Gem complains "key must be 32 bytes" even though I give it proper keys

Question

Gem complains "key must be 32 bytes" even though I give it proper keys

ChristofferJoergensen opened this issue 5 years ago · comments

Christoffer Joergensen commented 5 years ago

Hi guys.

I'm in the process of replacing an old Rails app with a new one.

The old app uses ruby 2.2.2 and symmetric-encryption 3.8.2.
The new app uses ruby 2.4.1 and symmetric-encryption 4.2.0.

I prefer to store my keys as hexidecimals. So in both apps my symmetric-encryption.yml looks like this:

development:   &development_defaults
  key:               "b1c7d3086cb05b5056a6b30f5e55180cec6fb28ef1650ded94947787da9588c2"
  iv:                   "f053932542406db77f3afcbbd7ade139"
  cipher_name: aes-256-cbc
  encoding:       :base64strict
  version:          0

However my new app complains:

SymmetricEncryption.encrypt("foo") # => ArgumentError: key must be 32 bytes

I've tried debugging by creating new keys, and get the same result. They keys I generate work in the old, but not the new app:

key, iv = [32, 16].map { |bytes|
  SecureRandom.random_bytes(bytes).each_byte.map { |byte| '%02x' % byte }.join
}

Any idea what goes wrong?

Laith Azer · Answer 1 · Tue Mar 26 2019 07:16:48 GMT+0800 (China Standard Time)

I actually just ran into this exact issue today. It's an open ssl issue.

So you'll need to change your key to use "b1c7d3086cb05b5056a6b30f5e55180cec6fb28ef1650ded94947787da9588c2"[0..31] and iv to use "f053932542406db77f3afcbbd7ade139"[0..15]

Christoffer Joergensen · Answer 2 · Tue Mar 26 2019 15:38:25 GMT+0800 (China Standard Time)

@LaithAzer sorry but that doesn't seem to be the issue here. The new app don't complain over key length now, but gives different encryption results.

New app:

SymmetricEncryption.encrypt("foo") # => "QTa0QWD/CXQPnmCg8BLF2A=="

Old app:

SymmetricEncryption.encrypt("foo") # => "iN35mhZeB/v989ZLZqis8Q=="

The manual test sides with the old app:

cipher = SymmetricEncryption::Cipher.new(
  key:                ["b1c7d3086cb05b5056a6b30f5e55180cec6fb28ef1650ded94947787da9588c2"].pack('H*'),
  iv:                 ["f053932542406db77f3afcbbd7ade139"].pack('H*'),
  cipher_name:        'aes-256-cbc',
  encoding:           :base64strict,
  version:            0,
  always_add_header:  false
)

cipher.encrypt("foo") # => "iN35mhZeB/v989ZLZqis8Q=="

Laith Azer · Answer 3 · Tue Mar 26 2019 22:48:19 GMT+0800 (China Standard Time)

Ah ok, well that new issue seems to be more related to this gem. Sorry I can't be of more help with that.

Marcin Kalita · Answer 4 · Wed Apr 17 2019 01:17:24 GMT+0800 (China Standard Time)

I'm testing symmetric-encryption 3.6.0 on ruby 2.2.7 and ruby 2.6.2. I used the script above and a different config and resulting strings matched, so I also think this is issue is related to symmetric-encryption gem upgrade.

EvanYang · Answer 5 · Wed May 22 2019 18:26:32 GMT+0800 (China Standard Time)

The same problem occurred when I upgraded ruby from 2.3.1 to 2.5.5.
symmetric-encryption (3.9.1)
I found some encryption gem same problem occurred when ruby upgraded to 2.4.1+