Re: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues?

I haven't looked into the details of your script, but I don't think the "encrypt line by line in CBC mode" is likely to work.

Block cyphers like Rijndael work with fixed length blocks, usually with block length = key length.

If you want to use CBC, you should take care that all but the last block have a length that is a multiple of the key length (actually I don't know if that's really a requirement, but I can imagine a hundred reasons why it might blow up if you don't honor that constraint).

It seems that you start the CBC mode anew for every line that you write (in the encryption), but try to decrypt the whole file at once in CBC mode. That won't work, you have to take the exact steps in reverse (in this case reset the cypher block chain after each encrypted line. Which kinda defeats the CBC idea). But since the encrypted text may contain newlines, you can't rely on line logic anymore - you'll have to invent a binary format for that.

As for the potential permission issue: just test the encryption/decryption part on the command line, preferably first in memory, i.e. without writing the data to the file.

Update: a bit more about CBC: symmetric, block based cyphers suffer from the weakness that if you encrypt large amounts of data, a potential attacker can gather much data that is all encrypted with the same key. Additionally if a block of identical data recurs multiple times, it will result in identical encrypted blocks, thus revealing information on an eavesdropper.

To circumvent these problems the "Cypher Block Chaining" was invented. That's a protocol that defines a way that the encryption is changed based on prior encoded blocks.

More exactly: the plain text of the current block is XOR'ed with the cypher text of the previous block.

Which means that for every block (except the first one) you not only need the key to encrypt it, but also the preceding block.

So if you want to decrypt CBC data you need reverse the encryption process exactly.

(The fine print: I'm not a crypto guru, so please all correct me if I wrote bullshit ;)

Comment on Re: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues?

Replies are listed 'Best First'.
Re^2: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? by ikegami (Patriarch) on Dec 05, 2007 at 17:16 UTC
If you want to use CBC, you should take care that all but the last block have a length that is a multiple of the key length No. The blocks passed to `crypt` have no relation to cypher blocks. The extra bytes will be buffered until the next call to `crypt`. The `start`/`crypt`/`finish` mode allows you encrypt and decrypt arbitrary segments of the message (file) at a time, as long as you process the entire message from the start. In fact, `encrypt` and `decrypt` are just thin wrappers around `start`/`crypt`/`finish`. To circumvent these problems the "Cypher Block Chaining" was invented. [...] Which means that for every block (except the first one) you not only need the key to encrypt it, but also the preceding block. Right, although Crypt::CBC normally uses a special value for the first block too: the salt. Crypt::CBC uses salting to ensure that every message is encrypted with a different key. Crypt::CBC uses chaining to ensure that every block is encrypted with a different key. So if you want to decrypt CBC data you need reverse the encryption process exactly. Aye, and he doesn't do that. If he really did want to add a line at a time, he'd file would have to look like `length-of-encrypted-line, encrypted-line, length-of-encrypted-line, en +crypted-line, ...` [download] Each line would be a message that would be encrypted, and then decrypted individually (using `encrypt` and `decrypt`).	[reply] [d/l] [select]
Re^3: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by ikegami (Patriarch) on Dec 05, 2007 at 18:25 UTC
I wrote the code you need. Some utility functions sub read_bytes { my ($fh, $to_read) = @_; my $buf = ''; while ($to_read) { my $bytes_read = read($fh, $buf, $to_read, length($buf)); die("$!\n") if !defined($bytes_read); die("Unexpected end of file\n") if !$bytes_read; $to_read -= $bytes_read; } return $buf; } sub read_uint32 { my ($fh) = @_; return (unpack('N', read_bytes($fh, 4))); } sub read_str { my ($fh) = @_; my $length = read_uint32($fh); return read_bytes($fh, $length); } sub write_uint32 { my ($fh, $n) = @_; print $fh (pack('N', $n)); } sub write_str { my ($fh, $str) = @_; print $fh (pack('N', length($str)), $str); } [download] The line-by-line encrypter: sub writeSubmissions { my ($cipher, $log_file, $str) = @_; open(my $FH_encrypted, '>>', $log_file) or die; binmode $FH_encrypted; flock $FH_encrypted, LOCK_EX; write_str($FH_encrypted, $cipher->encrypt($str)); } my $key_file = 'key_file.txt'; my $act_log_file = "pem.enc"; my $pem_log_file = "act_encrypted.enc"; my $my_key = `openssl enc -bf-cbc -d -in \Q$key_file\E -k encrypt`; my $cipher = Crypt::CBC->new({ key => $my_key, cipher => 'Rijndael' }) +; writeSubmissions($cipher, ..., ...); [download] The line-by-line decrypter: my $key_file = 'key_file.txt'; my $encrypted = '...'; my $decrypted = '...'; my $my_key = `openssl enc -bf-cbc -d -in \Q$key_file\E -k encrypt`; my $cipher = Crypt::CBC->new({ key => $my_key, cipher => 'Rijndael' }) +; open(my $FH_decrypted, '>', $decrypted) or die("Unable to create decrypted file \"$decrypted\": $!\n"); binmode $FH_decrypted; flock $FH_decrypted, LOCK_EX; open(my $FH_encrypted, '<', $encrypted) or die("Unable to open encrypted file \"$encrypted\": $!\n"); binmode $FH_encrypted; flock $FH_encrypted, LOCK_SH; while (!eof($FH_encrypted)) { print $FH_decrypted $cipher->decrypt(read_str($FH_encrypted)); } [download] Update: Fixed bugs mentioned in replies. Update: Tested (minus the `openssl` bit). Fixed other bugs.	[reply] [d/l] [select]
Re^4: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by hmbscully (Scribe) on Dec 05, 2007 at 19:16 UTC
Many thanks. I'm off to test away... I learn more and more about less and less until eventually I know everything about nothing.	[reply]
Re^5: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by ikegami (Patriarch) on Dec 05, 2007 at 19:33 UTC
Re^4: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by hmbscully (Scribe) on Dec 05, 2007 at 20:18 UTC
I'm a little lost in `open(my $FH_encrypted, '<', $encrypted") or die("Unable to open encrypted file \"$encrypted\": $!\n"); binmode $FH_crypted; flock $FH_crypted, LOCK_SH; while (!eof($FH_encrypted)) { print $FH_decrypted $cipher->decrypt(read_str($FH_crypted)); }` [download] the `$FH_crypted` is confusing me. Is that a third filehandle or should it be either _decrypted or _encrypted? I learn more and more about less and less until eventually I know everything about nothing.	[reply] [d/l] [select]
Re^5: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by ikegami (Patriarch) on Dec 05, 2007 at 20:46 UTC
Re^4: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by hmbscully (Scribe) on Dec 06, 2007 at 15:42 UTC
Trying to understand what is going on here: `sub read_bytes { my ($fh, $to_read) = @_; $buf = ''; while ($to_read) { <b>my $bytes_read = read($FH_decrypted, $buf, length($buf));</b> die("$!\n") if !defined($bytes_read); die("Unexpected end of file\n") if !$bytes_read; $to_read -= $bytes_read; } return $buf; }` [download] Should `$FH_decrypted` be `$fh` instead? Otherwise the value in `$fh` being passed to the function is seemingly never used. Why is the value of `$buf` set to an empty string? Won't `length($buf)` be zero and therefore nothing would ever be read? I learn more and more about less and less until eventually I know everything about nothing.	[reply] [d/l] [select]
Re^5: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by ikegami (Patriarch) on Dec 06, 2007 at 18:39 UTC
Re^4: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by Anonymous Monk on Jul 23, 2008 at 17:27 UTC
Hi, I am trying to use your code and I get the "Unexpected end of file" error while decrypting. The call to SUB read_uint32 works fine the first time and the value of $to_read = 4 in SUB read_bytes. Inside SUB read_bytes in the while ($to_read) loop, the value of $buf = 'Rand' (the first 4 characters in my encrypted file). Once SUB read_unit32 returns control to SUB read_str, the value of $length is set at some large number. I get an error during the call: read_bytes($fh, $length). It attempts to read $length the first time around, so say length = 825373492 was passed to read_bytes. Then, to_read = 825373492 The first iteration through the while loop decrements $to_read as below: WHILE to_read = 825370130 However, in the next iteration I get the error. 13:05:54 ERROR ***** 13:05:54 Unexpected end of file Could you please help or guide me in the right direction? I apologize if my elaborating the problem in this way causes problems. I wasn't sure on how else to do it. Thanks, Sam	[reply]
Re^5: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by ikegami (Patriarch) on Jul 25, 2008 at 02:38 UTC
Re^6: line by line Encryption fun with Crypt::CBC and Rijndael? File Ownership issues? (code) by samip (Novice) on Jul 25, 2008 at 17:07 UTC
Some notes below your chosen depth have not been shown here