blowfish, blowfish2 vs mcrypt blowfish

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

blowfish, blowfish2 vs mcrypt blowfish

Trevor Borgmeier
I'm trying to convert a PHP process into lasso and having difficulty
matching the blowfish encryption results between the two. I'm guessing
it has to do with the "ecb" mode...

Here is the php code that produces the results I want to match with lasso:

<?php

function pkcs5_pad ($text, $blocksize) {
   $pad = $blocksize - (strlen($text) % $blocksize);
   return $text . str_repeat(chr($pad), $pad);
}

$str = 'serviceClass=EVRYDY
BARGAINS&memberID=0377200217&memberStatus=A&enrollmentDate=10/01/2012&fname=Aaron&lname=Tester&address=1105
se 8th st&city=Grand
Rapids&state=MN&zip=55744&email=[hidden email]&requestDate=10/01/2012
15:10&stylesheetURL=http://www.google.com';

$str = 'this is a test';
$key = 'SecretKey';
$size = mcrypt_get_block_size('blowfish', 'ecb');
$padded_str = pkcs5_pad($str, $size);

// encrypt and encode
$msg = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $padded_str,
MCRYPT_MODE_ECB, 'anything'); // IV must be 8-characters
$msg = base64_encode($msg);
$msg = urlencode($msg);

echo $msg;

?>

=> GTlE8W3OQ9nY3g5d%2FnTzCg%3D%3D


In php the calculated value of $size is 8, so I can hard code that in
lasso (I'd rather calculate it, but I'm not sure how.)  More
importantly, I'm not sure how to do the blowfish encryption with lasso
so that it will match the value php returns.  I've tried using
encrypt_blowfish and encrypt_blowfish2, but neither

My lasso code looks like this -- you can swap out encrypt_blowfis2, with
encrypt_blowfish but neither produces the desired result.  Any ideas?

<?lassoscript

define_tag('ascii', -required='int');
     return(string(bytes->import8bits(integer(#int))&));
/define_tag;

define_tag(
     'pkcs5_pad'
,    -required='s', -type='string'
,    -required='blocksize', -type='integer'
);
     local(
         'pad' = (#blocksize - (#s->size % #blocksize))
     );
     return (#s + (ascii(#pad) * #pad));
/define_tag;

local(
     'str' = 'this is a test'
,    'msg' = ''
,    'key' = 'SecretKey'
,    'size' = 8
,    'padded_str' = ''
);

#padded_str = pkcs5_pad(#str, 8);

#msg = encrypt_blowfish2(#padded_str, -seed=#key); // not sure how to
deal with ECB, etc.
#msg = encode_base64(#msg);
#msg = encode_stricturl(#msg);
#msg;

?>

Hopefully someone will be able to shed some light on this for me...
Would love to be able to do it in lasso natively.  Perhaps the answer is
within encrypt_cipher somewhere? anyone?

-Trevor
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

RE: blowfish, blowfish2 vs mcrypt blowfish

Rick Draper-2
Hi Trevor,

Aligning encryption can be a pain - blowfish2 is the most compatible implementation, so don't waste time on blowfish.  Can I suggest you try with some basics first to see if you can get a reliable baseline.

I think your theory that the ecb mode may be the culprit is likely correct, but Kyle is likely one of the few that can answer that one.

Sorry I can't be of more assistance.

Very best regards

Rick

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Trevor Borgmeier
Sent: Saturday, 6 October 2012 11:54 AM
To: Lasso Talk
Subject: blowfish, blowfish2 vs mcrypt blowfish

I'm trying to convert a PHP process into lasso and having difficulty matching the blowfish encryption results between the two. I'm guessing it has to do with the "ecb" mode...

Here is the php code that produces the results I want to match with lasso:

<?php

function pkcs5_pad ($text, $blocksize) {
   $pad = $blocksize - (strlen($text) % $blocksize);
   return $text . str_repeat(chr($pad), $pad); }

$str = 'serviceClass=EVRYDY
BARGAINS&memberID=0377200217&memberStatus=A&enrollmentDate=10/01/2012&fname=Aaron&lname=Tester&address=1105
se 8th st&city=Grand
Rapids&state=MN&zip=55744&email=[hidden email]&requestDate=10/01/2012
15:10&stylesheetURL=http://www.google.com';

$str = 'this is a test';
$key = 'SecretKey';
$size = mcrypt_get_block_size('blowfish', 'ecb'); $padded_str = pkcs5_pad($str, $size);

// encrypt and encode
$msg = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $padded_str, MCRYPT_MODE_ECB, 'anything'); // IV must be 8-characters $msg = base64_encode($msg); $msg = urlencode($msg);

echo $msg;

?>

=> GTlE8W3OQ9nY3g5d%2FnTzCg%3D%3D


In php the calculated value of $size is 8, so I can hard code that in lasso (I'd rather calculate it, but I'm not sure how.)  More importantly, I'm not sure how to do the blowfish encryption with lasso so that it will match the value php returns.  I've tried using encrypt_blowfish and encrypt_blowfish2, but neither

My lasso code looks like this -- you can swap out encrypt_blowfis2, with encrypt_blowfish but neither produces the desired result.  Any ideas?

<?lassoscript

define_tag('ascii', -required='int');
     return(string(bytes->import8bits(integer(#int))&));
/define_tag;

define_tag(
     'pkcs5_pad'
,    -required='s', -type='string'
,    -required='blocksize', -type='integer'
);
     local(
         'pad' = (#blocksize - (#s->size % #blocksize))
     );
     return (#s + (ascii(#pad) * #pad)); /define_tag;

local(
     'str' = 'this is a test'
,    'msg' = ''
,    'key' = 'SecretKey'
,    'size' = 8
,    'padded_str' = ''
);

#padded_str = pkcs5_pad(#str, 8);

#msg = encrypt_blowfish2(#padded_str, -seed=#key); // not sure how to deal with ECB, etc.
#msg = encode_base64(#msg);
#msg = encode_stricturl(#msg);
#msg;

?>

Hopefully someone will be able to shed some light on this for me...
Would love to be able to do it in lasso natively.  Perhaps the answer is within encrypt_cipher somewhere? anyone?

-Trevor
#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>



#############################################################
This message is sent to you because you are subscribed to
  the mailing list Lasso
[hidden email]
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: blowfish, blowfish2 vs mcrypt blowfish

Johan Solve
I'm trying to find a matching encryption process between Lasso 8.6 and PHP.

[encode_hex(cipher_encrypt('Top secret', -cipher='DES-ECB', -key='12345678'))]
returns CB6F32C4BD87E1818BDAB1FF985F1E30

<?php echo bin2hex(mcrypt_encrypt(MCRYPT_DES, '12345678', 'Top
secret', MCRYPT_MODE_ECB));?>
returns cb6f32c4bd87e181b41b7197cd82662f

First part of the result is the same, but not all of it.

I've chosen DES-ECB to avoid issues with missing initialization vector
and since BF-ECB isn't available in cipher_list on the machine, but
I've tried with BF-CBC too while suppressing iv error.

Can anyone tell what's wrong?

Maybe I should just call php with os_process.



2012-10-06 22:17 GMT+02:00 Rick Draper <[hidden email]>:

> Hi Trevor,
>
> Aligning encryption can be a pain - blowfish2 is the most compatible implementation, so don't waste time on blowfish.  Can I suggest you try with some basics first to see if you can get a reliable baseline.
>
> I think your theory that the ecb mode may be the culprit is likely correct, but Kyle is likely one of the few that can answer that one.
>
> Sorry I can't be of more assistance.
>
> Very best regards
>
> Rick
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Trevor Borgmeier
> Sent: Saturday, 6 October 2012 11:54 AM
> To: Lasso Talk
> Subject: blowfish, blowfish2 vs mcrypt blowfish
>
> I'm trying to convert a PHP process into lasso and having difficulty matching the blowfish encryption results between the two. I'm guessing it has to do with the "ecb" mode...
>
> Here is the php code that produces the results I want to match with lasso:
>
> <?php
>
> function pkcs5_pad ($text, $blocksize) {
>    $pad = $blocksize - (strlen($text) % $blocksize);
>    return $text . str_repeat(chr($pad), $pad); }
>
> $str = 'serviceClass=EVRYDY
> BARGAINS&memberID=0377200217&memberStatus=A&enrollmentDate=10/01/2012&fname=Aaron&lname=Tester&address=1105
> se 8th st&city=Grand
> Rapids&state=MN&zip=55744&email=[hidden email]&requestDate=10/01/2012
> 15:10&stylesheetURL=http://www.google.com';
>
> $str = 'this is a test';
> $key = 'SecretKey';
> $size = mcrypt_get_block_size('blowfish', 'ecb'); $padded_str = pkcs5_pad($str, $size);
>
> // encrypt and encode
> $msg = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $padded_str, MCRYPT_MODE_ECB, 'anything'); // IV must be 8-characters $msg = base64_encode($msg); $msg = urlencode($msg);
>
> echo $msg;
>
> ?>
>
> => GTlE8W3OQ9nY3g5d%2FnTzCg%3D%3D
>
>
> In php the calculated value of $size is 8, so I can hard code that in lasso (I'd rather calculate it, but I'm not sure how.)  More importantly, I'm not sure how to do the blowfish encryption with lasso so that it will match the value php returns.  I've tried using encrypt_blowfish and encrypt_blowfish2, but neither
>
> My lasso code looks like this -- you can swap out encrypt_blowfis2, with encrypt_blowfish but neither produces the desired result.  Any ideas?
>
> <?lassoscript
>
> define_tag('ascii', -required='int');
>      return(string(bytes->import8bits(integer(#int))&));
> /define_tag;
>
> define_tag(
>      'pkcs5_pad'
> ,    -required='s', -type='string'
> ,    -required='blocksize', -type='integer'
> );
>      local(
>          'pad' = (#blocksize - (#s->size % #blocksize))
>      );
>      return (#s + (ascii(#pad) * #pad)); /define_tag;
>
> local(
>      'str' = 'this is a test'
> ,    'msg' = ''
> ,    'key' = 'SecretKey'
> ,    'size' = 8
> ,    'padded_str' = ''
> );
>
> #padded_str = pkcs5_pad(#str, 8);
>
> #msg = encrypt_blowfish2(#padded_str, -seed=#key); // not sure how to deal with ECB, etc.
> #msg = encode_base64(#msg);
> #msg = encode_stricturl(#msg);
> #msg;
>
> ?>
>
> Hopefully someone will be able to shed some light on this for me...
> Would love to be able to do it in lasso natively.  Perhaps the answer is within encrypt_cipher somewhere? anyone?
>
> -Trevor
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list Lasso
> [hidden email]
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list Lasso
> [hidden email]
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>



--
Mvh
Johan Sölve
____________________________________
Montania System AB
Halmstad   Stockholm
http://www.montania.se

Johan Sölve
Mobil +46 709-51 55 70
[hidden email]

Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
Telefon +46 35-136800 |  Fax +46 35-136801

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: blowfish, blowfish2 vs mcrypt blowfish

Ke Carlton-3
Perhaps try via CLI and Open SSL.

Either use it as a reference point until you find a cipher that fits, or
perhaps consider using shell call on both.

Ke





On Sat, Feb 20, 2016 at 2:08 AM Johan Solve <[hidden email]> wrote:

> I'm trying to find a matching encryption process between Lasso 8.6 and PHP.
>
> [encode_hex(cipher_encrypt('Top secret', -cipher='DES-ECB',
> -key='12345678'))]
> returns CB6F32C4BD87E1818BDAB1FF985F1E30
>
> <?php echo bin2hex(mcrypt_encrypt(MCRYPT_DES, '12345678', 'Top
> secret', MCRYPT_MODE_ECB));?>
> returns cb6f32c4bd87e181b41b7197cd82662f
>
> First part of the result is the same, but not all of it.
>
> I've chosen DES-ECB to avoid issues with missing initialization vector
> and since BF-ECB isn't available in cipher_list on the machine, but
> I've tried with BF-CBC too while suppressing iv error.
>
> Can anyone tell what's wrong?
>
> Maybe I should just call php with os_process.
>
>
>
> 2012-10-06 22:17 GMT+02:00 Rick Draper <[hidden email]>:
> > Hi Trevor,
> >
> > Aligning encryption can be a pain - blowfish2 is the most compatible
> implementation, so don't waste time on blowfish.  Can I suggest you try
> with some basics first to see if you can get a reliable baseline.
> >
> > I think your theory that the ecb mode may be the culprit is likely
> correct, but Kyle is likely one of the few that can answer that one.
> >
> > Sorry I can't be of more assistance.
> >
> > Very best regards
> >
> > Rick
> >
> > -----Original Message-----
> > From: [hidden email] [mailto:
> [hidden email]] On Behalf Of Trevor Borgmeier
> > Sent: Saturday, 6 October 2012 11:54 AM
> > To: Lasso Talk
> > Subject: blowfish, blowfish2 vs mcrypt blowfish
> >
> > I'm trying to convert a PHP process into lasso and having difficulty
> matching the blowfish encryption results between the two. I'm guessing it
> has to do with the "ecb" mode...
> >
> > Here is the php code that produces the results I want to match with
> lasso:
> >
> > <?php
> >
> > function pkcs5_pad ($text, $blocksize) {
> >    $pad = $blocksize - (strlen($text) % $blocksize);
> >    return $text . str_repeat(chr($pad), $pad); }
> >
> > $str = 'serviceClass=EVRYDY
> >
> BARGAINS&memberID=0377200217&memberStatus=A&enrollmentDate=10/01/2012&fname=Aaron&lname=Tester&address=1105
> > se 8th st&city=Grand
> > Rapids&state=MN&zip=55744&email=[hidden email]&requestDate=10/01/2012
> > 15:10&stylesheetURL=http://www.google.com';
> >
> > $str = 'this is a test';
> > $key = 'SecretKey';
> > $size = mcrypt_get_block_size('blowfish', 'ecb'); $padded_str =
> pkcs5_pad($str, $size);
> >
> > // encrypt and encode
> > $msg = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $padded_str,
> MCRYPT_MODE_ECB, 'anything'); // IV must be 8-characters $msg =
> base64_encode($msg); $msg = urlencode($msg);
> >
> > echo $msg;
> >
> > ?>
> >
> > => GTlE8W3OQ9nY3g5d%2FnTzCg%3D%3D
> >
> >
> > In php the calculated value of $size is 8, so I can hard code that in
> lasso (I'd rather calculate it, but I'm not sure how.)  More importantly,
> I'm not sure how to do the blowfish encryption with lasso so that it will
> match the value php returns.  I've tried using encrypt_blowfish and
> encrypt_blowfish2, but neither
> >
> > My lasso code looks like this -- you can swap out encrypt_blowfis2, with
> encrypt_blowfish but neither produces the desired result.  Any ideas?
> >
> > <?lassoscript
> >
> > define_tag('ascii', -required='int');
> >      return(string(bytes->import8bits(integer(#int))&));
> > /define_tag;
> >
> > define_tag(
> >      'pkcs5_pad'
> > ,    -required='s', -type='string'
> > ,    -required='blocksize', -type='integer'
> > );
> >      local(
> >          'pad' = (#blocksize - (#s->size % #blocksize))
> >      );
> >      return (#s + (ascii(#pad) * #pad)); /define_tag;
> >
> > local(
> >      'str' = 'this is a test'
> > ,    'msg' = ''
> > ,    'key' = 'SecretKey'
> > ,    'size' = 8
> > ,    'padded_str' = ''
> > );
> >
> > #padded_str = pkcs5_pad(#str, 8);
> >
> > #msg = encrypt_blowfish2(#padded_str, -seed=#key); // not sure how to
> deal with ECB, etc.
> > #msg = encode_base64(#msg);
> > #msg = encode_stricturl(#msg);
> > #msg;
> >
> > ?>
> >
> > Hopefully someone will be able to shed some light on this for me...
> > Would love to be able to do it in lasso natively.  Perhaps the answer is
> within encrypt_cipher somewhere? anyone?
> >
> > -Trevor
> > #############################################################
> > This message is sent to you because you are subscribed to
> >   the mailing list Lasso
> > [hidden email]
> > To unsubscribe, E-mail to: <[hidden email]>
> > Send administrative queries to  <[hidden email]>
> >
> >
> >
> > #############################################################
> > This message is sent to you because you are subscribed to
> >   the mailing list Lasso
> > [hidden email]
> > To unsubscribe, E-mail to: <[hidden email]>
> > Send administrative queries to  <[hidden email]>
>
>
>
> --
> Mvh
> Johan Sölve
> ____________________________________
> Montania System AB
> Halmstad   Stockholm
> http://www.montania.se
>
> Johan Sölve
> Mobil +46 709-51 55 70
> [hidden email]
>
> Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
> Telefon +46 35-136800 |  Fax +46 35-136801
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: blowfish, blowfish2 vs mcrypt blowfish

Marc Vos-3
I'm also interested - I had encrypted data via Lasso code. Then came PHP and I found no way which matched the Lasso way of encryption.

In my point of view I used the same seed and the same methods but the resulted strings were different between Lasso and PHP, which of course implied that decrypting my data between languages also did not work.

So until a solution is found, my data is not encrypted.

- -
Regards,
Marc

> Op 19 feb. 2016 om 21:55 heeft Ke Carlton <[hidden email]> het volgende geschreven:
>
> Perhaps try via CLI and Open SSL.
>
> Either use it as a reference point until you find a cipher that fits, or
> perhaps consider using shell call on both.
>
> Ke
>
>
>
>
>
>> On Sat, Feb 20, 2016 at 2:08 AM Johan Solve <[hidden email]> wrote:
>>
>> I'm trying to find a matching encryption process between Lasso 8.6 and PHP.
>>
>> [encode_hex(cipher_encrypt('Top secret', -cipher='DES-ECB',
>> -key='12345678'))]
>> returns CB6F32C4BD87E1818BDAB1FF985F1E30
>>
>> <?php echo bin2hex(mcrypt_encrypt(MCRYPT_DES, '12345678', 'Top
>> secret', MCRYPT_MODE_ECB));?>
>> returns cb6f32c4bd87e181b41b7197cd82662f
>>
>> First part of the result is the same, but not all of it.
>>
>> I've chosen DES-ECB to avoid issues with missing initialization vector
>> and since BF-ECB isn't available in cipher_list on the machine, but
>> I've tried with BF-CBC too while suppressing iv error.
>>
>> Can anyone tell what's wrong?
>>
>> Maybe I should just call php with os_process.
>>
>>
>>
>> 2012-10-06 22:17 GMT+02:00 Rick Draper <[hidden email]>:
>>> Hi Trevor,
>>>
>>> Aligning encryption can be a pain - blowfish2 is the most compatible
>> implementation, so don't waste time on blowfish.  Can I suggest you try
>> with some basics first to see if you can get a reliable baseline.
>>>
>>> I think your theory that the ecb mode may be the culprit is likely
>> correct, but Kyle is likely one of the few that can answer that one.
>>>
>>> Sorry I can't be of more assistance.
>>>
>>> Very best regards
>>>
>>> Rick
>>>
>>> -----Original Message-----
>>> From: [hidden email] [mailto:
>> [hidden email]] On Behalf Of Trevor Borgmeier
>>> Sent: Saturday, 6 October 2012 11:54 AM
>>> To: Lasso Talk
>>> Subject: blowfish, blowfish2 vs mcrypt blowfish
>>>
>>> I'm trying to convert a PHP process into lasso and having difficulty
>> matching the blowfish encryption results between the two. I'm guessing it
>> has to do with the "ecb" mode...
>>>
>>> Here is the php code that produces the results I want to match with
>> lasso:
>>>
>>> <?php
>>>
>>> function pkcs5_pad ($text, $blocksize) {
>>>   $pad = $blocksize - (strlen($text) % $blocksize);
>>>   return $text . str_repeat(chr($pad), $pad); }
>>>
>>> $str = 'serviceClass=EVRYDY
>> BARGAINS&memberID=0377200217&memberStatus=A&enrollmentDate=10/01/2012&fname=Aaron&lname=Tester&address=1105
>>> se 8th st&city=Grand
>>> Rapids&state=MN&zip=55744&email=[hidden email]&requestDate=10/01/2012
>>> 15:10&stylesheetURL=http://www.google.com';
>>>
>>> $str = 'this is a test';
>>> $key = 'SecretKey';
>>> $size = mcrypt_get_block_size('blowfish', 'ecb'); $padded_str =
>> pkcs5_pad($str, $size);
>>>
>>> // encrypt and encode
>>> $msg = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $padded_str,
>> MCRYPT_MODE_ECB, 'anything'); // IV must be 8-characters $msg =
>> base64_encode($msg); $msg = urlencode($msg);
>>>
>>> echo $msg;
>>>
>>> ?>
>>>
>>> => GTlE8W3OQ9nY3g5d%2FnTzCg%3D%3D
>>>
>>>
>>> In php the calculated value of $size is 8, so I can hard code that in
>> lasso (I'd rather calculate it, but I'm not sure how.)  More importantly,
>> I'm not sure how to do the blowfish encryption with lasso so that it will
>> match the value php returns.  I've tried using encrypt_blowfish and
>> encrypt_blowfish2, but neither
>>>
>>> My lasso code looks like this -- you can swap out encrypt_blowfis2, with
>> encrypt_blowfish but neither produces the desired result.  Any ideas?
>>>
>>> <?lassoscript
>>>
>>> define_tag('ascii', -required='int');
>>>     return(string(bytes->import8bits(integer(#int))&));
>>> /define_tag;
>>>
>>> define_tag(
>>>     'pkcs5_pad'
>>> ,    -required='s', -type='string'
>>> ,    -required='blocksize', -type='integer'
>>> );
>>>     local(
>>>         'pad' = (#blocksize - (#s->size % #blocksize))
>>>     );
>>>     return (#s + (ascii(#pad) * #pad)); /define_tag;
>>>
>>> local(
>>>     'str' = 'this is a test'
>>> ,    'msg' = ''
>>> ,    'key' = 'SecretKey'
>>> ,    'size' = 8
>>> ,    'padded_str' = ''
>>> );
>>>
>>> #padded_str = pkcs5_pad(#str, 8);
>>>
>>> #msg = encrypt_blowfish2(#padded_str, -seed=#key); // not sure how to
>> deal with ECB, etc.
>>> #msg = encode_base64(#msg);
>>> #msg = encode_stricturl(#msg);
>>> #msg;
>>>
>>> ?>
>>>
>>> Hopefully someone will be able to shed some light on this for me...
>>> Would love to be able to do it in lasso natively.  Perhaps the answer is
>> within encrypt_cipher somewhere? anyone?
>>>
>>> -Trevor
>>> #############################################################
>>> This message is sent to you because you are subscribed to
>>>  the mailing list Lasso
>>> [hidden email]
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>>
>>>
>>>
>>> #############################################################
>>> This message is sent to you because you are subscribed to
>>>  the mailing list Lasso
>>> [hidden email]
>>> To unsubscribe, E-mail to: <[hidden email]>
>>> Send administrative queries to  <[hidden email]>
>>
>>
>>
>> --
>> Mvh
>> Johan Sölve
>> ____________________________________
>> Montania System AB
>> Halmstad   Stockholm
>> http://www.montania.se
>>
>> Johan Sölve
>> Mobil +46 709-51 55 70
>> [hidden email]
>>
>> Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
>> Telefon +46 35-136800 |  Fax +46 35-136801
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>  the mailing list Lasso [hidden email]
>> Official list archives available at http://www.lassotalk.com
>> To unsubscribe, E-mail to: <[hidden email]>
>> Send administrative queries to  <[hidden email]>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: blowfish, blowfish2 vs mcrypt blowfish

French, Shelane
I once tried blowfish with php/lasso and was unsuccessful. I recently had
a project that was php and Java and we used this to make it work - and it
does:

https://github.com/stevenholder/PHP-Java-AES-Encrypt


I have not tried this method in php to match with Lasso, but just for lack
of need at the moment. Maybe this can be useful.



Shelane French
Workforce Enablement
Livermore Information Technology




On 2/19/16, 1:27 PM, "[hidden email] on behalf of Marc
Vos" <[hidden email] on behalf of [hidden email]> wrote:

>I'm also interested - I had encrypted data via Lasso code. Then came PHP
>and I found no way which matched the Lasso way of encryption.
>
>In my point of view I used the same seed and the same methods but the
>resulted strings were different between Lasso and PHP, which of course
>implied that decrypting my data between languages also did not work.
>
>So until a solution is found, my data is not encrypted.
>
>- -
>Regards,
>Marc
>
>> Op 19 feb. 2016 om 21:55 heeft Ke Carlton <[hidden email]> het
>>volgende geschreven:
>>
>> Perhaps try via CLI and Open SSL.
>>
>> Either use it as a reference point until you find a cipher that fits, or
>> perhaps consider using shell call on both.
>>
>> Ke
>>
>>
>>
>>
>>
>>> On Sat, Feb 20, 2016 at 2:08 AM Johan Solve <[hidden email]>
>>>wrote:
>>>
>>> I'm trying to find a matching encryption process between Lasso 8.6 and
>>>PHP.
>>>
>>> [encode_hex(cipher_encrypt('Top secret', -cipher='DES-ECB',
>>> -key='12345678'))]
>>> returns CB6F32C4BD87E1818BDAB1FF985F1E30
>>>
>>> <?php echo bin2hex(mcrypt_encrypt(MCRYPT_DES, '12345678', 'Top
>>> secret', MCRYPT_MODE_ECB));?>
>>> returns cb6f32c4bd87e181b41b7197cd82662f
>>>
>>> First part of the result is the same, but not all of it.
>>>
>>> I've chosen DES-ECB to avoid issues with missing initialization vector
>>> and since BF-ECB isn't available in cipher_list on the machine, but
>>> I've tried with BF-CBC too while suppressing iv error.
>>>
>>> Can anyone tell what's wrong?
>>>
>>> Maybe I should just call php with os_process.
>>>
>>>
>>>
>>> 2012-10-06 22:17 GMT+02:00 Rick Draper <[hidden email]>:
>>>> Hi Trevor,
>>>>
>>>> Aligning encryption can be a pain - blowfish2 is the most compatible
>>> implementation, so don't waste time on blowfish.  Can I suggest you try
>>> with some basics first to see if you can get a reliable baseline.
>>>>
>>>> I think your theory that the ecb mode may be the culprit is likely
>>> correct, but Kyle is likely one of the few that can answer that one.
>>>>
>>>> Sorry I can't be of more assistance.
>>>>
>>>> Very best regards
>>>>
>>>> Rick
>>>>
>>>> -----Original Message-----
>>>> From: [hidden email] [mailto:
>>> [hidden email]] On Behalf Of Trevor Borgmeier
>>>> Sent: Saturday, 6 October 2012 11:54 AM
>>>> To: Lasso Talk
>>>> Subject: blowfish, blowfish2 vs mcrypt blowfish
>>>>
>>>> I'm trying to convert a PHP process into lasso and having difficulty
>>> matching the blowfish encryption results between the two. I'm guessing
>>>it
>>> has to do with the "ecb" mode...
>>>>
>>>> Here is the php code that produces the results I want to match with
>>> lasso:
>>>>
>>>> <?php
>>>>
>>>> function pkcs5_pad ($text, $blocksize) {
>>>>   $pad = $blocksize - (strlen($text) % $blocksize);
>>>>   return $text . str_repeat(chr($pad), $pad); }
>>>>
>>>> $str = 'serviceClass=EVRYDY
>>>
>>>BARGAINS&memberID=0377200217&memberStatus=A&enrollmentDate=10/01/2012&fn
>>>ame=Aaron&lname=Tester&address=1105
>>>> se 8th st&city=Grand
>>>>
>>>>Rapids&state=MN&zip=55744&email=[hidden email]&requestDate=10/01/2012
>>>> 15:10&stylesheetURL=http://www.google.com';
>>>>
>>>> $str = 'this is a test';
>>>> $key = 'SecretKey';
>>>> $size = mcrypt_get_block_size('blowfish', 'ecb'); $padded_str =
>>> pkcs5_pad($str, $size);
>>>>
>>>> // encrypt and encode
>>>> $msg = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $padded_str,
>>> MCRYPT_MODE_ECB, 'anything'); // IV must be 8-characters $msg =
>>> base64_encode($msg); $msg = urlencode($msg);
>>>>
>>>> echo $msg;
>>>>
>>>> ?>
>>>>
>>>> => GTlE8W3OQ9nY3g5d%2FnTzCg%3D%3D
>>>>
>>>>
>>>> In php the calculated value of $size is 8, so I can hard code that in
>>> lasso (I'd rather calculate it, but I'm not sure how.)  More
>>>importantly,
>>> I'm not sure how to do the blowfish encryption with lasso so that it
>>>will
>>> match the value php returns.  I've tried using encrypt_blowfish and
>>> encrypt_blowfish2, but neither
>>>>
>>>> My lasso code looks like this -- you can swap out encrypt_blowfis2,
>>>>with
>>> encrypt_blowfish but neither produces the desired result.  Any ideas?
>>>>
>>>> <?lassoscript
>>>>
>>>> define_tag('ascii', -required='int');
>>>>     return(string(bytes->import8bits(integer(#int))&));
>>>> /define_tag;
>>>>
>>>> define_tag(
>>>>     'pkcs5_pad'
>>>> ,    -required='s', -type='string'
>>>> ,    -required='blocksize', -type='integer'
>>>> );
>>>>     local(
>>>>         'pad' = (#blocksize - (#s->size % #blocksize))
>>>>     );
>>>>     return (#s + (ascii(#pad) * #pad)); /define_tag;
>>>>
>>>> local(
>>>>     'str' = 'this is a test'
>>>> ,    'msg' = ''
>>>> ,    'key' = 'SecretKey'
>>>> ,    'size' = 8
>>>> ,    'padded_str' = ''
>>>> );
>>>>
>>>> #padded_str = pkcs5_pad(#str, 8);
>>>>
>>>> #msg = encrypt_blowfish2(#padded_str, -seed=#key); // not sure how to
>>> deal with ECB, etc.
>>>> #msg = encode_base64(#msg);
>>>> #msg = encode_stricturl(#msg);
>>>> #msg;
>>>>
>>>> ?>
>>>>
>>>> Hopefully someone will be able to shed some light on this for me...
>>>> Would love to be able to do it in lasso natively.  Perhaps the answer
>>>>is
>>> within encrypt_cipher somewhere? anyone?
>>>>
>>>> -Trevor
>>>> #############################################################
>>>> This message is sent to you because you are subscribed to
>>>>  the mailing list Lasso
>>>> [hidden email]
>>>> To unsubscribe, E-mail to: <[hidden email]>
>>>> Send administrative queries to  <[hidden email]>
>>>>
>>>>
>>>>
>>>> #############################################################
>>>> This message is sent to you because you are subscribed to
>>>>  the mailing list Lasso
>>>> [hidden email]
>>>> To unsubscribe, E-mail to: <[hidden email]>
>>>> Send administrative queries to  <[hidden email]>
>>>
>>>
>>>
>>> --
>>> Mvh
>>> Johan Sölve
>>> ____________________________________
>>> Montania System AB
>>> Halmstad   Stockholm
>>> http://www.montania.se
>>>
>>> Johan Sölve
>>> Mobil +46 709-51 55 70
>>> [hidden email]
>>>
>>> Kristinebergsvägen 17, S-302 41 Halmstad, Sweden
>>> Telefon +46 35-136800 |  Fax +46 35-136801
>>>
>>> #############################################################
>>>
>>> This message is sent to you because you are subscribed to
>>>  the mailing list Lasso [hidden email]
>>> Official list archives available at
>>>http://secure-web.cisco.com/1dyY2BAipsFI4VY4JfulFSUmSZgBJg-cL6Ig4p-Ru3KW
>>>p88HOo6Qps2g2BmLkDwZ2noc2L9UMzWfAUMR0i3uJ7xTROM2rq3X2HqRVIYxxsywAX0czgF0
>>>z0vXT-DgA-jFDL5aIM2CbW_Ad5WBtxRkBFLBxTpb-vjH_7h237nyltG-3jh_-wOchyt7JORz
>>>-Arzlnsh63V4ZJkjdDZC8Wg5K1VtLhm0NwV6nVsdiq9dyZ1SrhXTSptW68xWJBo57ABzbcr6
>>>rCIkHc5-G6zUqczFm6E4lLQaQyQj_XFwlbel2kkALhMUp0s8nkAWXvxu4ziJlT-4HAlJPhzI
>>>sKPXzz1R-SI29Abtou-xtv7pAhnaV1OiYlgCSQbB-mwBibNf6wZ-z/http%3A%2F%2Fwww.l
>>>assotalk.com%0A%3E%3E%20To%20unsubscribe%2C%20E-mail%20to%3A%20%3CLasso-
>>>unsubscribe%40lists.lassosoft.com>
>>> Send administrative queries to  <[hidden email]>
>>
>> #############################################################
>>
>> This message is sent to you because you are subscribed to
>>  the mailing list Lasso [hidden email]
>> Official list archives available at
>>http://secure-web.cisco.com/1VdwfOxRAnKt6AhdO0lAhL8WJvYbBWeQt69U4J-NKD6Kn
>>vFsjKkebF6Nguw9PZ4IVpDwhTjQqmB7UU-CmM9DmqRcIOjbqL1dY-sz7YKw3YoN0YXMADE60D
>>T-rjogXcVURRMDaANKr0tYE9k-F3Y3kdfvIKPHmK93oAzDybo6FKlOG5DBUWvSXo3YvMSQgVe
>>CVHwRE1bC4ESSvjyzYs0R5rCmoF8WY-s5MBKSL9wZIOtii7aQCyhH6_EOsMHVVdS-UCVx4xFh
>>zoD5lgFkxbZyBsjbto6UItxY18pFKXF7VO8a_UXh7qLLWh1njBYg3lpAXQM_XsPUNDONGLIZa
>>ik7rxAALma_sxaTw1eqm7jS9Zv731HNq8v2yMlJqOG0GS3Ud/http%3A%2F%2Fwww.lassota
>>lk.com%0A%3E%20To%20unsubscribe%2C%20E-mail%20to%3A%20%3CLasso-unsubscrib
>>e%40lists.lassosoft.com>
>> Send administrative queries to  <[hidden email]>
>
>#############################################################
>
>This message is sent to you because you are subscribed to
>  the mailing list Lasso [hidden email]
>Official list archives available at
>http://secure-web.cisco.com/1bas4Xei9u9a_WMoost-gHo3s2GOx5y76Qy9nJPe73Yyc-
>fwFwuEBTuRaSPaOERQJqr0itgzxPLraPjAc1b97AtjgOYN2qHqa7Ap-sdaj3J6nVJSrjn2hxRb
>2OVc0bEIQFoK5hPuu8kTsVCe7aJBuI9LBsZtUM_XCIxNM6cEI86pW3_jI6CewnDQanD9N1Fo9K
>bzzR-RIP_c5CNg6KqMCbpJ0Eh5P5p9gQV8ppDsJ8u9m1O2yxrxo3S1PmDEd5QEgiSBq5toDY6M
>2F4UNbn-OjJpB86PoiSiewuQyXFensdp39JgNSPszuN6UEfUG9ns7jUt7FqPFV9dFHp_T1SzSv
>vpjUaerCyJG4egISNSyUk8XISwo3BhBbHq-r2sVk_DS/http%3A%2F%2Fwww.lassotalk.com
>%0ATo%20unsubscribe%2C%20E-mail%20to%3A%20%3CLasso-unsubscribe%40lists.las
>sosoft.com>
>Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>