From: Tim V. <ti...@el...> - 2015-05-08 16:05:55
|
I was able to resolve my issues passing the encrypted message encoding it using MIME::Base64, as you suggested, so this was a simple encoding issue. Thanks for the advice and this great module Ian! Tim On 6 May 2015 at 10:20, Tim Vaillancourt <ti...@el...> wrote: > (Forgot to reply all) > > Hey Ian, > > Thanks a lot for your great reply! I'll try out the base64 idea you had, I > see where you're going with that suggestion. If that doesn't work, I can > definitely pastebin a working example with real keys. > > On the bcrypt suggestion, I could easily be wrong about this but I think > that won't work for my situation, I'll explain: I am creating a REST API > which needs to return passwords in JSON documents to an agent/client script > which uses the passwords to retrieve stuff from a databases. I want this to > be secure as possible, and I'd like to leave the non-sensitive data > readable in plain-text, ie: only encrypt passwords. Essentially, the > agent/client doesn't "know" the password or receive user-input, so I don't > think a one-way/digest hash will work for me here, probably only a > public/private key system. That said, if you have any suggestions for this > situation I explained, I really appreciate your thoughts! > > Cheers, > > Tim > > On 5 May 2015 at 22:52, Ian Robertson <ian...@gm...> wrote: > >> It's hard to say without test code that is completely self contained >> (i.e. includes sample public and private keys, and makes it clear how you >> are passing data from one script to the other), but you might be running >> into an issue with how you are transferring binary data between the two >> scripts. You might want to consider encoding the encrypted value with >> something like MIME::Base64, and passing that between the two. >> >> Unrelated, I noticed that you named your data to encrypt "password". In >> general, RSA (or any encryption/decryption algorithm) is a poor choice for >> providing password security. Preferable is a good one way hashing function >> with salting; bcrypt <https://en.wikipedia.org/wiki/Bcrypt> seems to be >> particularly well suited for passwords. >> >> - Ian >> >> On Tue, May 5, 2015 at 5:38 AM, Tim Vaillancourt <ti...@el...> >> wrote: >> >>> Hey guys, >>> >>> I am running into an issue using Crypt::OpenSSL::RSA which I am fairly >>> confident the issue is my fault/lack-of-understanding, but I would really >>> appreciate a kick in the right direction if anyone sees where I've gone >>> wrong as I am probably 95% there. >>> >>> I am using Crypt::OpenSSL::RSA to encrypt a message with a private key >>> (->private_encrypt), and in a separate perl script I am passing the >>> encrypted message to be decrypted (->public_decrypt), using the same >>> version of Crypt::OpenSSL::RSA. >>> >>> When I do the encryption and decryption within the same Perl script (2 >>> subroutines), it all works exactly as expected, however when I break the >>> encryption and the decryption into 2 scripts and pass the encrypted payload >>> between them in a file, I get the OpenSSL error when decrypting in my >>> "decryption" script: >>> >>> "RSA.xs:202: OpenSSL error: data greater than mod len at decrypt.pl >>> line 27" >>> >>> My hunch is random numbers are my problem, and ScriptA and ScriptB are >>> generating different numbers, but I know almost nothing about RSA and could >>> be totally wrong there. I tried using ->import_random_seed(); in both >>> scripts to no avail, however. >>> >>> Attached is 3 files: >>> 1) the script that works, both subroutines in one file => >>> http://pastebin.com/TWYb1LBQ >>> 2) the "encrypt" script (which works fine) => >>> http://pastebin.com/8H8a9k9x >>> 3) the "decrypt" script (which gets the OpenSSL error on decryption) => >>> http://pastebin.com/1TfYypm5 >>> >>> Any help is enormously appreciated! Thanks all! >>> >>> Tim >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> One dashboard for servers and applications across Physical-Virtual-Cloud >>> Widest out-of-the-box monitoring support with 50+ applications >>> Performance metrics, stats and reports that give you Actionable Insights >>> Deep dive visibility with transaction tracing using APM Insight. >>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y >>> _______________________________________________ >>> Perl-openssl-users mailing list >>> Per...@li... >>> https://lists.sourceforge.net/lists/listinfo/perl-openssl-users >>> >>> >> > |