decrypt.rb
Aki Tuomi
aki.tuomi at open-xchange.com
Thu Apr 11 09:50:53 EEST 2019
> On 11 April 2019 00:49 David Salisbury via dovecot <dovecot at dovecot.org> wrote:
>
>
> >>>
> >> Yes. I gave it a try here, and it seems to work. Does it give any extra
> >> information if you include -i flag?
> >>
> >> Aki
> >>
> >
> > Yes, I had tried that, and it doesn't give much extra information, at
> > least to my eye, that seems to help my issue. Above the previous
> > output it outputs the Version, Flags, Header length, Cipher algo, and
> > Digest algo, and then the Key derivation Rounds. Then it does the
> > previous output and exits as before.
> >
> > I tried using pry to debug through the script a little, and strace as
> > well, but have not found anything pointing me in the direction of a
> > solution or what may be causing it not to work for me yet. Will keep
> > looking.
> >
> > Out of curiosity, what version of ruby were you using to run the
> > script? My ruby version is 2.5.1p57.
> >
> > -Dave
>
> So, I found that in decrypt.rb there is a point where this section is
> reached:
>
> [code]
> unless our_key == nil
> # decrypt data!
> [/code]
>
> While testing I discovered that, for me, our_key was apparently equal to
> nil because the code was never even making it into that block. There
> was a block right above that that was setting our_key to nil if a
> certain condition happened, but I could tell that condition wasn't
> happening as the accompanying error message wasn't printing. Looking
> farther up, I found:
>
> [code]
> our_key = key if key[:digest] == options[:key_digest]
> [/code]
>
> I printed the values of key[:digest] and options[:key_digest], and they
> are in fact different. Since our_key is nil by default, our_key was
> just remaining nil, hence no decryption for me.
>
> The key[:digest] variable is filled a little above that part of the code:
>
> [code]
> (key[:type],key[:digest]) = options[:input].read(33).unpack('Ca*')
> [/code]
>
> and options[:key_digest] is filled as the private key option is passed in:
>
> [code]
> opts.on("-k","--key KEY", "Private key to decrypt file") do |k|
> options[:key] = OpenSSL::PKey.read(File.open(k))
> options[:key_digest] = get_pubid_priv(options[:key])
> end
> [/code]
>
> It's apparently using the key from the command line to get the key
> digest with the get_pubid_priv() function, and for some reason that
> value is coming back as different than the key digest that is
> ascertained by the "options[:input].read" line.
>
> Out of curiosity, and since I know I'm using the correct key, I
> commented out the if statement in the our_key line so as not to make the
> comparison between the digests:
>
> [code]
> our_key = key #if key[:digest] == options[:key_digest]
> [/code]
>
> .... and then it worked! The script successfully decrypted the message!
>
> So, not being an expert at encryption, what are the ramifications of
> those digests being read as different values in the two different
> places?? I do notice that the get_pubid_priv() function is internal to
> the decrypt.rb script and calls several OpenSSL functions.
>
> -Dave
Hmm... can you show me how you made the keypair for encryption? Maybe there is some difference?
Aki
More information about the dovecot
mailing list