Menu
▾
▴
Re: [Perl-openssl-users] Cannot decrypt Crypt::OpenSSL::RSA
|
From: Tim V. <ti...@el...> - 2015-05-06 08:21:01
|
(Forgot to reply all) Hey Ian, Thanks a lot for your great reply! I'll try out the base64 idea you had, I see where you're going with that suggestion. If that doesn't work, I can definitely pastebin a working example with real keys. On the bcrypt suggestion, I could easily be wrong about this but I think that won't work for my situation, I'll explain: I am creating a REST API which needs to return passwords in JSON documents to an agent/client script which uses the passwords to retrieve stuff from a databases. I want this to be secure as possible, and I'd like to leave the non-sensitive data readable in plain-text, ie: only encrypt passwords. Essentially, the agent/client doesn't "know" the password or receive user-input, so I don't think a one-way/digest hash will work for me here, probably only a public/private key system. That said, if you have any suggestions for this situation I explained, I really appreciate your thoughts! Cheers, Tim On 5 May 2015 at 22:52, Ian Robertson <ian...@gm...> wrote: > It's hard to say without test code that is completely self contained (i.e. > includes sample public and private keys, and makes it clear how you are > passing data from one script to the other), but you might be running into > an issue with how you are transferring binary data between the two scripts. > You might want to consider encoding the encrypted value with something like > MIME::Base64, and passing that between the two. > > Unrelated, I noticed that you named your data to encrypt "password". In > general, RSA (or any encryption/decryption algorithm) is a poor choice for > providing password security. Preferable is a good one way hashing function > with salting; bcrypt <https://en.wikipedia.org/wiki/Bcrypt> seems to be > particularly well suited for passwords. > > - Ian > > On Tue, May 5, 2015 at 5:38 AM, Tim Vaillancourt <ti...@el...> > wrote: > >> Hey guys, >> >> I am running into an issue using Crypt::OpenSSL::RSA which I am fairly >> confident the issue is my fault/lack-of-understanding, but I would really >> appreciate a kick in the right direction if anyone sees where I've gone >> wrong as I am probably 95% there. >> >> I am using Crypt::OpenSSL::RSA to encrypt a message with a private key >> (->private_encrypt), and in a separate perl script I am passing the >> encrypted message to be decrypted (->public_decrypt), using the same >> version of Crypt::OpenSSL::RSA. >> >> When I do the encryption and decryption within the same Perl script (2 >> subroutines), it all works exactly as expected, however when I break the >> encryption and the decryption into 2 scripts and pass the encrypted payload >> between them in a file, I get the OpenSSL error when decrypting in my >> "decryption" script: >> >> "RSA.xs:202: OpenSSL error: data greater than mod len at decrypt.pl line >> 27" >> >> My hunch is random numbers are my problem, and ScriptA and ScriptB are >> generating different numbers, but I know almost nothing about RSA and could >> be totally wrong there. I tried using ->import_random_seed(); in both >> scripts to no avail, however. >> >> Attached is 3 files: >> 1) the script that works, both subroutines in one file => >> http://pastebin.com/TWYb1LBQ >> 2) the "encrypt" script (which works fine) => >> http://pastebin.com/8H8a9k9x >> 3) the "decrypt" script (which gets the OpenSSL error on decryption) => >> http://pastebin.com/1TfYypm5 >> >> Any help is enormously appreciated! Thanks all! >> >> Tim >> >> >> >> >> ------------------------------------------------------------------------------ >> One dashboard for servers and applications across Physical-Virtual-Cloud >> Widest out-of-the-box monitoring support with 50+ applications >> Performance metrics, stats and reports that give you Actionable Insights >> Deep dive visibility with transaction tracing using APM Insight. >> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >> _______________________________________________ >> Perl-openssl-users mailing list >> Per...@li... >> https://lists.sourceforge.net/lists/listinfo/perl-openssl-users >> >> > |
