> On 11 April 2019 00:49 David Salisbury via dovecot <dovecot at
dovecot.org> wrote:
>
>
> >>>
> >> Yes. I gave it a try here, and it seems to work. Does it give any
extra
> >> information if you include -i flag?
> >>
> >> Aki
> >>
> >
> > Yes, I had tried that, and it doesn't give much extra information,
at
> > least to my eye, that seems to help my issue.? Above the previous
> > output it outputs the Version, Flags, Header length, Cipher algo, and
> > Digest algo, and then the Key derivation Rounds. Then it does the
> > previous output and exits as before.
> >
> > I tried using pry to debug through the script a little, and strace as
> > well, but have not found anything pointing me in the direction of a
> > solution or what may be causing it not to work for me yet. Will keep
> > looking.
> >
> > Out of curiosity, what version of ruby were you using to run the
> > script?? My ruby version is 2.5.1p57.
> >
> > -Dave
>
> So, I found that in decrypt.rb there is a point where this section is
> reached:
>
> [code]
> unless our_key == nil
> ?? # decrypt data!
> [/code]
>
> While testing I discovered that, for me, our_key was apparently equal to
> nil because the code was never even making it into that block.? There
> was a block right above that that was setting our_key to nil if a
> certain condition happened, but I could tell that condition wasn't
> happening as the accompanying error message wasn't printing.? Looking
> farther up, I found:
>
> [code]
> our_key = key if key[:digest] == options[:key_digest]
> [/code]
>
> I printed the values of key[:digest] and options[:key_digest], and they
> are in fact different.? Since our_key is nil by default, our_key was
> just remaining nil, hence no decryption for me.
>
> The key[:digest] variable is filled a little above that part of the code:
>
> [code]
> (key[:type],key[:digest]) = options[:input].read(33).unpack('Ca*')
> [/code]
>
> and options[:key_digest] is filled as the private key option is passed in:
>
> [code]
> opts.on("-k","--key KEY", "Private key to decrypt
file") do |k|
> ? options[:key] = OpenSSL::PKey.read(File.open(k))
> ? options[:key_digest] = get_pubid_priv(options[:key])
> end
> [/code]
>
> It's apparently using the key from the command line to get the key
> digest with the get_pubid_priv() function, and for some reason that
> value is coming back as different than the key digest that is
> ascertained by the "options[:input].read" line.
>
> Out of curiosity, and since I know I'm using the correct key, I
> commented out the if statement in the our_key line so as not to make the
> comparison between the digests:
>
> [code]
> our_key = key #if key[:digest] == options[:key_digest]
> [/code]
>
> .... and then it worked!? The script successfully decrypted the message!
>
> So, not being an expert at encryption, what are the ramifications of
> those digests being read as different values in the two different
> places???? I do notice that the get_pubid_priv() function is internal to
> the decrypt.rb script and calls several OpenSSL functions.
>
> -Dave
Hmm... can you show me how you made the keypair for encryption? Maybe there is
some difference?
Aki