I hate coming off as an apologist, but..... I suspect that the OpenSRS coding team is using off-the-shelf Perl modules and aside from saying "these are the modules that work" they have not done any development on encryption at all. They aren't doing anything different.
So the documentation on CBC and Blowfish and etc. belongs in the hands of those who wrote those modules. Tucows should point to that documentation. In addition, we have a document that says that someone got this to work using one encryption library, and did an acceptable job of documenting what the various Perl "crypt" modules do. Presumably, the author implemented something... We also have an Active-X component, that will take XML and handle the encryption and communication, or will build the XML and handle the transaction. I think he included source, and he's demonstrated it with OpenSSL. For those of us who are not Unix types, I suspect using OpenSSL and the "closedsrs" Active-X source as documentation would be the easiest (next to just using the closedsrs component). So, there are at least three implementations that work on Win32. Yeah, doing a fourth implementation is probably some work. I suspect that most of the work is figuring out the right options for the encryption library, and how to feed it things like keys (i.e. as hex or binary) but that is just part of being a programmer. -- Lynn On Tue, 22 Jul 2003 10:29:01 +0200, Uroą?Gaber, PowerCom d.o.o. wrote: >I totally agree with you. > >There could be a "Random" IV specified i.e. (01234567890ABCDE - hex) for >and the hashes for the key and also the encrypted data. >Because it would be A LOT easier to do any implementation of the OpenSRS >API in other OSs or programming languages as PERL. > >Hopefully someone at OpenSRS will agree with this and provide proper >documentation about the encryption "system" they use and provide this >trivial data to help people implement their API. > >Because "hash the key and use the hash to encrypt data sent to OpenSRS" >in documentation doesn't mention anything about rehashing the hashed >key. > > >Uroš Gaber >PowerCom d.o.o. >Kersnikova 6, 1234 Mengeš, Slovenia >P.E.: Slovenska 24, 1234 Mengeš, Slovenia >Mobile: +386 (0)41 400-801 >Phone office: +386 (0)1 723-01-62 >Fax office: +386 (0)1 723-01-63 >eMail: [EMAIL PROTECTED] > > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >Behalf Of [EMAIL PROTECTED] >Sent: Monday, July 21, 2003 5:26 PM >To: [EMAIL PROTECTED] >Subject: Re: Question about a document > > >This is why I have *BEGGED* in the past for some test >vectors for each and every step of the encryption process. >Since there are so many steps / layers only a set of test >vectors will allow simple and quick debugging isolation of >ones code. And fact is such test vectors should only take >a few minute of work to provide ......... > >Interestingly when I've made the above request several >people suggested I was just a hacker trying to break into >other peoples accounts -- Which is a really silly and >ignorant viewpoint if you think about it, espicially when >I specifically asked for test vectors for a trivial key >.... So perhaps now OpenSRS, or others, would be more >willing to provide some test vectors as other people are >clearly interested in; native Windows operation, clear and >accurate docmentation, OS independent OpenSRS development >support, etc. ... > >I suggest providing the test vectors for a trivial key >such as, > >012345678901234567890 ....... (hex) > >or, > >A5A5A5A5A5 ..... (hex) > >for both DES and Blowfish since OpenSRS should never issue >such trivial keys. > >Thank you. > > >On Mon, 21 Jul 2003 09:55:22 +0200 >?"Uroš Gaber, PowerCom d.o.o." <[EMAIL PROTECTED]> >wrote: >>Hi! >> >>Thank you all for the document. Got it from three sources >>now. >> >>It's really useful, and I think that this should be >>documented in >>OpenSRS API documentation. >> >>Never the less... I tried it with the encryption as the >>document has >>stated, and still no luck. >> >>I've tried with different MD5 components, but it's all >>the same. I've >>tried with DES and Blowfish encryption. So if someone has >>any xperience >>with this, please let me know. >> >>Again thank to all who supplied the document. >> >>Have a nice day! >> >>Uroš Gaber >>eMail: [EMAIL PROTECTED] >> >> >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On >>Behalf Of [EMAIL PROTECTED] >>Sent: Sunday, July 20, 2003 11:07 PM >>To: [EMAIL PROTECTED] >>Subject: Re: Question about a document >> >> >> >>Thank you Eric! >> >> >>On Sun, 20 Jul 2003 14:12:48 -0400 >>??"WebWiz" <[EMAIL PROTECTED]>?wrote: >>>Or, better still... >>> >>>I've posted it at >>>http://www.atlcon.net/downloads/opensrs/ >>> >>>Regards, >>>Eric Longman >>>Atl-Connect Internet Services >>> >>> >>>----- Original Message ----- >>>From: "Uros" <[EMAIL PROTECTED]> >>>To: <[EMAIL PROTECTED]> >>>Sent: Sunday, July 20, 2003 2:56 AM >>>Subject: Question about a document >>> >>> >>>>?Hi! >>>> >>>>?I've been browsing through the dev-list archives and I stumbled on a > >>>>URL >>>for >>>>?a "decipher.doc / .pdf" document, that is dead. >>>>?If someone has this document, please email it to me. >>>> >>>>?I'm trying to create a new client for the OpenSRS in delphi, and I >>>>didn't ?find any other usefull information on the encryption / >>>>decryption part of >>>>?the API. >>>> >>>>?Thank you! >>>> >>>>?Uros Gaber >>>> >>>> >>>> >>> >> >> >> > >
