[lsc-users] Symmetric encryption : how to share the secret key ?

Eric Cassette Eric.Cassette at univ-lille1.fr
Thu Oct 30 17:50:15 CET 2014


Hello,

Problem solved.

With the help of the source code from 
http://tools.lsc-project.org/projects/lsc/repository/entry/lsc/trunk/bin/passwordhk.pl, 
I confirm that the length of the key used by the 
"SecurityUtils.encrypt"and "SecurityUtils.decrypt"functions is 16 bytes 
(the first 16 bytes from the "lsc.key" file).

But... during my first tries, the "passwordhk.pl"  gave not the same 
encryption, until I realize that only the first 15 bytes of the 
"lsc.key" file were used by this script.

After a little modification (see diff below),  the results of the 
encryption are the same from LSC and passwordhk.pl (encryption 
"Crypt::Rijndael" with a 128 bits key).

diff passwordhk.pl passwordhk-key_16_bytes.pl
108c108
<     $key = substr( $key, 0, 15 );
---
 >     $key = substr( $key, 0, 16 );

Many thanks for the help.

Eric

Le 29/10/2014 16:57, David Coutadeur a écrit :
>
> Hi,
>
> Le 29/10/2014 16:55, Clément OUDOT a écrit :
>> 2014-10-29 16:31 GMT+01:00 Eric Cassette <Eric.Cassette at univ-lille1.fr>:
>>
>>>   Clement,
>>>
>>> Thanks for the answer.
>>>
>>> But the key file that is randomly generated by the java method
>>> "org.lsc.utils.security.SymmetricEncryption" has a size of 24 bytes. Is
>>> this size mandatory ? Does it mean that I must choose a passphrase 
>>> with a
>>> length of 24 characters ? Or does it mean that, in the "lsc.key", 
>>> only the
>>> first 16 bytes are useful and that the 8 other bytes are padding ?
>
> Yes indeed, it only takes the first bytes, and makes a padding for the 
> last bytes.
>
>>>
>>>
>>
>> Well, I don't know the answer, maybe another LSC dev can give you the
>> information.
>>
>>
>>
>>
>>> I ask this, because I thought that the length of the passphrase for 
>>> an AES
>>> 128bits symmetrical encryption was 16 bytes, and because I tried your
>>> suggestion before asking to the mail-list (with a 16 bytes lsc.key 
>>> file),
>>> and that the result of the encryption by the LSC task has not be the 
>>> same
>>> as the result obtained by the OpenLDAP people with a Perl script and 
>>> some
>>> CPAN Crypt add-ons.
>>>
>>> To resume, let's say that before saying to the OpenLDAP people that 
>>> they
>>> probably have made a mistake, I must be certain that the mistake 
>>> does not
>>> come from me ;-)))
>>>
>>>
>>
>> You can find here a Perl script that can be used with LSC encrypted 
>> values
>> :
>> http://tools.lsc-project.org/projects/lsc/repository/entry/lsc/trunk/bin/passwordhk.pl 
>>
>>
>>
>> Clément.
>>
>>
>>
>> _______________________________________________________________
>> Ldap Synchronization Connector (LSC) - http://lsc-project.org
>>
>> lsc-users mailing list
>> lsc-users at lists.lsc-project.org
>> http://lists.lsc-project.org/listinfo/lsc-users
>>
>
>



More information about the lsc-users mailing list