AES-256-CBC with Digest from Ruby to NodeJS - ruby

I am hoping someone can shed some light on a problem that has been vexing me for the last few hours.
I am trying to decode a string that has been encoded in Ruby thus:
#!/usr/bin/env ruby
require 'base64'
require 'openssl'
require 'openssl/cipher'
require 'openssl/digest'
aes = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
aes.encrypt
aes.key = Digest::SHA256.digest('IHazSekretKey')
p Base64.encode64( aes.update('text to be encrypted') << aes.final )
Executing the above spits out: "3P86KyOrN2QJ/HFxxo3b7kAsxTgpDMMjROUPclsuXj0=\n"
I now try to decrypt this string in NodeJS 0.6.17
#!/usr/bin/env node
var crypto = require('crypto');
function decrypto(toDecryptStr) {
var result,
encoded = new Buffer(toDecryptStr, 'base64'),
decodeKey = crypto.createHash('sha256').update('IHazSekretKey', 'ascii').digest(),
decipher = crypto.createDecipher('aes-256-cbc', decodeKey);
result = decipher.update(encoded);
result += decipher.final();
return result;
};
console.log(decrypto('3P86KyOrN2QJ/HFxxo3b7kAsxTgpDMMjROUPclsuXj0='));
console.log(decrypto('3P86KyOrN2QJ/HFxxo3b7kAsxTgpDMMjROUPclsuXj0=\n')
The second script yields:
nazar#xfce:~/tmp/tst$ ./js_decrypt
Å'{ H£V)ÜB
Å'{ H£V)ÜB
Any help would be very much appreciated as my only remaining option now is to drown myself in a barrel of [Jamerson || Kirin Ichiban] (I'm only kidding)
PS there is a similar question on SO here, which sadly hasn't yielded any inspiration for my case.

The critical missing piece is the IV, which is required when encryption/decryption is to be made across language boundaries as apparently the encrypter will generate a random IV (or something like that - still don't understand how Ruby decrypts the string without an IV.... but then what do I know....), if one is not provided.
The following snippets show how to encrypt a string in Ruby and decrypt in NodeJS.
#!/usr/bin/env ruby
require 'openssl'
require 'base64'
require 'openssl/cipher'
require 'openssl/digest'
aes = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
aes.encrypt
aes.key = Digest::SHA256.digest('IHazSekretKey')
aes.iv = '1234567890123456'
p Base64.encode64( aes.update('text to be encrypted') << aes.final )
The above prints: "eiLbdhFSFrDqvUJmjbUgwD8REjBRoRWWwHHImmMLNZA=\n"
#!/usr/bin/env node
var crypto = require('crypto');
function decrypto(toDecryptStr) {
var result,
encoded = new Buffer(toDecryptStr, 'base64'),
decodeKey = crypto.createHash('sha256').update('IHazSekretKey', 'ascii').digest(),
decipher = crypto.createDecipheriv('aes-256-cbc', decodeKey, '1234567890123456');
result = decipher.update(encoded);
result += decipher.final();
return result;
}
console.log(decrypto('eiLbdhFSFrDqvUJmjbUgwD8REjBRoRWWwHHImmMLNZA=\n'))
The JS script now properly decrypts the string.
One unfortunate side effect is that existing encrypted data will need to be decrypted and then re-encrypted with an IV that is then used in the decrypting implementation.
A PITA but nonetheless a working solution.

Related

node.js and ruby 1.8 different hmac sha1 result

I have ruby 1.8.7 code that create hmac with sha1
key= '123'
digest = Digest::SHA1.new
digest << 'test string'
digest << key
result = digest.hexdigest
# "c1bdfd602e1581f1ab91928e2c3fd371a1e63a5c"
I want to replicate this with node.js:
key= '123';
myhmac = crypto.createHmac('sha1', key);
result = myhmac.update('test string').digest('hex');
// 'a145f4d366e9e4e96b80bc427144ba77b3c7151a'
But the result is different.
What should I do in nodejs to have the same result as from ruby?
You are comparing a plain SHA1 digest in your Ruby code with a HMAC (using SHA1 as its hash function) in your Node code. These are different things, although the HMAC makes use of SHA1.
Usually you would want to use the HMAC over the plain SHA1. To do that in Ruby you could do something like:
require 'openssl'
key = '123'
data = 'test string'
digest = OpenSSL::Digest::SHA1.new
# See how HMAC uses SHA1 here:
result = OpenSSL::HMAC.hexdigest(digest, key, data)
# => "a145f4d366e9e4e96b80bc427144ba77b3c7151a", same as your node result
To reproduce your Ruby results in Node (calculating the SHA1 of the message + key), you want something like this:
const crypto = require('crypto');
const hash = crypto.createHash('sha1'); // Just SHA1, no HMAC
hash.update('test string');
hash.update('123'); // The Ruby code is hashing the concatenation of
// the data and key
result = hash.digest('hex');
// => 'c1bdfd602e1581f1ab91928e2c3fd371a1e63a5c', same as Ruby code
To make it works for both (nodejs and ruby), please make sure :
(important) make it in the same format.
ruby:
payload = "{'name': 'james kachiro sarumaha', 'data': [], 'is_available': true}"
payload = payload.to_json
nodejs:
payload = "{'name': 'james kachiro sarumaha', 'data': [], 'is_available': true}"
payload = JSON.stringify(payload)
have a correct key. (32)
ruby:
key = "v1tg3cOvfNdxh4TXxtdVmeB106doeQFS"
nodejs:
key = "v1tg3cOvfNdxh4TXxtdVmeB106doeQFS"
conversion
ruby :
digest = OpenSSL::Digest::SHA256.new
result = OpenSSL::HMAC.hexdigest(digest, password, payload)
#bd0724a05fab03e64e0112d09ceb11b6c1cbd8f9629a1d303e8d395d36cce396
nodejs:
crypto.createHmac('sha256', key).update(payload).digest('hex')
//bd0724a05fab03e64e0112d09ceb11b6c1cbd8f9629a1d303e8d395d36cce396
crypto from crypto module (nodejs core).
in my case, I'm using SHA256 but you can change it to SHA1. it will have the same result also.
tx

As a NodeJS user, how do I use the ruby OpenSSL library for crypto?

I'm Node developer, but every once in awhile I get to play around with ERB templates. I really love pulling out as much ruby as I can in these templates when I can and this idea caught my eye especially.
I have this configuration value, which should be encrypted, but is coming in plain text. The program would decrypt it like so:
var crypto = require('crypto');
var decipher = crypto.createDecipher('aes256', 'e20jhciwjf90u2r9u9ujj');
var decrypted = crypto.update('4ufujj90u19ru90u109u') + crypto.final();
I was wondering how I might go about creating an encrypted string for the above to decrypt using ruby?
So far I have:
require 'openssl'
cipher = OpenSSL::Cipher::Cipher.new('aes256');
cipher.key= 'e20jhciwjf90u2r9u9ujj'
encrypted = cipher.update('my cat is yellow and very pretty.') + cipher.final
Two problems I have:
I often get a Key length not long enough error on the ruby side.
Ruby outputs a bunch of crazy hex, whereas node seems to always take/want utf8.
Am I encrypting/decrypting safely?
Is there a way to universally translate/work laterally with these two APIs?
AES-256 uses a key of 256bits, and by default ruby uses utf-8 encoding, so each ansi character is 8bit long. So the key string must be 32 bytes.
Explicitly use an aes mode (e.g. aes-256-cbc).
Set the same iv(initial vector) on both sides
I finally succeeded with the above methods.
Here is my code:
Ruby side:
require 'openssl'
require 'base64'
cipher = OpenSSL::Cipher.new('aes-256-cbc')
cipher.encrypt
cipher.iv = 'a'*16;
cipher.key = '01234567890123456789012345678901' # should be 32 characters, 32*8=256 bits
enc = Base64.strict_encode64(cipher.update('01234567890123456789012345678901') + cipher.final)
puts enc
Javascript side:
var encrypted = new Buffer(base64Data, 'base64');
var crypto = require('crypto');
var decipher = crypto.createDecipheriv('aes-256-cbc', '01234567890123456789012345678901', 'aaaaaaaaaaaaaaaa');
var dec = decipher.update(encrypted);
console.log(Buffer.concat([dec, decipher.final()]));

Coldfusion "AES/CBC/PKCS5Padding" decryption in Ruby

I need to decrypt text encrypted using AES/CBC/PKCS5Padding scheme. The encrypted text I got was generated using Coldfusion.
CFML example below:
<table border="1" cellpadding="5" cellspacing="0">
<tr bgcolor="c0c0c0">
<th>Decrypted string</th>
<th>3DESKey</th>
</tr>
<cfset variables.algorithm ="AES/CBC/PKCS5Padding">
<cfset variables.seed ="C610297CE8570750">
<cfset variables.password = "Vza0O49SHpIe/mR4+4jHXhApmKhEyl5O2nzzDxVNQbo=">
<cfset variables.decryptedString = Decrypt(variables.password, generate3DesKey("#variables.seed#"), "#variables.algorithm#", "Base64")>
<cfoutput>
<tr>
<td>#variables.decryptedString#</td>
<td><cfoutput>#generate3DesKey("variables.seed")#</cfoutput></td>
</tr>
</cfoutput>
</table>
Output is:
Decrypted String: Name322big563
3DESKey: QzYxMDI5N0NFODU3MDc1MA==
I tried with ruby:
require 'openssl'
require 'base64'
string = "Vza0O49SHpIe/mR4+4jHXhApmKhEyl5O2nzzDxVNQbo="
def decrypt(cpass)
des = OpenSSL::Cipher::Cipher.new('AES-256-CBC')
des.decrypt
des.key = 'C610297CE8570750'
return des.update(Base64.decode64(cpass)) + des.final
end
decrypted = decrypt(string)
puts "decrypted string: #{decrypted}"
I get key length too short (OpenSSL::Cipher::CipherError)
The problem is I don't know the key but only the seed used C610297CE8570750, because the key returned by the CFML script is base64 but I need a hex key.
I tried also with OpenSSL::Cipher::AES256.new(:CBC) same error.
require 'openssl'
require 'base64'
# decryption
aes = OpenSSL::Cipher::AES256.new(:CBC)
aes.decrypt
aes.padding = 1 # actually it's on by default
aes.key = "QzYxMDI5N0NFODU3MDc1MA=="
aes.iv = "C610297CE8570750"
aes.update(Base64::decode64("Vza0O49SHpIe/mR4+4jHXhApmKhEyl5O2nzzDxVNQbo="))+aes.final
Any idea?
EDIT:
As hinted by #Leigh, need to use AES-128-CBC, so I did this:
require 'openssl'
require 'base64'
string = "Vza0O49SHpIe/mR4+4jHXhApmKhEyl5O2nzzDxVNQbo="
def decrypt(cpass)
des = OpenSSL::Cipher::Cipher.new('AES-128-CBC')
des.decrypt
des.key = 'C610297CE8570750'
return des.update(Base64.decode64(cpass)) + des.final
end
decrypted = decrypt(string)
puts "decrypted string: #{decrypted}"
actually seems to kinda work (...ish).
decrypted string: ▒▒.ϥD▒▒ ▒▒▒▒▒Name322big563
any idea what's still wrong?
(Expanded from comments)
but I need a hex key
Then convert it from base64 to hex. In CF, you can use the BinaryEncode() and BinaryDecode functions:
binaryEncode(binaryDecode("QzYxMDI5N0NFODU3MDc1MA==", "base64"), "hex")
Looks like there are a few other problems:
The CF code generates a 128 bit key, but the ruby code is using AES 256. It needs to use AES 128.
The CF code is generating a random IV. The Ruby code is using a totally different iv. With CBC mode, both sides must use the same iv to get the expected results. "Decrypting with the incorrect IV causes the first block of plaintext to be corrupt ...", which is why your decrypted value is off. To resolve it, the Ruby code should use the same iv that was used to encrypt.
Update:
When CF generates the IV automatically (as it does here), it prepends that IV to the encrypted value:
When ColdFusion creates an IV automatically, it generates a secure,
random IV and prepends this to the encrypted data. When ColdFusion
decrypts the data, this IV is recovered and used. It is
cryptologically important that the IV varies between encryptions. This
is why the encrypted value changes when you repeatedly encrypt the
same string with an algorithm that uses an IV, like
DES/CBC/PKCS5Padding. Unlike the encryption key, it is not necessary
for the IV to be kept secret.
So the IV value can be extracted by removing the first "block" of the encrypted binary. The block size depends on the algorithm. For AES, it is 16. I do not know the exact Ruby code, but in CF you could extract the IV like so:
blockSize = 16;
rawBinary = binaryDecode(encryptedString, "base64");
// IV is always the first block
ivBytes = arraySlice(rawBinary, 1, blockSize);
// Remaining bytes are the encrypted value
dataBytes = arraySlice(rawBinary, blockSize+1, arrayLen(rawBinary)-blockSize);
Unless I'm very much mistaken, this is a problem I encountered years ago.
PHP Encryption Code Converted to ColdFusion

Decrypting salted AES file generated on command line with Ruby

I would like to decrypt a text file within a ruby 2.1 script which was previously encrypted using OpenSSL's commandline tools:
openssl enc -aes-256-cbc -a -salt -in my_file
As seen in the command, the file is AES-256-CBC encrypted, salted and base64 encoded.
The password is known, but not the IV nor the key, which are required to follow this code snippet, taken from the ruby documentation:
decipher = OpenSSL::Cipher::AES.new 256, :CBC
decipher.decrypt
decipher.key = key
decipher.iv = iv
plain = decipher.update(encrypted_text) + decipher.final
While trying to find an answer, I found the gem AESCrypt gem which supposedly simplifies en- and decrypting, yet the currently released version is not compatible with ruby 2.1.
Looking at it's source code, I found that the key was retrieved by digesting the password, and the IV is just left as nil.
So I tried to get the following running:
encoded_and_encrypted_text = File.read my_file_path
encrypted_text = Base64.decode64 encoded_and_encrypted_text.to_s.strip
decipher = OpenSSL::Cipher::AES.new 256, :CBC
decipher.decrypt
decipher.key = OpenSSL::Digest::SHA256.new(my_password).digest
plain_text = decipher.update(encrypted_text) + decipher.final
But this results in OpenSSL::Cipher::CipherError: bad decrypt.
Do I need to somehow specifically handle that the file is salted? I have read in the OpenSSL documentation for the enc function that the IV, if not specified while encrypting the file, is generated from the password. Do I need to manually reconstruct the IV somehow?
Any advice would be highly appreciated :)
OpenSSL uses a custom header and key derivation routine. Security.SE has a good description of the header and the docs for EVP_BytesToKey describe the key derivation.
We can modify your code to use this weird and somewhat broken key derivation as follows:
encoded_and_encrypted_text = File.read my_file_path
encrypted_text = Base64.decode64 encoded_and_encrypted_text.to_s.strip
header = encrypted_text[0,8]
salt = encrypted_text[8,8]
payload = encrypted_text[16..-1]
decipher = OpenSSL::Cipher::AES.new 256, :CBC
decipher.decrypt
D_1 = OpenSSL::Digest::MD5.new(my_password + salt).digest
D_2 = OpenSSL::Digest::MD5.new(D_1 + my_password + salt).digest
D_3 = OpenSSL::Digest::MD5.new(D_2 + my_password + salt).digest
decipher.key = (D_1 + D_2)
decipher.iv = D_3
plain_text = decipher.update(payload) + decipher.final

Using Ruby and Node crypto library together

I've got a string encrypted using aes-128-cbc encryption using Ruby and the EzCrypto library.
Here's my encryption code in Ruby:
require 'rubygems'
require 'ezcrypto'
#pwd = 'hello'; #salt = 'salt'
key = EzCrypto::Key.with_password #pwd,#salt, :algorithm=>"aes-128-cbc"
File.open('key.txt','w') do |file|
file.write(key.to_s)
end
File.open('secret.txt','w') do |file|
file.write(key.encrypt("hello"))
end
Now I'd like to decrypt that string with Node. And i'm getting nothing back. I must be doing something wrong here. Below is my Node code.
var crypto = require('crypto');
var fs = require('fs');
var secret = fs.readFileSync('secret.txt', 'binary');
var key = fs.readFileSync('key.txt', 'base64');
var decipher = crypto.createDecipher('aes-128-cbc', key);
var string = decipher.update(secret, 'binary', 'utf8');
string += decipher.final('utf8');
console.log("STRING: ", string)
Which returns: STRING:
Any help would be much appreciated.
The secret.txt contains binary instead of the expected UTF-8/HEX.
This turned out to be a issue with Ruby's implementation of OpenSSL. If you dig down deep into Ruby's source you find this:
[https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_cipher.c#L210][1]
Ruby always sets the iv or initialization vector to "OpenSSL for Ruby rulez!" which IMHO is ridiculous. Out of the box Ruby's OpenSSL encryption will never work with another languages.
Meaning EzCrypto won't work with Node :-(
I wrote my own cipher wrapper for Ruby which I set the IV manually. Everything else feel into place once that was fixed.
I really hope this helps someone else out. Took me forever to figure it out.

Resources