1

I have received the encryption request from a different provider, they were using AES GCM No Padding. When I am trying to decrypt it in ruby getting an error OpenSSL::Cipher::CipherError (). I observed in Java the IV is accepting the 16 bytes(Array of Zeros) whereas ruby is limited to 12 bytes only. I am missing something here. Appreciate your help in advance

Code Snippet for Java

SecretKey sessionKey = getSessionKey(); byte[] IV = new byte[16]; Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); SecretKeySpec keySpec = new SecretKeySpec(sessionKey.getEncoded(), "AES"); GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(16 * 8, IV); cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec); byte[] encryptedText = cipher.doFinal(plaintext); responseMap.put("data", Base64.getEncoder().encodeToString(encryptedText));

Code snippet for Ruby

decrypted_key = "AES KEY" decode_data = Base64.strict_decode64(params["data"]) cipher_text_with_auth_tag = decode_data.unpack("C*") auth_tag = cipher_text_with_auth_tag.last(16).pack("C*") cipher_text = cipher_text_with_auth_tag[0..-17].pack("c*") decipher = OpenSSL::Cipher.new('AES-256-GCM') decipher. decrypt decipher.padding = 0 decipher.key = decrypted_key decipher.iv = "\x00" * 12 decipher.auth_data = '' decipher.auth_tag = auth_tag decrypted_data = decipher.update(cipher_text) + decipher.final
Improve this question
5
  • For GCM a 12 bytes nonce is recommended, although any size is possible. If the Ruby implementation only allows the recommended 12 bytes, the nonce size must be adjusted on the Java side. Without identical nonce sizes, both codes are incompatible. Commented Jun 15, 2023 at 19:44
  • By the way, for GCM no key/IV pairs may be reused. Since a static IV is used, this means that a different key must be used for each encryption. Commented Jun 15, 2023 at 19:47
  • @Topaco Sadly, cannot change the nonce in the Java side as it is being handled by the third-party team. And yes for each encryption a new key is generated Commented Jun 15, 2023 at 19:52
  • I see another library rbnacl which is again limited to 12 bytes for IV. I have a doubt is the cipher error happened due to Java using 16 bytes(zeros) and Ruby using 12 bytes (zeros) or any other thins that I am missing here. Commented Jun 15, 2023 at 20:05
  • According to my test the Ruby code works if a 12 bytes IV is used for encryption. But as long as you use different IVs/IV sizes, the codes are incompatible and decryption will fail. Commented Jun 15, 2023 at 20:40

1 Answer 1

Reset to default
3

You can use a different IV/nonce length in OpenSSL, but you need to call iv_len= first.

something like this should work:

decipher = OpenSSL::Cipher.new('AES-256-GCM') decipher.decrypt decipher.key = key # Call iv_len= before iv= decipher.iv_len = iv_len # e.g. 16 in your case decipher.iv = iv decipher.auth_data = '' decipher.auth_tag = auth_tag decrypted_data = decipher.update(encrypted_data) + decipher.final()
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.