symmetric-encryption icon indicating copy to clipboard operation
symmetric-encryption copied to clipboard

Published 20 hours ago verified publisher icon reidmorrison

Gem complains "key must be 32 bytes" even though I give it proper keys

Open ChristofferJoergensen opened this issue 5 years ago • 5 comments

Hi guys.

I'm in the process of replacing an old Rails app with a new one.

The old app uses ruby 2.2.2 and symmetric-encryption 3.8.2. The new app uses ruby 2.4.1 and symmetric-encryption 4.2.0.

I prefer to store my keys as hexidecimals. So in both apps my symmetric-encryption.yml looks like this:

development:   &development_defaults
  key:               "b1c7d3086cb05b5056a6b30f5e55180cec6fb28ef1650ded94947787da9588c2"
  iv:                   "f053932542406db77f3afcbbd7ade139"
  cipher_name: aes-256-cbc
  encoding:       :base64strict
  version:          0

However my new app complains:

SymmetricEncryption.encrypt("foo") # => ArgumentError: key must be 32 bytes

I've tried debugging by creating new keys, and get the same result. They keys I generate work in the old, but not the new app:

key, iv = [32, 16].map { |bytes|
  SecureRandom.random_bytes(bytes).each_byte.map { |byte| '%02x' % byte }.join
}

Any idea what goes wrong?

ChristofferJoergensen avatar Mar 25 '19 13:03 ChristofferJoergensen

I actually just ran into this exact issue today. It's an open ssl issue.

So you'll need to change your key to use "b1c7d3086cb05b5056a6b30f5e55180cec6fb28ef1650ded94947787da9588c2"[0..31] and iv to use "f053932542406db77f3afcbbd7ade139"[0..15]

LaithAzer avatar Mar 25 '19 23:03 LaithAzer

@LaithAzer sorry but that doesn't seem to be the issue here. The new app don't complain over key length now, but gives different encryption results.

New app:

SymmetricEncryption.encrypt("foo") # => "QTa0QWD/CXQPnmCg8BLF2A=="

Old app:

SymmetricEncryption.encrypt("foo") # => "iN35mhZeB/v989ZLZqis8Q=="

The manual test sides with the old app:

cipher = SymmetricEncryption::Cipher.new(
  key:                ["b1c7d3086cb05b5056a6b30f5e55180cec6fb28ef1650ded94947787da9588c2"].pack('H*'),
  iv:                 ["f053932542406db77f3afcbbd7ade139"].pack('H*'),
  cipher_name:        'aes-256-cbc',
  encoding:           :base64strict,
  version:            0,
  always_add_header:  false
)

cipher.encrypt("foo") # => "iN35mhZeB/v989ZLZqis8Q=="

ChristofferJoergensen avatar Mar 26 '19 07:03 ChristofferJoergensen

Ah ok, well that new issue seems to be more related to this gem. Sorry I can't be of more help with that.

LaithAzer avatar Mar 26 '19 14:03 LaithAzer

I'm testing symmetric-encryption 3.6.0 on ruby 2.2.7 and ruby 2.6.2. I used the script above and a different config and resulting strings matched, so I also think this is issue is related to symmetric-encryption gem upgrade.

rubyconvict avatar Apr 16 '19 17:04 rubyconvict

The same problem occurred when I upgraded ruby ​​from 2.3.1 to 2.5.5. symmetric-encryption (3.9.1) I found some encryption gem same problem occurred when ruby upgraded to 2.4.1+

YaEvan avatar May 22 '19 10:05 YaEvan