Part II: How to make Ruby AES-256-CBC and PHP MCRYPT_RIJNDAEL_128 play well together -

-

This question is the continuation of my previous one, in this regard I have to work now, but I still go to the other direction I'm struggling for. PHP Generate cryptograph contains all the information that was provided, but I could get the ruby ​​code decrypt without any errors.

Here's the PHP code I'm using to generate cryptogs: 

  $ cleartext = "Who's a smart boy?"; $ Key = base64_decode ("6sEwMG / aKdBk5Fa2rR6vVw == \ n"); $ Iv = base64_decode ("vCkaypm5tPmtP3TF7aWrug =="); $ Cryptogram = encrypt_encript (MCRYPT_RIJNDAEL_128, $ key, $ clarext, acrypttmddcc, $ iv); $ Result = base64_encode ($ cryptogram); Print "\ n '$ Result' \ n"; RESULT 'JM0OxMINPTnF1vwXdI3XdKI0KlVx210CvpJllFja + GM ='

Then there is an attempt to decrypt the Ruby: 

  & gt; & Gt; Cipher = openSSL :: cipher :: cipher Enve ('AES-128-CBC') & gt; & Gt; Cipher.key = base 64decode 64 ("6sEwMG / aKdBk5Fa2rR6vVw == \ n") & gt; & Gt; Cipher.iiv = base64decload 64 ("vCkaypm5tPmtP3TF7aWrug ==") & gt; & Gt; Cryptogram = Base 64Decode 64 ('JM0xMINPTNF1vwXdI3XdKI0KlVx210CvpJllFja + GM =') & gt; & Gt; Clarectx = cipher.update (cryptogram) = & gt; "Who is clever" & gt; & Gt; Clairetext & Lt; & Lt; Cipher: FINAL OpenSSL :: Cipher :: Cipher ERE: Bad Decrypt (IRB): 100: In 'Final' (IRB): 100

What really disappointment about this It is possible to repeat the above to get the complete clayetext of that encrypted string, but adding the crap pad to the cryptograph: 

  & gt; & Gt; Cleatotech = cipher.update (cryptograph + 'pad') = & gt; "Who is a clever boy? 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000" Clairetext; & Lt; Cipher Final OpenSSL :: Cipher :: Cipher Error: Wrong Decrypt From IRB: 119: From 'Last' (IRB): 119

In the case of my actual use, the quartet is structured (one JSON string, because you ask), so I feel comfortable that I can use this plan and can detect bad encrypted input without having to do cipher.final . However, I can not tolerate this type of coup in my code, so I want to understand how to handle the Ruby code with the last block brilliantly.

The problem is that mcrypt is not doing the last block padding, while Ruby OpenSSL binding uses the default OpenSSL padding method, which is PKCS padding. I can not really improve the details from the OpenSSL documentation:

PKCS padding works by adding padding bytes of value N to make the total length of more than one data of the block size. Padding is always added, if the data is already more than one of the block size then the block size will be equal. For example, if block size 8 and 11 bytes are encrypted, then 5 padding bytes of value 5 will be added.

You will need to manually add the appropriate padding at the end before clearing the code in PHP before encrypting it. To do so, before encrypting it with your $ cleartext ( 16 is known as blocky) on

> Pass the function. 

  function pkcs5_pad ($ text, $ blocksize) {$ pad = $ blocksize - (strollon ($ text) $ blockage); $ Text return str_repeat (chr ($ pad), $ pad); }

If you go to the other side (decrypt with encrypt and encryption in Ruby), you will need to strip the padding bytes after decrypting.

Side note: You have to add padding, even if the cleartext is already more than one of the blockage (a complete block of padding), so when you decrypt it , Then know that the last bite last block always has added the amount of padding. Otherwise, you can not specify the difference between claytext with a single padding byte and no padding bytes, which has expired in value 0x01 .


Comments

Post a Comment

Popular posts from this blog

c# - How to capture HTTP packet with SharpPcap -

-
I would like to capture all incoming HTTP packets on my machine. To do this, I am using SharpPcap which is a WinPcap The cover is. SharpPcap works very well, but it captures TCP packets and what it wants to do for me is a very low level. Does anyone know how can I easily get full HTTP requests / reactions from all these TCP packets? Thanks SharpPcap is already able to capture the packet in the same way That's what the virus does (just in the code instead of the GUI). And you can either either parse them directly or you can put them in the drive in the common .pcap file format. The steps to parse the capture are: Open a connection at any time Loop a while Or start capturing using an event callback Parsing the raw packet for the type you want If you are reading .PPP dump files In addition to calling you an offline capture reader is almost the same, there is no need to select an interface, and you can set the majority There is no need to do the modes. All st...
Read more

php - Multiple Select with Explode: only returns the word "Array" -

-
By using Wordpress I have created a multiple selection box so that users can select categories to exclude. When the page is initially loaded, I see my predefined default option. However, when I select a new value and I save ... I only see the word "Array" and have not chosen anything else? & lt; Class = "amultiple" id = "& lt; php echo $ value ['id'] ;? gt;" name = "& gt; php echo $ value ['id'] ;; gt; []" Multiple = "multiple" size = "8" & gt; & Lt ;? Php global option; Foreign currency ($ value as value $) {if (get_settings ($ value ['id']) === FALSE {$$ value ['id'] = $ value ['std']; } And {$$ value ['id'] = get_settings ($ value ['id']); }} $ Ranges = & amp; Amp; Categories ('type = post & orderbiz = name & amp; hide_empty = 1'); If ($ ranges) {$ ex_cat = implode (',', $ tt_cat_exclude); Forex Currency ($ range a...
Read more

php - jQuery AJAX Post not working -

-
I do not understand why this script does not work. It has something to do within AJAX PostScript / Function. Right now, when I submit my form, it runs php code on the same page. What it should do, send the values ​​of the form for Project_Azax.fp, then there will be a refund of success on the page which is correct or false. $ (document) .ready (function () {$ ('div # didIt'). Hide (); $ ('form [name = adminForm]'). Submit (function () ($ {'.post' ('/ project_ajax.php', {action: $ ('[name = action]') Val (), pId: $ ('[name = pId]'). Val (), name ('[Name = name]'. Val (), url: $ ('[url = url]'). Val (), summary: ('[summary = summary]'). Val ()}, Function (data) {if (data.success) {$ ('div # didIt') .Sliddown ('slow');} and {warning ('unsuccessful SA!');}}, 'Jason'); return false ;});}); What is the code for project_ajax.php below ... if ($ _ POST ['action'] == ...
Read more