256 bit AEC encryption using Crypt::CBC

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I need to integrate an application on our site with a customer that is using a Trale Single Sever Signon utility that will pass me an AES encrypted string that I will decode by knowing the passphase and iv string.

The code is simple enough and seems to work just fine,

        my $cipher = Crypt::CBC->new(
                -key    => $key,
                -cipher => $cipher1,
                -header => 'none',
                -iv    => $keyIV,
                -literal_key => 1,
        );             
        my $encrypted = $cipher->encrypt_hex($plaintext);
        my $decrypted = $cipher->decrypt_hex($encrypted);
[download]

My problem is that while I can encode and decode, the sample from the customer does decode properly at all. What I get is a lot of crazy characters that look like encoded data that hasn't been hex encoded.

My encrypted string is also quite a bit shorter than the sample supplied, so I'm wondering if it's a 128 versus 256 bit encoding issue?

If so, how do I force Crypt::CBC to use 256 bit?

Here's a sample of the output:

http://cgi.audioasylum.com/util/testcbc.pl

Thanks

Comment on 256 bit AEC encryption using Crypt::CBC Download Code

Replies are listed 'Best First'.
Re: 256 bit AEC encryption using Crypt::CBC by Khen1950fx (Canon) on Dec 18, 2009 at 00:41 UTC
I tried something different. If you have OpenSSL, then try Crypt::OpenSSL::AES. Here's my resulting script: `#!/usr/local/bin/perl use strict; use warnings; use Crypt::CBC; my $key = 'little brown mouse'; my $cipher = Crypt::CBC->new( -key => $key, -keylength => '256', -cipher => "Crypt::OpenSSL::AES" ); my $encrypted = $cipher->encrypt_hex($key); my $decrypted = $cipher->decrypt_hex($encrypted); print $encrypted, "\n"; print $decrypted, "\n";` [download]	[reply] [d/l]
Re^2: 256 bit AEC encryption using Crypt::CBC by Anonymous Monk on Dec 18, 2009 at 23:24 UTC
Thanks, I'd tried Crypt::OpenSSL::AES, then I changed the cipher to a variable to easily plug in 'Rijndael' as an option. Adding the keylength didn't change anything. I'm beginning to think that the client hasn't given me accurate samples or that the php version isn't compatible with the perl library.	[reply]
Re^3: 256 bit AEC encryption using Crypt::CBC by Khen1950fx (Canon) on Dec 19, 2009 at 07:50 UTC
Don't change the cipher. The cipher must be exactly "Crypt::OpenSSL::AES" in order to get the keylength of 256.	[reply]