0

I am using a the Crypt::Rijndael module to decrypt some application data.

I gave the encrypted data, encryption key and client IV as the input.

Out of 432 bytes of application data, the first 16 bytes of the decrypted output is always wrong.

use Crypt::Rijndael;
my $crypted = pack("H*",Encrypted application data);
my $key = pack("H*","4ffd099494d9cc0d0a6e238209038f27d56da73c8ce376e0b58678f1dd3d9656");
my $iv = pack("H*", "6907fd4a18bacd7bbfb0bf61b28cd37c");
my $cipher = Crypt::Rijndael->new( $key, Crypt::Rijndael::MODE_CBC() );
$cipher->set_iv($iv);
my $plaintext = $cipher->decrypt($crypted);
#my $hex = unpack "H*",$plaintext; print $plaintext;

What might cause this issue?

U. Windl
  • 3,480
  • 26
  • 54
user2436047
  • 9
  • 1
  • 2
    Show us some code and please explain what "wrong" means in this context. – innaM May 30 '13 at 11:29
  • I suggest you email the author of the module, Brian D Foy who is an occasional contributor here. – Borodin May 30 '13 at 11:35
  • How can we tell what you did wrong from that? – ikegami May 30 '13 at 16:52
  • @ikegami by knowing CBC mode encryption in this particular case – Maarten Bodewes May 30 '13 at 19:01
  • The code is,use Crypt::Rijndael; my $crypted = pack("H*",Encrypted application data); my $key = pack("H*","4ffd099494d9cc0d0a6e238209038f27d56da73c8ce376e0b58678f1dd3d9656"); my $iv = pack("H*", "6907fd4a18bacd7bbfb0bf61b28cd37c"); my $cipher = Crypt::Rijndael->new( $key, Crypt::Rijndael::MODE_CBC() ); $cipher->set_iv($iv); my $plaintext = $cipher->decrypt($crypted); #my $hex = unpack "H*",$plaintext; print $plaintext; – user2436047 Jun 03 '13 at 11:43
  • @user2436047 You should have edited your question to add the code. – U. Windl Mar 25 '23 at 17:23

1 Answers1

2

Sixteen bytes is 128 bits, the same as the AES/Rijndael block size. If the first 16 bytes are garbage, followed by the full message then what has probably happened is the IV has been prepended to the message, and you are trying to decrypt the IV as well as the message. To solve, extract the first 16 bytes of the incoming cyphertext and use it as the IV.

Alternatively, you have sixteen bytes of garbage followed by a partial message, missing its first 16 bytes. In this case you are probably using the wrong IV. Make sure that you are using the correct IV. Check it byte by byte to make sure it is correct. In particular, make sure that any encoding used while transferring the IV is correctly handled. If even one bit in the IV is wrong you will have a problem.

HoldOffHunger
  • 18,769
  • 10
  • 104
  • 133
rossum
  • 15,344
  • 1
  • 24
  • 38
  • Hi Thanks for the reply.I have checked from the client logs that the IV is proper. I tried with your first suggestion also.Nothing is working. The suite is AES_256_CBC_SHA.something I need to do with SHA.I assumed its for MAC authentication and nothing to do with decryption. – user2436047 Jun 03 '13 at 11:39
  • The code is,use Crypt::Rijndael; my $crypted = pack("H*",Encrypted application data); my $key = pack("H*","4ffd099494d9cc0d0a6e238209038f27d56da73c8ce376e0b58678f1dd3d9656"); my $iv = pack("H*", "6907fd4a18bacd7bbfb0bf61b28cd37c"); my $cipher = Crypt::Rijndael->new( $key, Crypt::Rijndael::MODE_CBC() ); $cipher->set_iv($iv); my $plaintext = $cipher->decrypt($crypted); #my $hex = unpack "H*",$plaintext; print $plaintext; – user2436047 Jun 03 '13 at 11:42
  • A MAC is generally longer than 16 bytes. SHA-256 should produce a 32 byte MAC. Can you edit your question to show what you expect for the first 32 bytes, and what you are actually getting. That would help diagnose the problem. – rossum Jun 03 '13 at 13:36
  • I am taking the encrypted data from the wireshark and trying to decrypt.MAC key is 20 bytes long.The issue is directly using the encryption key over the encrypted data is not decrypting the first 16 bytes of my application data showing some junk 16 digits.Whats is the purpose of MAC here.is it because of MAC the first 16 bytes are not decrypted properly? – user2436047 Jun 03 '13 at 13:54
  • @rossum Actually, I am encrypting my message and am sending it to server without adding IV to the ciphertext. IV is attached to the payload but not in ciphertext. Secondly, when I take that data from server and decrypt it, then it is giving me 16 bytes wrong. Please help. – hellodear Nov 14 '14 at 07:00
  • @hellodear What do you get after the "16 bytes wrong"? Do you get the full message, or a truncated message lacking its first 16 bytes? – rossum Nov 14 '14 at 10:36
  • @rossum I am getting partial message after 16 bytes wrong. I am getting 16 bytes wrong then getting partial decrypted message. – hellodear Nov 14 '14 at 11:14
  • @hellodear Then you are almost certainly using the wrong IV. Check the IV carefully, byte-for-byte. Is the server at the other end messing it up? You may need to use Base64, if you aren't already. – rossum Nov 14 '14 at 13:48
  • I have very little idea how CBC mode works, but if the IV is prepended unencrypted and you encrypt that "shifted" block, wouldn't the following blocks all be garbage? – U. Windl Mar 25 '23 at 17:26
  • Normally you would use the first block of data as the IV, and only start decrypting from the second block. The IV does not need to be encrypted, though it does need to be different from the other IVs used with that key. – rossum Mar 25 '23 at 17:41