Well things still are stuck with no luck last night. I would like some
clarification on cooking the key.
In the CBC.PM file there is this code (notice the term real key):
# the real key is computed from the first N bytes of the
# MD5 hash of the provided key.
my $material = MD5->hash($key);
while (length($material) < $ks + $bs) {
$material .= MD5->hash($material);
}
To me this says compute the 16 bit has on the key provided, add that to a
real key byte array, $material. Then compute the 16 bit key of the new
key and add it to the new key then repeat computing the new has of the
new key until it is up to the required 64 bytes (56 + 6).
Now the Java Client I have also reviewed as well as the Delphi Document
do this:
// convert private_key to chars
byte[] pvtkey = new byte[56];
for (int i=0; i<56; i++)
pvtkey[i] = (byte)
Short.parseShort(
private_key.substring(i*2,
i*2+2), 16);
// now get the 'real' private key
MD5 md5 = new MD5();
byte[] realkey = new byte[56];
md5.Init(); md5.Update(pvtkey);
byte[] hash = md5.Final();
System.arraycopy(hash, 0, realkey, 0, 16);
md5.Init(); md5.Update(realkey, 0, 16);
hash = md5.Final();
System.arraycopy(hash, 0, realkey, 16, 16);
md5.Init(); md5.Update(realkey, 0, 32);
hash = md5.Final();
System.arraycopy(hash, 0, realkey, 32, 16);
md5.Init(); md5.Update(realkey, 0, 48);
hash = md5.Final();
System.arraycopy(hash, 0, realkey, 48, 8);
bfcbc = new BlowfishCBC(realkey, iv);
Which to me says convert your provided key to bytes, and then compute the
MD5 digest on blocks of 16 bytes in the provided key and add them in
order to your real key array.
Since the PHP client does not include CBC I don't know how Colin cooks
his key, so oh well.
Anyway these two methods seem to be on contrast to me with the second
being more logical to me.
Just so every can see how II have chosen to do this:
'strKey is the OpenSRS provided key, passed to my function
Dim ASCII As Encoding = Encoding.UTF8
Dim myMD5 As New MD5CryptoServiceProvider()
Dim strRealKey As String
'Time to cook the key
strRealKey = ASCII.GetString(myMD5.ComputeHash(ASCII.GetBytes
(strKey, 0, 16)))
strRealKey = strRealKey & ASCII.GetString(myMD5.ComputeHash
(ASCII.GetBytes(strKey, 16, 16)))
strRealKey = strRealKey & ASCII.GetString(myMD5.ComputeHash
(ASCII.GetBytes(strKey, 32, 16)))
strRealKey = strRealKey & ASCII.GetString(myMD5.ComputeHash
(ASCII.GetBytes(strKey, 48, 8)))
If I were to do it the CBC.pm way it would look like this:
'strKey is the OpenSRS provided key, passed to my function
Dim ASCII As Encoding = Encoding.UTF8
Dim myMD5 As New MD5CryptoServiceProvider()
Dim strRealKey As String
'Time to cook the key
strRealKey = ASCII.GetString(myMD5.ComputeHash(ASCII.GetBytes
(strKey)))
strRealKey = strRealKey & ASCII.GetString(myMD5.ComputeHash
(ASCII.GetBytes(strRealKey)))
strRealKey = strRealKey & ASCII.GetString(myMD5.ComputeHash
(ASCII.GetBytes(strRealKey)))
strRealKey = strRealKey & ASCII.GetString(myMD5.ComputeHash
(ASCII.GetBytes(strRealKey)))
So which way is right?
Chris Love
[EMAIL PROTECTED]
http://extremewebworks.com
