If you request the data encrypted in CBC mode of tripleDES to the other server, the data will be responded in the same way, so decrypt it.
So, I was completely ignorant about this triple DES, so when I googled it, it was difficult to find unexpected information in Ruby articles. I searched variously and arrived at this page. http://timolshansky.com/2011/10/23/ruby-triple-des-encryption.html
In fact, when I run the code written here, it works. However, it was a long time from here.
No matter how many times you check other parameters using the key you received, there will be no mistakes. Gununu ...
Shamefully, if you show me the code (another language) that the other party is using for encryption .... Oh? Something is attached to the beginning of the encrypted byte, right?
Actually, in this encryption method (des-ede3-cbc), in addition to the private key, a thing called ** initialization vector ** is used like a real key for encryption. It took me a long time to notice this. The reason is that the pages listed in ↑ and other sloppy pages use a method called'pkcs5_keyivgen'. The point is to create an instance-> set the key and initialization vector with pkcs5_keyivgen-> encrypt and decrypt, but this means that the same initialization vector is used. So it can be decrypted.
However, the condition this time is ** encryption at hand-> decryption at the other server, so the other party must know not only the private key but also the information of the initialization vector **. (Is it a triple DES specification to put an initialization vector at the beginning? I didn't understand this even if I googled it)
So, here is what I actually tried. This time, the first 8 bytes are the initialization vector.
class TripleDES
class << self
IV_LENGTH = 8
SECRET_KEY = 'your__awesome_Secret_Key'
def get_cipher
cipher = OpenSSL::Cipher.new('des-ede3-cbc')
cipher.key = SECRET_KEY
cipher
end
def encrypt(plain_string)
cipher = get_cipher
cipher.encrypt
#Generate initialization vector
iv = OpenSSL::PKCS5.pbkdf2_hmac(SecureRandom.alphanumeric(10), SecureRandom.alphanumeric(10), 2, IV_LENGTH, 'sha1')
cipher.iv = iv
output = cipher.update(plain_string)
output << cipher.final
#Put an initialization vector before the generated cipher
iv + output
end
def decrypt(encrypted_byte_string)
cipher = get_cipher
cipher.decrypt
#Extract initialization vector and body respectively
iv = encrypted_byte_string.byteslice(0, IV_LENGTH)
cipher.iv = iv
target_bytes = encrypted_byte_string.byteslice(IV_LENGTH, encrypted_byte_string.chars.count)
output = cipher.update(target_bytes)
output << cipher.final
end
end
end
I didn't notice for a while that pkcs5_keyivgen properly wrote deprecated methods. Lol https://docs.ruby-lang.org/ja/latest/method/OpenSSL=3a=3aCipher/i/pkcs5_keyivgen.html
This is more detailed. That's right, pkcs5_keyivgen can't get iv. https://techmedia-think.hatenablog.com/entry/20110527/1306499951
I hope it will be a hint for those who will implement it in the future. I was addicted to it after a long time ...
Recommended Posts