1

I'm using the openSSL CLI tool to encrypt data, and I want to decrypt that data on another machine in my ruby application. I'm unable to decrypt the data and I'm not sure what isn't lining up between the two. I'd really appreciate any help, below is what I'm running:

CLI Tool 

$ export PASS=EncryptDecryptSuperSecretKeyNoOne123456789123456789
$ echo 'someTextIWantToEncrypt' | openssl enc -aes-256-ecb -base64 -e -k $PASS
:> U2FsdGVkX18Gboawkim6n6Ps/yssGaOZkdb1e6I4VyOZDUcqEh2uYdT8jxUydplX

Ruby Application 

require 'openssl'
require 'base64'

module Aes

  KEY = "EncryptDecryptSuperSecretKeyNoOne123456789123456789"
  ALGORITHM = 'AES-256-ECB'

  def self.decrypt(msg)
    begin
      cipher = OpenSSL::Cipher.new(ALGORITHM)
      cipher.decrypt
      cipher.key = KEY
      tempkey = Base64.decode64(msg)
      crypt = cipher.update(tempkey)
      crypt << cipher.final
      return crypt
    rescue Exception => exc
      puts ("Message for the decryption log file for message #{msg} = #{exc.message}")
    end
  end
end

When I call Aes.decrypt("U2FsdGVkX18Gboawkim6n6Ps/yssGaOZkdb1e6I4VyOZDUcqEh2uYdT8jxUydplX") it raises an error bad decrypt

What am I missing or not including? ECB does not require an IV. Is there something else?

hummmingbear
  • 2,294
  • 5
  • 25
  • 42
  • Can the stuff you encrypt with Ruby be decoded with `openssl`? – tadman Oct 03 '17 at 18:38
  • @tadman no, it returns `bad magic number` in the cli – hummmingbear Oct 03 '17 at 18:43
  • [Don't use ECB](https://crypto.stackexchange.com/questions/20941/why-shouldnt-i-use-ecb-encryption). – anothermh Oct 03 '17 at 18:54
  • @anothermh I've tried using CBC, but still get issues. I feel like I'm fundamentally not understanding how openssl cli is working and ruby's openssl library. Ruby's openSSL library and instructions is not asking for a passphrase used to create the key in the examples I'm looking at. If anyone can provide an example of encrypting via CLI and decrypting via Ruby that would be extremely helpful. – hummmingbear Oct 03 '17 at 20:54
  • Also see this Google search: [ruby openssl evp_bytestokey](https://www.google.com/search?q=ruby+openssl+evp_bytestokey). There are more hits in other languages, like Java and .Net. [How do I refactor OpenSSL pkcs5_keyivgen in ruby?](https://stackoverflow.com/q/17882919/608639) may be useful. If you can't find a `EVP_BytesToKey` already written in Ruby, you will have to roll it yourself. I would check GitHub because there's a good chance its already out there (you just have to find it). – jww Oct 03 '17 at 21:01

0 Answers0