A story that I was really into when I did triple DES with ruby

Thing you want to do

If you request the data encrypted in CBC mode of tripleDES to the other server, the data will be responded in the same way, so decrypt it.

So, I was completely ignorant about this triple DES, so when I googled it, it was difficult to find unexpected information in Ruby articles. I searched variously and arrived at this page. http://timolshansky.com/2011/10/23/ruby-triple-des-encryption.html

In fact, when I run the code written here, it works. However, it was a long time from here.

Requesting to the other authentication server does not work

No matter how many times you check other parameters using the key you received, there will be no mistakes. Gununu ...

Shamefully, if you show me the code (another language) that the other party is using for encryption .... Oh? Something is attached to the beginning of the encrypted byte, right?

Another key called initialization vector

Actually, in this encryption method (des-ede3-cbc), in addition to the private key, a thing called ** initialization vector ** is used like a real key for encryption. It took me a long time to notice this. The reason is that the pages listed in ↑ and other sloppy pages use a method called'pkcs5_keyivgen'. The point is to create an instance-> set the key and initialization vector with pkcs5_keyivgen-> encrypt and decrypt, but this means that the same initialization vector is used. So it can be decrypted.

However, the condition this time is ** encryption at hand-> decryption at the other server, so the other party must know not only the private key but also the information of the initialization vector **. (Is it a triple DES specification to put an initialization vector at the beginning? I didn't understand this even if I googled it)


So, here is what I actually tried. This time, the first 8 bytes are the initialization vector.

class TripleDES
  class << self
    IV_LENGTH = 8
    SECRET_KEY = 'your__awesome_Secret_Key'

    def get_cipher
      cipher = OpenSSL::Cipher.new('des-ede3-cbc')
      cipher.key = SECRET_KEY

    def encrypt(plain_string)
      cipher = get_cipher

      #Generate initialization vector
      iv = OpenSSL::PKCS5.pbkdf2_hmac(SecureRandom.alphanumeric(10), SecureRandom.alphanumeric(10), 2, IV_LENGTH, 'sha1')
      cipher.iv = iv

      output = cipher.update(plain_string)
      output << cipher.final

      #Put an initialization vector before the generated cipher
      iv + output

    def decrypt(encrypted_byte_string)
      cipher = get_cipher

      #Extract initialization vector and body respectively
      iv = encrypted_byte_string.byteslice(0, IV_LENGTH)
      cipher.iv = iv
      target_bytes = encrypted_byte_string.byteslice(IV_LENGTH, encrypted_byte_string.chars.count)

      output = cipher.update(target_bytes)
      output << cipher.final


I didn't notice for a while that pkcs5_keyivgen properly wrote deprecated methods. Lol https://docs.ruby-lang.org/ja/latest/method/OpenSSL=3a=3aCipher/i/pkcs5_keyivgen.html

This is more detailed. That's right, pkcs5_keyivgen can't get iv. https://techmedia-think.hatenablog.com/entry/20110527/1306499951

I hope it will be a hint for those who will implement it in the future. I was addicted to it after a long time ...

Recommended Posts

A story that I was really into when I did triple DES with ruby
After verifying the Monty Hall problem with Ruby, a story that I could understand well and did not understand well
A memo that I was addicted to when making batch processing with Spring Boot
A story I was addicted to when getting a key that was automatically tried on MyBatis
Java: A story that made me feel uncomfortable when I was taught to compare strings with equals for no reason.
A story that I struggled to challenge a competition professional with Java
A story that I was addicted to twice with the automatic startup setting of Tomcat 8 on CentOS 8
I made a risky die with Ruby
Summary of one month of inexperienced liberal arts passing Ruby Silver
Studying with CodeWar (ruby) ④ case ~ when
Make a typing game with ruby
Memo when HTTP communication with Java (OkHttp)
Let's make a smart home with Ruby!
I made a risky die with Ruby
A memorandum when building an environment with Ruby3.0 x Rails6.1 x Docker x CentOS Stream
A story that I was really into when I did triple DES with ruby
When introducing JOOQ to Spring boot, a story that was dealt with because an error occurred around Liquibase
Four technical books that I regret that I should have read when I was a newcomer
A story about creating a library that operates next-generation sequencer data with Ruby ruby-htslib
I made a portfolio with Ruby On Rails
What I was addicted to when developing a Spring Boot application with VS Code
[Summary] What I noticed and did when I was told that the Oracle JDK was paid
A site that was easy to understand when I was a beginner when I started learning Spring Boot
A story that failed when connecting to CloudSQL by running Sprint-boot with kubernetes (GKE)
A story that stumbled when deploying a web application created with Spring Boot to EC2
A story that did not work when trying to handle events in Notification Center
[Ruby] I made a crawler with anemone and nokogiri.
[Ruby] Misunderstanding that I was using the module [Beginner]
A note that I had trouble when trying to use nginx with Remote-Containers of vscode
How to batch initialize arrays in Java that I didn't know when I was a beginner
A story I was addicted to before building a Ruby and Rails environment using Ubuntu (20.04.1 LTS)
A story that ended up taking a break when using the Linked List with a light feeling
A story I was addicted to with implicit type conversion of ActiveRecord during unit testing
A story that turbolinks was confused by doing something wrong
How to divide a two-dimensional array into four with ruby
A story that I thought I didn't throw away my life
I searched for a web framework with Gem in Ruby
A story I was addicted to in Rails validation settings
I made a mod that instantly calls a vehicle with Minecraft
The story I was addicted to when setting up STS
When I made a bar graph with MPAndroidChart, the x-axis label was misaligned for some reason
I was angry with proc_open (): fork failed when trying to composer update inside a Docker container