Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
Decrypt using BcryptDecrypt
gcrypt-devel at gnupg
Jun 2, 2020, 4:27 AM
Post #1 of 5 (903 views)
Permalink
Hello team,

I am trying out Libgcrypt 1.85 APIs for AES 256 encryption in
CBC mode on Fedora computer. I have a windows 10 computer on which I have
installed oracle virtual box and running a Fedora OS machine in it.

Firstly, I tried encryption and decryption on Fedora using Libgcrypt APIs.
It worked so easy and Smooth with no error and data loss.

Since nowadays cross platform capability has become a MUST point in
software world, I am also trying to test encryption and encryption in cross
platform scenario.

I am trying to encrypt file on fedora using Libgcrypt APIs, and decrypt
that encrypted file on windows.

On windows I am using Bcrypt library which also supports AES 256 in CBC
mode.

The problem I am facing right now is, I am getting an error from
BcryptDecrypt() function on windows when I try to decrypt the file
encrypted on Fedora box.

Though the surprising thing is when I pass the entire encrypted file
content all at once to BcryptDecrypt() it is able to decrypt the data
correctly with no data loss, but it still returns error code "-1073741762
(0xC000003E) which means as" STATUS_DATA_ERROR" in windows.

Hence, I wanted to check, if the Libgcrypt APIs are doing padding
internally since I am not passing any such instruction to the Libgcrypt
library explicitly?

I am kind of stuck in this since 2 weeks now. I tried all possible things,
checked endianess, byte size etc on both Fedora and windows computer.

I need some help here to know internal behaviour if Libgcrypt library.

Please help me.

Thank you in advance.

Best Regards,
Mandar
Re: Decrypt using BcryptDecrypt [ In reply to ]
gcrypt-devel at gnupg
Jun 5, 2020, 1:32 AM
Post #2 of 5 (898 views)
Permalink
On Tue, 2 Jun 2020 16:57, Mandar Apte said:
> On windows I am using Bcrypt library which also supports AES 256 in CBC
> mode.

FWIW, Libgcrypt runs very well on Windows.

> Hence, I wanted to check, if the Libgcrypt APIs are doing padding
> internally since I am not passing any such instruction to the Libgcrypt
> library explicitly?

No, Libgcrypt does not do any padding and it expects complete blocks.
gcry_cipher_get_algo_blklen() tells you the block length of the cipher
algorithm.

There is a flag to enable ciphertext stealing (GCRY_CIPHER_CBC_CTS) but
in this case you need to pass the entire plaintext/ciphertext to the
encrypt/decrypt function; there is no way to do this incremental.

For the standard padding as used in CMS (S/MIME), you need to handle the
padding in your code; here is a snippet

if (last_block_is_incomplete)
{
int i,
int npad = blklen - (buflen % blklen);

p = buffer;
for (n=buflen, i=0; n < bufsize && i < npad; n++, i++)
p[n] = npad;
gcry_cipher_encrypt (chd, buffer, n, buffer, n);
}



Shalom-Salam,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: Decrypt using BcryptDecrypt [ In reply to ]
gcrypt-devel at gnupg
Jun 5, 2020, 6:46 AM
Post #3 of 5 (898 views)
Permalink
Hello Werner,

Thank you very much for the response.

The way you have shown in the email chain below, I had done same thing in
my code as well. Also, I am passing the data of block length size only to
gcry_cipher_encrypt and gcry_cipher_decrypt APIs.
Now, my goal is to check, if the AES256 encryption/decryption is same for
libgcrypt and Bcrypt library. Thats the reason I am trying to decrypt the
data, which was encrypted using Libgcrypt APIs, using Bcrypt APIs on
windows.

I am pretty sure if I use windows version of Libgcrypt my problem wont be
there at all.

I think I myself have to handle the padding while encrypting using
Libgcrypt library APIs.

Since, I have to handle padding in my code, is there any APIs in libgcrypt
with which I ensure that I am padding the data in standard way? Are there
any APIs in Libgcrypt using which I can get padded data along with my plain
text data which I can encrypt using gcry_cipher_encrypt?


Thank you in advance.
Best Regards,
Mandar



On Fri, 5 Jun 2020, 2:05 pm Werner Koch, <wk@gnupg.org> wrote:

> On Tue, 2 Jun 2020 16:57, Mandar Apte said:
> > On windows I am using Bcrypt library which also supports AES 256 in CBC
> > mode.
>
> FWIW, Libgcrypt runs very well on Windows.
>
> > Hence, I wanted to check, if the Libgcrypt APIs are doing padding
> > internally since I am not passing any such instruction to the Libgcrypt
> > library explicitly?
>
> No, Libgcrypt does not do any padding and it expects complete blocks.
> gcry_cipher_get_algo_blklen() tells you the block length of the cipher
> algorithm.
>
> There is a flag to enable ciphertext stealing (GCRY_CIPHER_CBC_CTS) but
> in this case you need to pass the entire plaintext/ciphertext to the
> encrypt/decrypt function; there is no way to do this incremental.
>
> For the standard padding as used in CMS (S/MIME), you need to handle the
> padding in your code; here is a snippet
>
> if (last_block_is_incomplete)
> {
> int i,
> int npad = blklen - (buflen % blklen);
>
> p = buffer;
> for (n=buflen, i=0; n < bufsize && i < npad; n++, i++)
> p[n] = npad;
> gcry_cipher_encrypt (chd, buffer, n, buffer, n);
> }
>
>
>
> Shalom-Salam,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
Re: Decrypt using BcryptDecrypt [ In reply to ]
gcrypt-devel at gnupg
Jun 10, 2020, 9:38 AM
Post #4 of 5 (894 views)
Permalink
Hello Team,

Are there any APIs in Libgcrypt using which I can get padded data
along with my plain text data which I can encrypt using
gcry_cipher_encrypt?


Thanks in advance.
Best Regards,
Mandar

On Fri, 5 Jun 2020, 7:16 pm Mandar Apte, <mandar.apte409@gmail.com> wrote:

> Hello Werner,
>
> Thank you very much for the response.
>
> The way you have shown in the email chain below, I had done same thing in
> my code as well. Also, I am passing the data of block length size only to
> gcry_cipher_encrypt and gcry_cipher_decrypt APIs.
> Now, my goal is to check, if the AES256 encryption/decryption is same for
> libgcrypt and Bcrypt library. Thats the reason I am trying to decrypt the
> data, which was encrypted using Libgcrypt APIs, using Bcrypt APIs on
> windows.
>
> I am pretty sure if I use windows version of Libgcrypt my problem wont be
> there at all.
>
> I think I myself have to handle the padding while encrypting using
> Libgcrypt library APIs.
>
> Since, I have to handle padding in my code, is there any APIs in libgcrypt
> with which I ensure that I am padding the data in standard way?
>


Are there any APIs in Libgcrypt using which I can get padded data along
> with my plain text data which I can encrypt using gcry_cipher_encrypt?
>
>
> Thank you in advance.
> Best Regards,
> Mandar
>
>
>
> On Fri, 5 Jun 2020, 2:05 pm Werner Koch, <wk@gnupg.org> wrote:
>
>> On Tue, 2 Jun 2020 16:57, Mandar Apte said:
>> > On windows I am using Bcrypt library which also supports AES 256 in CBC
>> > mode.
>>
>> FWIW, Libgcrypt runs very well on Windows.
>>
>> > Hence, I wanted to check, if the Libgcrypt APIs are doing padding
>> > internally since I am not passing any such instruction to the Libgcrypt
>> > library explicitly?
>>
>> No, Libgcrypt does not do any padding and it expects complete blocks.
>> gcry_cipher_get_algo_blklen() tells you the block length of the cipher
>> algorithm.
>>
>> There is a flag to enable ciphertext stealing (GCRY_CIPHER_CBC_CTS) but
>> in this case you need to pass the entire plaintext/ciphertext to the
>> encrypt/decrypt function; there is no way to do this incremental.
>>
>> For the standard padding as used in CMS (S/MIME), you need to handle the
>> padding in your code; here is a snippet
>>
>> if (last_block_is_incomplete)
>> {
>> int i,
>> int npad = blklen - (buflen % blklen);
>>
>> p = buffer;
>> for (n=buflen, i=0; n < bufsize && i < npad; n++, i++)
>> p[n] = npad;
>> gcry_cipher_encrypt (chd, buffer, n, buffer, n);
>> }
>>
>>
>>
>> Shalom-Salam,
>>
>> Werner
>>
>>
>> --
>> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>>
>
Re: Decrypt using BcryptDecrypt [ In reply to ]
gcrypt-devel at gnupg
Jun 15, 2020, 12:02 AM
Post #5 of 5 (891 views)
Permalink
Any help regarding request in below email ?

On Wed, 10 Jun 2020, 10:08 pm Mandar Apte, <mandar.apte409@gmail.com> wrote:

> Hello Team,
>
> Are there any APIs in Libgcrypt using which I can get padded
> data along with my plain text data which I can encrypt using
> gcry_cipher_encrypt?
>
>
> Thanks in advance.
> Best Regards,
> Mandar
>
> On Fri, 5 Jun 2020, 7:16 pm Mandar Apte, <mandar.apte409@gmail.com> wrote:
>
>> Hello Werner,
>>
>> Thank you very much for the response.
>>
>> The way you have shown in the email chain below, I had done same thing in
>> my code as well. Also, I am passing the data of block length size only to
>> gcry_cipher_encrypt and gcry_cipher_decrypt APIs.
>> Now, my goal is to check, if the AES256 encryption/decryption is same for
>> libgcrypt and Bcrypt library. Thats the reason I am trying to decrypt the
>> data, which was encrypted using Libgcrypt APIs, using Bcrypt APIs on
>> windows.
>>
>> I am pretty sure if I use windows version of Libgcrypt my problem wont be
>> there at all.
>>
>> I think I myself have to handle the padding while encrypting using
>> Libgcrypt library APIs.
>>
>> Since, I have to handle padding in my code, is there any APIs in
>> libgcrypt with which I ensure that I am padding the data in standard way?
>>
>
>
> Are there any APIs in Libgcrypt using which I can get padded data along
>> with my plain text data which I can encrypt using gcry_cipher_encrypt?
>>
>>
>> Thank you in advance.
>> Best Regards,
>> Mandar
>>
>>
>>
>> On Fri, 5 Jun 2020, 2:05 pm Werner Koch, <wk@gnupg.org> wrote:
>>
>>> On Tue, 2 Jun 2020 16:57, Mandar Apte said:
>>> > On windows I am using Bcrypt library which also supports AES 256 in CBC
>>> > mode.
>>>
>>> FWIW, Libgcrypt runs very well on Windows.
>>>
>>> > Hence, I wanted to check, if the Libgcrypt APIs are doing padding
>>> > internally since I am not passing any such instruction to the Libgcrypt
>>> > library explicitly?
>>>
>>> No, Libgcrypt does not do any padding and it expects complete blocks.
>>> gcry_cipher_get_algo_blklen() tells you the block length of the cipher
>>> algorithm.
>>>
>>> There is a flag to enable ciphertext stealing (GCRY_CIPHER_CBC_CTS) but
>>> in this case you need to pass the entire plaintext/ciphertext to the
>>> encrypt/decrypt function; there is no way to do this incremental.
>>>
>>> For the standard padding as used in CMS (S/MIME), you need to handle the
>>> padding in your code; here is a snippet
>>>
>>> if (last_block_is_incomplete)
>>> {
>>> int i,
>>> int npad = blklen - (buflen % blklen);
>>>
>>> p = buffer;
>>> for (n=buflen, i=0; n < bufsize && i < npad; n++, i++)
>>> p[n] = npad;
>>> gcry_cipher_encrypt (chd, buffer, n, buffer, n);
>>> }
>>>
>>>
>>>
>>> Shalom-Salam,
>>>
>>> Werner
>>>
>>>
>>> --
>>> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>>>
>>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal