Ezcrypto

bob · June 14, 2007, 5:05pm

require ‘ezcrypto’

key = EzCrypto::Key.new “1234567812345678”, :algorithm=>“blowfish”
key.encrypt_file “en.dll”, “crypt.dll”
key.decrypt_file “crypt.dll”,“en.dll”

encrypts the 4,382,208 bytes file into a 29,003 bytes file decrypting
this then obviously fails. This code works ok with small text files ok.

Oh please don’t RTFM me cos the documentation is up to the usual Ruby
standard
Ruby, so much power so little documentation.

Thanks for any help,
Bob

bob · June 14, 2007, 5:43pm

And you are posting this to Ruby-lang why? Sounds like you didn’t even
try
to contact the author of EzCrypto.

http://ezcrypto.rubyforge.org/

And too bad, I’m going to tell you to RTFM. I checked it out (I have no
prior knowledge of this library) and I think I already know what’s wrong
with your code:

Key#new:
“Initialize the key with raw unencoded binary key data. This needs to be
at
least 16 bytes long for the default aes-128 algorithm.”

It wants “raw binary key data”. A Ruby string is not “raw binary key
data”.

Otherwise, I was unable to get it working with blowfish or aes-128-cbc,
so
either go get a hold of the author and ask, try to fix the problem
yourself,
or assume that the library is broken (it was released in Sept 2006) and
move
on.

Jason

bob · June 14, 2007, 6:04pm

The manual actually sucks, but I would still recommend joining the
ezcrypto
mailing list. I think we are seeing the same reoccuring problem with
crypo
libraries on this mailing list and that is the fact that you MUST
specify
exactly which cipher mode to use. Most of the crypto libraries just
wrap
openssl and alot of the default cipher modes they use only operate on
binary
data in specific sized chunks.

http://openssl.org/docs/crypto/blowfish.html#

Nathan

bob · June 14, 2007, 10:34pm

Without seeing your code I can only speculate what the root problem is,
but
from the > 256 byte error description it sounds like you are using a
block
cipher that expects you to hand it 256 byte max chunks of data at a
time. I
would look at trying to use a stream cipher that allows a variable
amount of
data to be passed to it. My knowledge of the openssl lib is not deep so
I
can’t really show this in code right now but I will try to put an
example up
later today. I can say however that using a crypto library is more
complex
than just creating an object and handing it a (key, plaintext, salt)
type
argument. You have to understand the default cipher that is being used
by
the method during creation or you will not pass the data in the expected
format. There is more to the implementation than the crypto algorithm
of
choice. Blowfish is a block cipher algorithm, yet there are multiple
“block
modes” that it uses. I.E. ECB (electronic codebook), CBC
(cipher-block
chaining), OFB (output feedback), CFB (cipher feedback).
Wikipedia.orghas a pretty good explanation of the modes.

You do not need to understand the mathematical formulas to implement,
however you should have a basic understanding of each mode to choose the
proper one for your implementation. From the few minutes I’ve looked at
the
openssl documentation it looks like you have to specify a mode and then
depending on the mode chose you have a setup phase, encryption phase,
and
decryption phase. I also looked at a few lines of the ezcrypto binding
and
it looks like doesn’t do anything except wrap the C API for openssl so
this
link should give you a basic idea of what you’re looking for in
implementation.

http://www.openssl.org/docs/crypto/blowfish.html

Unfortunately as you’ve previously stated the Ruby specific
documentation is
almost nil on this subject. I will try to put something small up
tonight.

Nathan

bob · June 15, 2007, 11:09am

here’s some basic code that will encrypt a file with blowfish and CBC,
note it doesn’t do the last block of the file that is less than 8 bytes.

require ‘openssl’

key = “1234567812345678”
alg = “BF-CBC”
iv = “00000000”

bf = OpenSSL::Cipher::Cipher.new(alg)
bf.encrypt
bf.key = key
bf.iv = iv

File.open(“openssl.dat”,‘wb’) do |enc|

File.open(“test.txt”,“rb”) do |f|
size = File.size(“test.txt”)
blocks = size / 8

for i in 1..blocks
  r = f.read(8)
  cipher = bf.update(r)
  enc << cipher
end

end

enc << bf.final
end

You can also speed it up by doing more efficient read from file, anyhoo
Openssl file encryption with Blowfish seems ok, I can get back on with
the work I’m meant to be doing now

Jim.

bob · June 15, 2007, 11:12am

Also note that it does not write the IV at the beginning of the file,
would be something you need to add if you require that.

Oh and I was able to decrypt this using my C version of Blowfish not
from Openssl.

Jim.

bob · June 15, 2007, 5:52pm

It seems like you would need to add padding to this method to encrypt
the
whole file, but then how would your decryption process know how to
remove
the padding unless it is implemented in the same program? Must be a
better
way to do this using openssl/ezcrypto. I have Applied Cryptography
sitting
on my desk right now which should provide a clue on how this is usually
handled. Unfortunately I also have “required” work to do today.
Hope
to keep this thread alive and work it to a resolution soon.

Nathan

bob · June 14, 2007, 10:06pm

Hmmm I get the same problem, seems like it dies if the file is greater
than 256 bytes, dunno if that means much.

I don’t think what Jason said is very relevant, and their does seem to
be an issue. The documentation is typically bad and I personally do
find that very annoying, people can find the time to write blogs and
publish this stuff but can’t spend 10 minutes writing some simple sample
code. I have posted on the relevant ruby forge forum but I would not
expect to get a message anytime soon.

Fixing the bug might well be very time consuming as it is a wrapper
around Openssl, and we don’t know if the issue is with that or ezcrypto.

Move on then I guess, but to what? The crypto gem works okay if you only
need to crypt small files but is very slow on big files, not practical
for our plans.

Look at OpenSSL gem directly I guess, but you will have a hard time
finding useful documentation for that either me thinks.

Anyone know how to crypt files with Blowfish using Openssl, to late at
night now for me to try that!

Jim.

bob · June 18, 2007, 12:40pm

File.open(“test.enc”,‘wb’) do |enc|

File.open(“test.txt”,“rb”) do |f|
size = File.size(“test.txt”)
blocks = size / 8

for i in 1..blocks
  r = f.read(8)
  cipher = bf.update(r)
  enc << cipher
end

if size%8 >0
  r = f.read((size%8))
  cipher = bf.update(r)
  enc << cipher
end

end

enc << bf.final
end

That does the trick, I think the bf.final should sort out the padding.
In fact I wouldn’t be surprised if you didn’t have to feed update 8
bytes at a time, but not tested…NOTE: this is just test code that
works, and isn’t efficient.

Jim.