require 'ezcrypto' key = EzCrypto::Key.new "1234567812345678", :algorithm=>"blowfish" key.encrypt_file "en.dll", "crypt.dll" key.decrypt_file "crypt.dll","en.dll" encrypts the 4,382,208 bytes file into a 29,003 bytes file decrypting this then obviously fails. This code works ok with small text files ok. Oh please don't RTFM me cos the documentation is up to the usual Ruby standard ;) Ruby, so much power so little documentation. Thanks for any help, Bob
on 2007-06-14 19:05
on 2007-06-14 19:43
And you are posting this to Ruby-lang why? Sounds like you didn't even try to contact the author of EzCrypto. http://ezcrypto.rubyforge.org/ And too bad, I'm going to tell you to RTFM. I checked it out (I have no prior knowledge of this library) and I think I already know what's wrong with your code: Key#new: "Initialize the key with raw unencoded binary key data. This needs to be at least 16 bytes long for the default aes-128 algorithm." It wants "raw binary key data". A Ruby string is not "raw binary key data". Otherwise, I was unable to get it working with blowfish or aes-128-cbc, so either go get a hold of the author and ask, try to fix the problem yourself, or assume that the library is broken (it was released in Sept 2006) and move on. Jason
on 2007-06-14 20:04
The manual actually sucks, but I would still recommend joining the ezcrypto mailing list. I think we are seeing the same reoccuring problem with crypo libraries on this mailing list and that is the fact that you MUST specify exactly which cipher mode to use. Most of the crypto libraries just wrap openssl and alot of the default cipher modes they use only operate on binary data in specific sized chunks. http://openssl.org/docs/crypto/blowfish.html# - Nathan
on 2007-06-15 00:06
Hmmm I get the same problem, seems like it dies if the file is greater than 256 bytes, dunno if that means much. I don't think what Jason said is very relevant, and their does seem to be an issue. The documentation is typically bad and I personally do find that very annoying, people can find the time to write blogs and publish this stuff but can't spend 10 minutes writing some simple sample code. I have posted on the relevant ruby forge forum but I would not expect to get a message anytime soon. Fixing the bug might well be very time consuming as it is a wrapper around Openssl, and we don't know if the issue is with that or ezcrypto. Move on then I guess, but to what? The crypto gem works okay if you only need to crypt small files but is very slow on big files, not practical for our plans. Look at OpenSSL gem directly I guess, but you will have a hard time finding useful documentation for that either me thinks. Anyone know how to crypt files with Blowfish using Openssl, to late at night now for me to try that! Jim.
on 2007-06-15 00:34
Without seeing your code I can only speculate what the root problem is, but from the > 256 byte error description it sounds like you are using a block cipher that expects you to hand it 256 byte max chunks of data at a time. I would look at trying to use a stream cipher that allows a variable amount of data to be passed to it. My knowledge of the openssl lib is not deep so I can't really show this in code right now but I will try to put an example up later today. I can say however that using a crypto library is more complex than just creating an object and handing it a (key, plaintext, salt) type argument. You have to understand the default cipher that is being used by the method during creation or you will not pass the data in the expected format. There is more to the implementation than the crypto algorithm of choice. Blowfish is a block cipher algorithm, yet there are multiple "block modes" that it uses. I.E. ECB (*electronic codebook)*, CBC (*cipher-block chaining)*, OFB (*output feedback)*, CFB (*cipher feedback)*. Wikipedia.orghas a pretty good explanation of the modes. http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation You do not need to understand the mathematical formulas to implement, however you should have a basic understanding of each mode to choose the proper one for your implementation. From the few minutes I've looked at the openssl documentation it looks like you have to specify a mode and then depending on the mode chose you have a setup phase, encryption phase, and decryption phase. I also looked at a few lines of the ezcrypto binding and it looks like doesn't do anything except wrap the C API for openssl so this link should give you a basic idea of what you're looking for in implementation. http://www.openssl.org/docs/crypto/blowfish.html Unfortunately as you've previously stated the Ruby specific documentation is almost nil on this subject. I will try to put something small up tonight. - Nathan
on 2007-06-15 13:09
here's some basic code that will encrypt a file with blowfish and CBC, note it doesn't do the last block of the file that is less than 8 bytes. require 'openssl' key = "1234567812345678" alg = "BF-CBC" iv = "00000000" bf = OpenSSL::Cipher::Cipher.new(alg) bf.encrypt bf.key = key bf.iv = iv File.open("openssl.dat",'wb') do |enc| File.open("test.txt","rb") do |f| size = File.size("test.txt") blocks = size / 8 for i in 1..blocks r = f.read(8) cipher = bf.update(r) enc << cipher end end enc << bf.final end You can also speed it up by doing more efficient read from file, anyhoo Openssl file encryption with Blowfish seems ok, I can get back on with the work I'm meant to be doing now :) Jim.
on 2007-06-15 13:12
Also note that it does not write the IV at the beginning of the file, would be something you need to add if you require that. Oh and I was able to decrypt this using my C version of Blowfish not from Openssl. Jim.
on 2007-06-15 19:52
It seems like you would need to add padding to this method to encrypt the whole file, but then how would your decryption process know how to remove the padding unless it is implemented in the same program? Must be a better way to do this using openssl/ezcrypto. I have Applied Cryptography sitting on my desk right now which should provide a clue on how this is usually handled. Unfortunately I also have "required" work to do today. :P Hope to keep this thread alive and work it to a resolution soon. - Nathan
on 2007-06-18 14:40
File.open("test.enc",'wb') do |enc| File.open("test.txt","rb") do |f| size = File.size("test.txt") blocks = size / 8 for i in 1..blocks r = f.read(8) cipher = bf.update(r) enc << cipher end if size%8 >0 r = f.read((size%8)) cipher = bf.update(r) enc << cipher end end enc << bf.final end That does the trick, I think the bf.final should sort out the padding. In fact I wouldn't be surprised if you didn't have to feed update 8 bytes at a time, but not tested...NOTE: this is just test code that works, and isn't efficient. Jim.