2

I want encrypt data with AES 256bit ECB mode using PKCS5padding My ruby method is as follows, how to use PKCS5Padding here

def encrypt(raw_data,key)
  cipher = OpenSSL::Cipher::AES.new(256, :ECB)
  cipher.encrypt
  cipher.key = key
  encrypted_data = cipher.update(raw_data) + cipher.final
end

here key is OpenSSL::PKey::RSA type, throwing no implicit conversion of OpenSSL::PKey::RSA into String exception

CodecPM
  • 423
  • 6
  • 18
  • 1
    http://stackoverflow.com/a/36940796/3270427 – McNets Nov 23 '16 at 09:28
  • try Base64.encode64(raw_data) before encryption and I think you are trying to encrypt the RSA key right? – Vishal G Nov 23 '16 at 09:54
  • You can use cipher.random_key for the key as it will not accept other format other than string – Vishal G Nov 23 '16 at 10:01
  • I need to extract public key from .cer file then data has to encrypt with obtained public key from .cer file, for that I followed http://stackoverflow.com/a/1914928/4477305 @Wish Zone – CodecPM Nov 23 '16 at 12:02
  • After doing this Are you thinking about to decrypt the data with private key?? – Vishal G Nov 23 '16 at 12:17
  • No, posting to api they will decrypt with private key – CodecPM Nov 23 '16 at 12:21
  • yes I was saying the same at receivers end this is going to happnen...But this this is not possible as AES always look for the same key with which it was encrypted, AES is not aware of RSA private - public thing.. As I mentioned in the answer you need to follow the same send encrypted key (with RSA public ) in header from sender side .....at receiver side decry-pt the key from header (RSA private key) and process the AES algorithm to get actual data – Vishal G Nov 23 '16 at 12:26
  • thats right! but I got .cer file which has public key from other side, they had corresponding private key, so they can decrypt the data which I encrypted with their pulbic key – CodecPM Nov 23 '16 at 12:30
  • Ok so with RSA there is limit of data that we can ecrpty/decry-pt directly so we have to use AES. So here I think at receiver end also need some modification to follow this approach – Vishal G Nov 23 '16 at 12:34
  • yes, but my problem is when I try to set key to cipher like `cipher.key = KEY`, getting `no implicit conversion of OpenSSL::PKey::RSA into String` exception where KEY is OpenSSL::PKey::RSA instance, there is any way to convert it into string – CodecPM Nov 23 '16 at 12:41
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/128821/discussion-between-wish-zone-and-codecpm). – Vishal G Nov 23 '16 at 13:18
  • Hey you can do File.read(public_key_file) But I am sure somehow you will do this encryption but you won't be able to decry-pt it with private key on receiver side – Vishal G Nov 23 '16 at 13:27

2 Answers2

1

I think your key is in the wrong format. You're trying to pass an RSA key, when the key should just be a hash string ... something like:

key = SecureRandom.hex(32)
=> "b67f7a5bf031aaa730473e5a9612a94b157c43aed5f52a2e70c9573f2d5a4ecd"
Chris Lewis
  • 1,315
  • 10
  • 25
1

You should use 

key = cipher.random_key

instead of RSA key

I have used it in following way for my purpose

  1. Generate cypher random keys
  2. Do AES encryption of data with these keys
  3. Before supply the keys encrypt it with RSA public key

At receiver end

  1. Decrypt the cypher keys with RSA private key
  2. Decrypt the data with resultant cypher keys

Note: We can not encrypt large data with RSA private/public key based technique

Super secured Example

  # At sender side
  public_key_file = 'public.pem'

  message = 'Hey vishh you are awesome!!'
  cipher = OpenSSL::Cipher::AES.new(128, :CBC)
  cipher.encrypt
  aes_key = cipher.random_key
  encrypted_data = cipher.update(message) + cipher.final
  # encrypted_data is ready to travel

  rsa = OpenSSL::PKey::RSA.new(File.read(public_key_file))  
  rsa_cypher_key = rsa.public_encrypt(aes_key)
  # rsa_cypher_key is ready to travel

  # sending these data in encoded format is good idea
  encrypted_data = Base64.encode64(encrypted_data)
  rsa_cypher_key = Base64.encode64(rsa_cypher_key) 
  ====> encrypted_data + rsa_cypher_key =====> Travelling
  encrypted_data = Base64.decode64(encrypted_data)
  rsa_cypher_key = Base64.decode64(rsa_cypher_key) # decode the data

  # At recevier side
  private_key_file = 'private.pem'
  # Decrypt the cypher key with private key
  rsp = OpenSSL::PKey::RSA.new(File.read('./config/private.pem'))
  aes_key = private_key.private_decrypt(rsa_cypher_key)

  decipher = OpenSSL::Cipher::AES.new(128, :CBC)
  decipher.decrypt
  decipher.key = aes_key
  message = decipher.update(encrypted_data) + decipher.final
  p message
  'Hey vishh you are awesome!!'
Vishal G
  • 1,521
  • 11
  • 30