If you request the data encrypted in CBC mode of tripleDES to the other server, the data will be responded in the same way, so decrypt it.
So, I was completely ignorant about this triple DES, so when I googled it, it was difficult to find unexpected information in Ruby articles. I searched variously and arrived at this page. http://timolshansky.com/2011/10/23/ruby-triple-des-encryption.html
In fact, when I run the code written here, it works. However, it was a long time from here.
No matter how many times you check other parameters using the key you received, there will be no mistakes. Gununu ...
Shamefully, if you show me the code (another language) that the other party is using for encryption .... Oh? Something is attached to the beginning of the encrypted byte, right?
Actually, in this encryption method (des-ede3-cbc), in addition to the private key, a thing called ** initialization vector ** is used like a real key for encryption. It took me a long time to notice this. The reason is that the pages listed in ↑ and other sloppy pages use a method called'pkcs5_keyivgen'. The point is to create an instance-> set the key and initialization vector with pkcs5_keyivgen-> encrypt and decrypt, but this means that the same initialization vector is used. So it can be decrypted.
However, the condition this time is ** encryption at hand-> decryption at the other server, so the other party must know not only the private key but also the information of the initialization vector **. (Is it a triple DES specification to put an initialization vector at the beginning? I didn't understand this even if I googled it)
So, here is what I actually tried. This time, the first 8 bytes are the initialization vector.
class TripleDES class << self IV_LENGTH = 8 SECRET_KEY = 'your__awesome_Secret_Key' def get_cipher cipher = OpenSSL::Cipher.new('des-ede3-cbc') cipher.key = SECRET_KEY cipher end def encrypt(plain_string) cipher = get_cipher cipher.encrypt #Generate initialization vector iv = OpenSSL::PKCS5.pbkdf2_hmac(SecureRandom.alphanumeric(10), SecureRandom.alphanumeric(10), 2, IV_LENGTH, 'sha1') cipher.iv = iv output = cipher.update(plain_string) output << cipher.final #Put an initialization vector before the generated cipher iv + output end def decrypt(encrypted_byte_string) cipher = get_cipher cipher.decrypt #Extract initialization vector and body respectively iv = encrypted_byte_string.byteslice(0, IV_LENGTH) cipher.iv = iv target_bytes = encrypted_byte_string.byteslice(IV_LENGTH, encrypted_byte_string.chars.count) output = cipher.update(target_bytes) output << cipher.final end end end
I didn't notice for a while that pkcs5_keyivgen properly wrote deprecated methods. Lol https://docs.ruby-lang.org/ja/latest/method/OpenSSL=3a=3aCipher/i/pkcs5_keyivgen.html
This is more detailed. That's right, pkcs5_keyivgen can't get iv. https://techmedia-think.hatenablog.com/entry/20110527/1306499951
I hope it will be a hint for those who will implement it in the future. I was addicted to it after a long time ...