[erlang-questions] blowfish cbc mode decrypt

Bogdan Andu bog495@REDACTED
Tue Nov 10 14:51:24 CET 2015 

I was thinking that is handled internally...

however, this did the trick (for randomiv mode of operation):

blowfish_key_from_key(Key) ->
    Temp = crypto:md5(Key),
    blowfish_key_from_key1(Temp).

blowfish_key_from_key1(Temp) when size(Temp) < 56 ->
    Temp1 = crypto:md5(Temp),
    blowfish_key_from_key1(<<Temp/binary, Temp1/binary>>);

blowfish_key_from_key1(Temp) ->
    <<Temp1:56/binary, _Rest/bitstring>> = Temp,
    Temp1.

I think that crypto should have this kind oh helper functions
because , like in cases of blowfish cipher , whose key length can
be variable, could be useful in using the cipher correctly, and people
would know that some things are not implied.

Thanks,
Bogdan


On Tue, Nov 10, 2015 at 1:15 PM, Dmitry Kolesnikov <dmkolesnikov@REDACTED>
wrote:

> Hello,
>
> Yes, this want I thought. You are using wrong key to decrypt data on
> Erlang side.
>
> Please notice that
>
> “Crypt::CBC can derive the key and the IV from a passphrase that you
> provide, or can let you specify the true key and IV manually…
>
> The -key argument provides either a passphrase to use to generate the
> encryption key, or the literal value of the block cipher key. If used in
> passphrase mode (which is the default), -key can be any number of
> characters; the actual key will be derived by passing the passphrase
> through a series of MD5 hash operations.”
>
> So, in your example Key is not an encryption key, this is a pass-phrase.
> The Erlang’s implementation expects that you provides actual key.
>
> I do not know how perl’s Crypt::CBC derives the key from perspires. You
> can either reverse engineer that piece of code or you can use literal key.
>
>
> Best Regards,
> Dmitry
>
>
> > On Nov 10, 2015, at 11:58 AM, Bogdan Andu <bog495@REDACTED> wrote:
> >
> > use strict;
> > use warnings;
> > use MIME::Base64;
> >
> > use Crypt::CBC;
> > #use Digest::HMAC_SHA1 qw(hmac_sha1 hmac_sha1_hex);
> > use PHP::Serialization qw(serialize unserialize);
> >
> > my $pt = 'a:10:{s:6:"adresa";s:89:"Address 2 TEST
> \xc3\x84\xc2\x83\xc3\x83\xc2\xae\xc3\x88\xc2\x99\xc3\x88\xc2\x9b\xc3\x88\xc2\x99\xc3\x88\xc2\x9bbl
> 7bap 71district
> XXXBucure\xc3\x88\xc2\x99tiJUDE\xc3\x88\xc2\x9a031905RO";s:4:"info";i:1460382;s:7:"urlback";s:41:"
> https://192.162.16.116:8020/snep_response";s:4:"cuip";s:18:"Cererea nr
> 1460382";s:6:"idtaxa";i:5001;s:5:"email";s:16:"xxx123@REDACTED";s:4:"nume";s:55:"\xc3\x88\xc2\x99
> \xc3\x88\xc2\x9b \xc3\x84\xc2\x83 \xc3\x83\xc2\xae \xc3\x83\xc2\xa2
> \xc3\x83\xc2\x82 \xc3\x83\xc2\x8e \xc3\x84\xc2\x82 \xc3\x88\xc2\x98
> \xc3\x88\xc2\x9a u\xc3\x83\xc2\xa7";s:3:"cui";s:18:"Cererea nr
> 1460382";s:9:"idnomunic";i:13;s:4:"suma";d:262.69;}';
> >
> > print $pt, "\n";
> >
> > my $key = "12345678900987654321001234567890";
> > my $cipher = Crypt::CBC->new(
> >                    -key    => $key,
> >                 -cipher => 'Blowfish',
> >                 -header => 'randomiv'
> > );
> >
> >         #       print "$pt\n";
> > my $encpt = $cipher->encrypt($pt);
> > print "\n$encpt", "\n";
> >
> > print "\n", encode_base64($encpt), "\n";
> >
> > ## TEST
> > my $decpt = $cipher->decrypt($encpt);
> > print "\n$decpt", "\n";
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20151110/732641e1/attachment.htm>

More information about the erlang-questions mailing list