',
>                 -header => 'randomiv' 
> );
>         #       print "$pt\n";
> my $encpt = $cipher->encrypt($pt);
> print "\n$encpt", "\n";
> print "\n", encode_base64($encpt), "\n";
> ## TEST
> my $decpt = $cipher->decrypt($encpt);
> print "\n$decpt", "\n";

More information about the erlang-questions mailing list