OpenSSL::Cipher partially decrypts string with wrong iv

I have an application where I want to require both the correct key and
iv in order to decrypt a string. I wrote a very simple program to test
the various success and failure cases.

ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-darwin8.10.1]

When the key and iv are correct, it succeeds, as expected.
When the wrong key is provided, it fails, as expected.
However, when I pass the wrong iv, it looks like it actually decrypts
most of the string. Only the first 16 bytes are not decrypted properly.

Here’s the test program:

require ‘openssl’

str = “The quick brown fox jumped over the lazy dog.”

cip1 =“aes-256-cbc”)
key = cip1.random_key
iv = cip1.random_iv

es = cip1.update(str) +

cip2 =“aes-256-cbc”)
cip2.key = key
cip2.iv = “X” * 32 # pass the wrong iv

rs = cip2.update(es) +

puts rs

I would expect the decrypt to fail or just return garbage, but I get the

���t��Y������W�fox jumped over the lazy dog.

Are my assumptions wrong, or is this an issue?

Thanks in advance. rpo

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs