Interoperation with OpenSSL

Hello list,

I'm using Cryptlib along with OpenSSL and have begun interop
testing. Is it reasonable to expect Cryptlib and OpenSSL to be
interchangable when de/encrypting with one and the other tool?

Premises:

  C   Cleartext data contents '1234'
  E1  Cryptlib AES Encryption algorithm
  E2  OpenSSL AES Encryption algorithm
  D1  Cryptlib AES Decryption algorithm
  D2  OpenSSL AES Decryption algorithm

Observations:

  Both E1(C) and E2(C) produce encrypted data as expected
  Both D1(E1(C)) and D2(E2(C)) equate to C as expected

Errors:

  D2(E1(C)) OpenSSL fails with the error 'bad magic number'
  D1(E2(C)) cryptPushData(...) fails with CRYPT_ERROR_BADDATA

Notes:

  The OpenSSL commands are:
    openssl enc -e -salt -aes256 -in 1234_clear.dat -out 1234_encr.dat
    openssl enc -d -salt -aes256 -in 1234_encr.dat -out 1234_test.dat
    diff -bd 1234_clear.dat 1234_test.dat

  Cryptlib is used in a similar way to the 'Code examples' of the
  website. The actual commands look like this:
    cryptest -e -p thispass1 -i 1234_clear.dat -o 1234_encr.dat
    cryptest -d -p thispass1 -i 1234_encr.dat -o 1234_test.dat
    diff -bd 1234_clear.dat 1234_test.dat

  I've tried several versions of OpenSSL up until 0.9.8i.

  The Cryptlib version is 3.3.3 from ftp://ftp.franken.de/pub/crypt/
  with no special bindings. The source for 'cryptest' is ISO C++
  compiled with GCC 4.0.1.

  I'm using the same static password for all operations, no
  certificates, contexts, or signatures are used.

  To encrypt with AES, 'cryptest' has:
  cryptSetAttribute(CRYPT_UNUSED, CRYPT_OPTION_ENCR_ALGO, CRYPT_ALGO_AES);
  cryptSetAttribute(CRYPT_UNUSED, CRYPT_OPTION_ENCR_HASH, CRYPT_ALGO_SHA1);
  cryptSetAttribute(CRYPT_UNUSED, CRYPT_OPTION_ENCR_MAC, CRYPT_ALGO_HMAC_SHA1);

Regards,
Stephan

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Stephan <cryptlib@...> writes:

>I'm using Cryptlib along with OpenSSL and have begun interop testing. Is it
>reasonable to expect Cryptlib and OpenSSL to be interchangable when
>de/encrypting with one and the other tool?

Only if a standard format is used.  OpenSSL (as you're using it) is using an
undocumented homebrew data format that isn't compatible with anything else in
existence.  To interoperate with anything else you need to use a standards-
conformant format like PKCS #7, CMS, or PGP.

(Thanks for the detailed diagnostics, that makes it much easier to spot the
problem).

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

* Peter Gutmann:

> Only if a standard format is used.  OpenSSL (as you're using it) is using an
> undocumented homebrew data format that isn't compatible with anything else in
> existence.  To interoperate with anything else you need to use a standards-
> conformant format like PKCS #7, CMS, or PGP.

By the way, do PKCS#7 or CMS support operations on streams?

(I know that PGP only supports it for encoding.  For decoding, you
need to defer side effects until you've verified the MDC at the end of
the message, which somewhat cumbersome.)

--
Florian Weimer                <fweimer@...>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Florian Weimer <fweimer@...> writes:

>By the way, do PKCS#7 or CMS support operations on streams?

Yes.

>(I know that PGP only supports it for encoding.  For decoding, you need to
>defer side effects until you've verified the MDC at the end of the message,
>which somewhat cumbersome.)

Yeah, it's a tradeoff between security and practicality.  If you ignore the
MDC then you can also use it in streaming mode...

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Hello,

On Sun., Aug. 23, 2009, Peter GUTMANN wrote: ...but as far as I know, all three PKCS #7, CMS, and PHP require
certificates to work. I want to simply encode and decode using a
static password. Does this mean that there is no standard common
to both Cryptlib and OpenSSL that allows for interoperation?

Regards,
Stephan

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Stephan <cryptlib@...> writes:
None of them require certificates (are you going to tell Phil that his PGP
needs certificates in order to work? :-).

>I want to simply encode and decode using a static password.

All of these formats support password-based encryption.  No certificates are
necessary.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Hello,

On Wed., Aug. 26, 2009, Peter GUTMANN wrote: Whoops, I typed by mistake 'PHP' instead of 'PGP', sorry.

Are there any examples to be found teaching how to encrypt and then
decrypt a single octet using the above (PKCS #7, CMS, PGP) methods
with static password based encryption?

Although cryptlib is described as 'easyto- use functions', I've
had some significant problems in implementing simple things.

Regards,
Stephan

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Stephan <cryptlib@...> writes:

>Are there any examples to be found teaching how to encrypt and then decrypt a
>single octet using the above (PKCS #7, CMS, PGP) methods with static password
>based encryption?

See "Password-based Encryption Enveloping" in the manual, you can cut and
paste the code to do this straight from the docs.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib@... via Mail: cryptlib-request@...
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.