RE: From BSAFE to Openssl

[Lu, Steve]

Hi Wu,   It turns out both engine are doing some sort of padding already. If the length of the clear text is 16bytes, both engine will produce encrypted stream of size 24Bytes. (CipherUpdate returns 16, CipherFinal adds extra 8 bytes.)   If I add padding myself in OpenSSL, the input string then becomes 24 bytes and the encrypted output 32 bytes. (comparing to 24bytes in BSAFE without manual padding.)   I am baffled,   regrads, Steve -----Original Message----- From: Wu Junwei [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 9:08 PM To: [EMAIL PROTECTED] Subject: Re: From BSAFE to Openssl Hi,     As I know, even the length of the text you will encrypt is multiple of block size, BSAFE will add the padding itself. In this case, BSAFE will add a whole block attached to the end of the text. And when decrypting, BSAFE will delete the padding.   So , if you just compare the encrypted text,  I think the encrypted text which is encrypted by BSAFE should be 8 bytes bigger than the text done by OpenSSL, if the original plain text is multiple of 8 bytes.     I suggest you doing this as following to have a try:   1, to comfirm whether this is the point You can use both engine to both encrypt and decrypt a text whose size is multiple of block size,in your case it is 8 bytes. If both of them are OK, then this is the problem.   if this problem is comfirmed, you can 1, add padding in OpenSSL when encrypting, the possibities of bytes you should rang from 1byte to 8 bytes.(NOT 0 to 7 bytes.) 2, detect and delete the padding in OpenSSL when decrypting   regards, wjw ----- Original Message ----- From: Lu, Steve To: '[EMAIL PROTECTED]' Sent: Friday, June 20, 2003 4:01 AM Subject: RE: From BSAFE to Openssl Hi,   The padding idea does not seem to work. I run clear text of multiple of 8 bytes thru both algorithms and they came out differently.   BSAFE must have done something proprietary underneath !!   Steve -----Original Message----- From: Wu Junwei [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 8:59 PM To: [EMAIL PROTECTED] Subject: Re: From BSAFE to Openssl HI,   In OpenSSL, I think you should add the padding yourself.   RC2 is the 8-byte block cipher.You should make the text you want to encrypt to be multiple of 8 bytes. And BSAFE does the padding for you automatically,while OpenSSL not.   Have you tried to encrypt a text whose size is multiple of 8 bytes?    If it can be encrypted and decrypted in both engines, then that is the problem.   wjw ----- Original Message ----- From: Lu, Steve To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Sent: Thursday, June 19, 2003 3:39 AM Subject: From BSAFE to Openssl Hi, I try to migrate my app from BSAFE to Openssl. But found RC2 to be incompatible in the following sense: I created two encryptString functions, one using BSAFE Crypto-C and the other using Openssl EVP_Cipher routines. I pass them both the same passphrase and salt. I set the effective key length to be 80 bits for both. I use EVP_Bytestokey for generating the key and iv in Openssl. Theoretically, the encrypted output for the same texts should be the same for both.... but they are not!! what gives? Thanks for the help. Steve ______________________________________________________________________ OpenSSL Project                                 http://www.openssl.org Development Mailing List                       [EMAIL PROTECTED] Automated List Manager                           [EMAIL PROTECTED]