I've been up and down the perldoc for Crypt::CBC and just can't figure
out why the results differ so much. Because they differ so much you
can't use one method to decrypt the other.
For example:
use Crypt::CBC;
use Crypt::OpenSSL::AES;
$key = 'secretpassphrase';
$text = 'Crypt Test #0001';
my $en1 = new Crypt::OpenSSL::AES($key)->encrypt($text);
my $en2 = new Crypt::CBC(
-key => $key, -cipher => 'Crypt::OpenSSL::AES'
)->encrypt($text);
my $en1h = unpack('H*', $en1);
my $en2h = unpack('H*', $en2);
print "OpenSSL AES\n[$en1h]\n\n";
print "AES via CBC\n[$en2h]\n\n";
__OUTPUT__
OpenSSL AES
[e1f461cdc00f4855b9b2c0367cd3a293]
AES via CBC
[53616c7465645f5f36dd0b8d9b84e278382b8cd329f7020b545c3595c239284d37d4e3dc2d6a2fc97d375675b793b357]
Thanks.
--
WG
Without knowing exactly how those particular modules do what they do,
the first thing that occurs to me is that nowhere are you providing an
initialisation vector, so presumably the modules are generating a
random IV. That will give you totally different ciphertext. The
lengths _may_ be different because the latter attempt is prepending
the ciphertext with the IV, which is required for decryption.
Just my 2 pennyworth...
I tried using different values for the -iv parameter for CBC but I can't
seem to find a way to get the same value using the cipher module
straight does. I want them to be compatible for each other and frankly
the fact that they give completely different results seems to defy the
point of using CBC, doesn't it?
--
WG
Waylen,
try -literal_key => 1,
that way you prevent CBC from hashing your key. I don't have the info at
hand, but I remember that for AES
blocklength = 128
and keysize is much longer than the 16 bytes from MD5 (used by CBC).
Further your key length should be controlled, not simply some string. You
can control by hashing outside of CBC and inline of your code.
--
Mark
> I noticed that if I use a "CBC compatible" crypt module directly, I get
> a normal expected result. But if I use CBC with the same cipher type on
> the same key and plaintext I get a completely different result.
>
> I've been up and down the perldoc for Crypt::CBC and just can't figure
> out why the results differ so much. Because they differ so much you
> can't use one method to decrypt the other.
>
> For example:
>
> use Crypt::CBC;
> use Crypt::OpenSSL::AES;
>
Waylen,
I've never used the above module for AES, but I've used
Crypt::Rijndael with/without Crypt::CBC.
Rijndael allows key lengths of (16,24,32)
AES is the new name for Rijndael
--
Mark
Thank you for replying.
I added -literal_key => 1 and I got the error:
"Cannot use salt-based key generation if literal key is specified"
I went back to perldoc and so added -header => 'none' and now I get:
"You must provide an initialization vector using -iv when
using -header=>'none'"
I'm assuming I am going the right direction in using -header => 'none'
but if so, I'm not sure how to apply -iv so I get the same result I
would from the cipher class directly.
Thanks again.
--
WG