3

I have an elementary problem that I can't seem to figure out. I'm trying to generate a random key in AES-256-CBC that can be used to encrypt/decrypt data.

Here is what i'm doing:

require 'openssl'
cipher = OpenSSL::Cipher::AES256.new(:CBC)
cipher.encrypt
puts cipher.random_key
>> "\xACOM:\xCF\xB3@o)<&y!\x16A\xA1\xB5m?\xF1 \xC9\x1F>\xDB[Uhz)\v0"

That gives me the string above, which looks nothing like keys i've used in the past. I am very new to encryption as you may be able to tell, but I'm trying to understand if I need to further prepare the string. I created a quick view in rails so I could go to /generate and it would render a simple html page with a random key. It wouldn't even render the page and was complaining about invalid uTF8. the only way I could get the page to display was to Base64 encode the key first.

I know i'm missing something stupid. Any ideas would be great.

EDIT: This is what it looks like if I Base64encode. Should I be stripping the = signs off or something?

AES-128-CBC
Random Key: 0xdq+IZdmYHHbLC9Uv8jgQ== 
Random IV: vp08d/nFGE3R8HsmOzYzOA==

AES-256-CBC
Random Key: BW0wY5fUkcwszV5GIczI+D45eFOz/Ehvw5XdZIavVOQ= 
Random IV: D0pXdwQAqu+XSOv8E/dqBw==

Thanks for the help!

Sean
  • 1,078
  • 14
  • 25
  • why would you display the encryption key on a web page of all things? Base64 is fine if you need to safely round trip the key. –  Nov 27 '12 at 18:55
  • This is not a permanent solution, and the page is only in development, not published. Besides each time you render the page, a random key is generated, nothing that anyone can do with that other than maybe see what encryption library i'm using. I'm just trying to generate a key! Base64 is adding two equal signs to the end of the key. Do I include those in the key that I will be using? or do I strip those off? The other keys that i've used (which have been generated for me) have never included equal signs on the end. Thanks for the reply! – Sean Nov 27 '12 at 19:09
  • 1
    The key is your initial raw byte sequence. You base64 encode it to avoid problems in transferring it. Don't touch the =. It's part of the string. To use the key, you will have to reverse the encoding i.e. decode the base64. –  Nov 27 '12 at 19:31
  • Thank you for the explanation. That is starting to make a little bit of sense. The trouble i'm having is that a key that was generated by a 3rd party partner is just usable from the get go. I do not have to first decode it or anything. How can I generate a key like that to just email a partner and they can plug it into their aes method and it will just work? Thanks again – Sean Nov 27 '12 at 20:26
  • I had the same issue, when tried to store random key in AES-256-EBC in database. Thanks to your commends I've found a solution - encode it with Base64, then store it in DB and decode, when it needed. Thank you! – 18augst Dec 14 '14 at 07:53

1 Answers1

0

To answer your question (quoted from Wikipedia):

The '==' sequence indicates that the last group contained only one byte, and '=' indicates that it contained two bytes.

In theory, the padding character is not needed for decoding, since the number of missing bytes can be calculated from the number of Base64 digits. In some implementations, the padding character is mandatory, while for others it is not used.

For Ruby and your use case the answer is: No problem to strip the =

Christopher Oezbek
  • 23,994
  • 6
  • 61
  • 85