require ‘ezcrypto’

key = EzCrypto::Key.new “1234567812345678”, :algorithm=>“blowfish”
key.encrypt_file “en.dll”, “crypt.dll”
key.decrypt_file “crypt.dll”,“en.dll”

encrypts the 4,382,208 bytes file into a 29,003 bytes file decrypting
this then obviously fails. This code works ok with small text files ok.

Oh please don’t RTFM me cos the documentation is up to the usual Ruby
standard :wink:
Ruby, so much power so little documentation.

Thanks for any help,

And you are posting this to Ruby-lang why? Sounds like you didn’t even
to contact the author of EzCrypto.


And too bad, I’m going to tell you to RTFM. I checked it out (I have no
prior knowledge of this library) and I think I already know what’s wrong
with your code:

“Initialize the key with raw unencoded binary key data. This needs to be
least 16 bytes long for the default aes-128 algorithm.”

It wants “raw binary key data”. A Ruby string is not “raw binary key

Otherwise, I was unable to get it working with blowfish or aes-128-cbc,
either go get a hold of the author and ask, try to fix the problem
or assume that the library is broken (it was released in Sept 2006) and


The manual actually sucks, but I would still recommend joining the
mailing list. I think we are seeing the same reoccuring problem with
libraries on this mailing list and that is the fact that you MUST
exactly which cipher mode to use. Most of the crypto libraries just
openssl and alot of the default cipher modes they use only operate on
data in specific sized chunks.


  • Nathan

Without seeing your code I can only speculate what the root problem is,
from the > 256 byte error description it sounds like you are using a
cipher that expects you to hand it 256 byte max chunks of data at a
time. I
would look at trying to use a stream cipher that allows a variable
amount of
data to be passed to it. My knowledge of the openssl lib is not deep so
can’t really show this in code right now but I will try to put an
example up
later today. I can say however that using a crypto library is more
than just creating an object and handing it a (key, plaintext, salt)
argument. You have to understand the default cipher that is being used
the method during creation or you will not pass the data in the expected
format. There is more to the implementation than the crypto algorithm
choice. Blowfish is a block cipher algorithm, yet there are multiple
modes” that it uses. I.E. ECB (electronic codebook), CBC
, OFB (output feedback), CFB (cipher feedback).
Wikipedia.orghas a pretty good explanation of the modes.

You do not need to understand the mathematical formulas to implement,
however you should have a basic understanding of each mode to choose the
proper one for your implementation. From the few minutes I’ve looked at
openssl documentation it looks like you have to specify a mode and then
depending on the mode chose you have a setup phase, encryption phase,
decryption phase. I also looked at a few lines of the ezcrypto binding
it looks like doesn’t do anything except wrap the C API for openssl so
link should give you a basic idea of what you’re looking for in


Unfortunately as you’ve previously stated the Ruby specific
documentation is
almost nil on this subject. I will try to put something small up

  • Nathan

here’s some basic code that will encrypt a file with blowfish and CBC,
note it doesn’t do the last block of the file that is less than 8 bytes.

require ‘openssl’

key = “1234567812345678”
alg = “BF-CBC”
iv = “00000000”

bf = OpenSSL::Cipher::Cipher.new(alg)
bf.key = key
bf.iv = iv

File.open(“openssl.dat”,‘wb’) do |enc|

File.open(“test.txt”,“rb”) do |f|
size = File.size(“test.txt”)
blocks = size / 8

for i in 1..blocks
  r = f.read(8)
  cipher = bf.update(r)
  enc << cipher


enc << bf.final

You can also speed it up by doing more efficient read from file, anyhoo
Openssl file encryption with Blowfish seems ok, I can get back on with
the work I’m meant to be doing now :slight_smile:


Also note that it does not write the IV at the beginning of the file,
would be something you need to add if you require that.

Oh and I was able to decrypt this using my C version of Blowfish not
from Openssl.


It seems like you would need to add padding to this method to encrypt
whole file, but then how would your decryption process know how to
the padding unless it is implemented in the same program? Must be a
way to do this using openssl/ezcrypto. I have Applied Cryptography
on my desk right now which should provide a clue on how this is usually
handled. Unfortunately I also have “required” work to do today. :stuck_out_tongue:
to keep this thread alive and work it to a resolution soon.

  • Nathan

Hmmm I get the same problem, seems like it dies if the file is greater
than 256 bytes, dunno if that means much.

I don’t think what Jason said is very relevant, and their does seem to
be an issue. The documentation is typically bad and I personally do
find that very annoying, people can find the time to write blogs and
publish this stuff but can’t spend 10 minutes writing some simple sample
code. I have posted on the relevant ruby forge forum but I would not
expect to get a message anytime soon.

Fixing the bug might well be very time consuming as it is a wrapper
around Openssl, and we don’t know if the issue is with that or ezcrypto.

Move on then I guess, but to what? The crypto gem works okay if you only
need to crypt small files but is very slow on big files, not practical
for our plans.

Look at OpenSSL gem directly I guess, but you will have a hard time
finding useful documentation for that either me thinks.

Anyone know how to crypt files with Blowfish using Openssl, to late at
night now for me to try that!


File.open(“test.enc”,‘wb’) do |enc|

File.open(“test.txt”,“rb”) do |f|
size = File.size(“test.txt”)
blocks = size / 8

for i in 1..blocks
  r = f.read(8)
  cipher = bf.update(r)
  enc << cipher

if size%8 >0
  r = f.read((size%8))
  cipher = bf.update(r)
  enc << cipher


enc << bf.final

That does the trick, I think the bf.final should sort out the padding.
In fact I wouldn’t be surprised if you didn’t have to feed update 8
bytes at a time, but not tested…NOTE: this is just test code that
works, and isn’t efficient.