DES3 encryption with jruby-openssl: output not matching command-line openssl output?

Ruby JRuby
1

Hello,

I’m trying to encrypt some credit card numbers for later consumption by
a .NET app, and I’m having trouble getting the output to match up…I’m
following the guide from Ola B. here:

http://olabini.com/blog/2008/08/ruby-security-quick-guide/

Long story short, I’m using DES3, my sample app (copied from the above
guide) and its output:

#--------------------------------------------------

require ‘base64’

require ‘openssl’

KEY = “42269702-c1cd-4df1-9df3-”

IV = “01234567”

def encrypt_and_encode(s)

        cipher = OpenSSL::Cipher::Cipher.new('des-ede3-cbc')

        cipher.encrypt

        cipher.key = KEY

        cipher.iv =  IV



        output = ""



        output << cipher.update(s)

        output << cipher.final

        Base64.encode64(output)

end

encoded = encrypt_and_encode(“1234123412341234”)

p encoded

#-----------------------------------------------------

Output is

“kIVlfa8lAV8mh7hF9NcEXAU50k4FfGEH\n” …

If I run its equivalent using openssl from the command line I get:

openssl des3 -in input.txt -out output.txt -K
34323236393730322d633163642d346466312d396466332d -iv 3031323334353637 -a

NPyyxq5SiKvBDxZHf+8nfh0qIm7ynjlT

The .NET side of the code is successfully encrypting/decrypting the same
output as what openssl gives, so I’m guessing there is something I’m
missing with how I’m using jruby-openssl?

Thanks for any insights!

Richard F.

2

Hi,

On Fri, Mar 12, 2010 at 08:39, Finegan, Richard [HDS - WC]
[email protected] wrote:

I’m trying to encrypt some credit card numbers for later consumption by a
.NET app, and I’m having trouble getting the output to match up…I’m
following the guide from Ola B. here:

What version of jruby-openssl gem are you using?
I think I fixed this in jruby-openssl 0.6.0.

jruby-openssl < 0.6.0 wrongly uses KEY[0, 16] + KEY[0, 8] instead of
KEY[0, 24] for 3des-ede.

By the way, make sure your input.txt does not have a “\n” or not at
the end of file. (It should have a “\n” now) Both cipher text does
not match because your script does not include “\n” as an input
string.

Regards,
// NaHi

To unsubscribe from this list, please visit:

http://xircles.codehaus.org/manage_email
3

Upgrading to 0.6.0 worked…sorry, I should’ve tried this first.

Thanks much!

Richard F.