On 4/10/2019 1:32 AM, Aki Tuomi wrote:> On 9.4.2019 18.15, Dave wrote: >>>> I've tried specifying an output file as well, per the script's >> command line options, >>>> but the output file is 0 bytes.? Does anyone have any suggestions? >> I *think* I'm >>>> using it the way it's intended to be used, but maybe I'm not?! >>>> -Dave >>> Hi! >>> Maybe the key you tried was not used to encrypt the file? >>> Aki >> Aki, it's the same key I've used in the config for the mail_crypt >> plugin in 90-plugin.conf: >> >> plugin { >> ? mail_crypt_global_private_key = <[PATH_TO_PRIVATE_KEY] >> ? mail_crypt_global_public_key = <[PATH_TO_PUBLIC_KEY] >> ? mail_crypt_save_version = 2 >> } >> >> That's the private key that's encrypting all of the messages >> successfully, so that's the one I would use with script, correct? >> -Dave >> > Yes. I gave it a try here, and it seems to work. Does it give any extra > information if you include -i flag? > > Aki >Yes, I had tried that, and it doesn't give much extra information, at least to my eye, that seems to help my issue.? Above the previous output it outputs the Version, Flags, Header length, Cipher algo, and Digest algo, and then the Key derivation Rounds.? Then it does the previous output and exits as before. I tried using pry to debug through the script a little, and strace as well, but have not found anything pointing me in the direction of a solution or what may be causing it not to work for me yet.? Will keep looking. Out of curiosity, what version of ruby were you using to run the script?? My ruby version is 2.5.1p57. -Dave
>>> >> Yes. I gave it a try here, and it seems to work. Does it give any extra >> information if you include -i flag? >> >> Aki >> > > Yes, I had tried that, and it doesn't give much extra information, at > least to my eye, that seems to help my issue.? Above the previous > output it outputs the Version, Flags, Header length, Cipher algo, and > Digest algo, and then the Key derivation Rounds. Then it does the > previous output and exits as before. > > I tried using pry to debug through the script a little, and strace as > well, but have not found anything pointing me in the direction of a > solution or what may be causing it not to work for me yet. Will keep > looking. > > Out of curiosity, what version of ruby were you using to run the > script?? My ruby version is 2.5.1p57. > > -DaveSo, I found that in decrypt.rb there is a point where this section is reached: [code] unless our_key == nil ?? # decrypt data! [/code] While testing I discovered that, for me, our_key was apparently equal to nil because the code was never even making it into that block.? There was a block right above that that was setting our_key to nil if a certain condition happened, but I could tell that condition wasn't happening as the accompanying error message wasn't printing.? Looking farther up, I found: [code] our_key = key if key[:digest] == options[:key_digest] [/code] I printed the values of key[:digest] and options[:key_digest], and they are in fact different.? Since our_key is nil by default, our_key was just remaining nil, hence no decryption for me. The key[:digest] variable is filled a little above that part of the code: [code] (key[:type],key[:digest]) = options[:input].read(33).unpack('Ca*') [/code] and options[:key_digest] is filled as the private key option is passed in: [code] opts.on("-k","--key KEY", "Private key to decrypt file") do |k| ? options[:key] = OpenSSL::PKey.read(File.open(k)) ? options[:key_digest] = get_pubid_priv(options[:key]) end [/code] It's apparently using the key from the command line to get the key digest with the get_pubid_priv() function, and for some reason that value is coming back as different than the key digest that is ascertained by the "options[:input].read" line. Out of curiosity, and since I know I'm using the correct key, I commented out the if statement in the our_key line so as not to make the comparison between the digests: [code] our_key = key #if key[:digest] == options[:key_digest] [/code] .... and then it worked!? The script successfully decrypted the message! So, not being an expert at encryption, what are the ramifications of those digests being read as different values in the two different places???? I do notice that the get_pubid_priv() function is internal to the decrypt.rb script and calls several OpenSSL functions. -Dave
> On 11 April 2019 00:49 David Salisbury via dovecot <dovecot at dovecot.org> wrote: > > > >>> > >> Yes. I gave it a try here, and it seems to work. Does it give any extra > >> information if you include -i flag? > >> > >> Aki > >> > > > > Yes, I had tried that, and it doesn't give much extra information, at > > least to my eye, that seems to help my issue.? Above the previous > > output it outputs the Version, Flags, Header length, Cipher algo, and > > Digest algo, and then the Key derivation Rounds. Then it does the > > previous output and exits as before. > > > > I tried using pry to debug through the script a little, and strace as > > well, but have not found anything pointing me in the direction of a > > solution or what may be causing it not to work for me yet. Will keep > > looking. > > > > Out of curiosity, what version of ruby were you using to run the > > script?? My ruby version is 2.5.1p57. > > > > -Dave > > So, I found that in decrypt.rb there is a point where this section is > reached: > > [code] > unless our_key == nil > ?? # decrypt data! > [/code] > > While testing I discovered that, for me, our_key was apparently equal to > nil because the code was never even making it into that block.? There > was a block right above that that was setting our_key to nil if a > certain condition happened, but I could tell that condition wasn't > happening as the accompanying error message wasn't printing.? Looking > farther up, I found: > > [code] > our_key = key if key[:digest] == options[:key_digest] > [/code] > > I printed the values of key[:digest] and options[:key_digest], and they > are in fact different.? Since our_key is nil by default, our_key was > just remaining nil, hence no decryption for me. > > The key[:digest] variable is filled a little above that part of the code: > > [code] > (key[:type],key[:digest]) = options[:input].read(33).unpack('Ca*') > [/code] > > and options[:key_digest] is filled as the private key option is passed in: > > [code] > opts.on("-k","--key KEY", "Private key to decrypt file") do |k| > ? options[:key] = OpenSSL::PKey.read(File.open(k)) > ? options[:key_digest] = get_pubid_priv(options[:key]) > end > [/code] > > It's apparently using the key from the command line to get the key > digest with the get_pubid_priv() function, and for some reason that > value is coming back as different than the key digest that is > ascertained by the "options[:input].read" line. > > Out of curiosity, and since I know I'm using the correct key, I > commented out the if statement in the our_key line so as not to make the > comparison between the digests: > > [code] > our_key = key #if key[:digest] == options[:key_digest] > [/code] > > .... and then it worked!? The script successfully decrypted the message! > > So, not being an expert at encryption, what are the ramifications of > those digests being read as different values in the two different > places???? I do notice that the get_pubid_priv() function is internal to > the decrypt.rb script and calls several OpenSSL functions. > > -DaveHmm... can you show me how you made the keypair for encryption? Maybe there is some difference? Aki