Openssl encrypt / decrypt question


#1

Hi all,

I’m attempting to encrypt and decrypt a string, and am having some
issues with the decrypt side. I’m using ruby 1.8.4 on gentoo.

My code looks something like this:

-----code starts-----
require ‘openssl’

Load up sender key pair

from_cert = X509::Certificate.new(File::read(“send_cert.pem”))
from_key = PKey::RSA.new(File::read(“send_key.pem”))

Load up recipient key pair (

to_cert = X509::Certificate.new(File::read(“rcpt_cert.pem”))
to_key = PKey::RSA.new(File::read(“rcpt_key.pem”))

Basic data

data = “test this out”

Sign message

from_signed = PKCS7::sign(from_cert, from_key, data, [], PKCS7::BINARY)

The next line emits the data correctly

print from_signed.data

Encrypt signed message

from_encrypted = PKCS7::encrypt([to_cert], from_signed.to_der,
Cipher::Cipher::new(“DES3”), PKCS7::BINARY)

This is the data format I send to the recipient.

from_message = from_encrypted.to_pem

Pretend that I’m receiving this on the ‘to’ side.

to_encrypted = PKCS7::PKCS7.new(from_message)
to_decrypted = PKCS7::PKCS7.new(to_encrypted.decrypt(to_key, to_cert,
PKCS7::BINARY))

See who signed the message:

to_decrypted.signers.each { |signer|
print “#{signer.name}\n”
}

This should emit the data, but instead prints nothing.

print “#{to_decrypted.data}\n”
-----code ends-----

So… I know that the encryption works, because a third party can
decrypt messages I send them. However, in this testing setup, I can see
who the signer is, but there’s no data (output is ‘nil’).

Anyone know what I’m doing wrong?

Thanks,

Aynon