Encrypting data with ruby decrypting with node

There are several subtle things that make this fail. The most important one - you are not specifying an IV in your code, so a random value will be generated for you. You would notice that you couldn't even decrypt your ciphertext within the same programming language this way.

So you need to provide an explicit IV to both implementations. But before I show you the code, some advice:

Key generation:

Blowfish operates on 64 bit blocks, its key size varies, but OpenSSL (which currently powers both Ruby's and node.js' cipher implementation) uses 128 bit by default, that is 16 bytes.

So your key violates two principles - the first: it's simply too long. It's the hex representation of a SHA-1 hash, which is 20 bytes * 2 = 40 bytes instead of 16. Most of the time this is fine, because the implementation truncates the values appropriately, but that is something you should not depend on.

The second mistake, much more severe, is that you use the hex representation instead of the raw bytes: big security issue! Hex characters are not random at all, so in effect you reduce the entropy of your input to half the length (because the underlying bytes were random).

A secure way to generate random keys is using OpenSSL::Random

key = OpenSSL::Random.random_bytes(cipher_key_len)

A third mistake is to keep your key hard-coded in the sources. It's a bad idea. The least you should do is to store it elsewhere on the file system, where access is tightly restricted. See also my answer to another question. The key should be stored out-of-band and only loaded dynamically within the application.

Cipher:

Blowfish grows old. It's still considered unbroken in the sense that brute-forcing it is the only way to break it. But a search space of 2^64 is not out of reach for resourceful attackers. So you should indeed move on to AES.

Padding:

OpenSSL pads using PKCS5Padding (also known as PKCS7Padding) by default. Ruby profits from this and my bet is node.js utilizes this, too - so you should be safe on this.

Now to the working solution. We need to generate an IV, Blowfish requires it to be 64 bit - 8 bytes. You will need rbytes to get secure random numbers in node. The IV may be hardcoded in your sources (it's public information, no security impact) - but it must be the same on both sides. You should pregenerate a value and use it for both node.js and Ruby.

/*node.js*/var rbytes = require('rbytes');var iv = rbytes.randomBytes(8);/*see advice above - this should be out-of-band*/var key = rbytes.randomBytes(16);var encrypted = "";var cipher = crypto.createCipheriv('bf-cbc', key, iv);encrypted += cipher.update('text');encrypted += cipher.final('hex');

Now the Ruby part:

require 'openssl'c = OpenSSL::Cipher::Cipher.new("bf-cbc")c.encrypt# should be out-of-band againc.key = OpenSSL::Random.random_bytes(16)# may be public but has to be the same for Ruby and nodeiv = OpenSSL::Random.random_bytes(8)c.iv = iv e = c.update("text")e << c.finalputs e.unpack('H*')[0]

Your cyphertext will be some random looking bytes. Those bytes can be expressed as hex, Base64 or in other ways. It looks as if your ruby code is outputting the raw bytes. I suggest that you convert those raw bytes to hex to make your comparison.

Looking at your code, you should also change from Blowfish ("bf") to AES. Blowfish has a 64-bit block size and is now obsolete.

You would do well to explicitly specify padding, PKCS7 is common

OK. I want to thank everyone for helping me out. Basically this thread here answers my question: https://github.com/joyent/node/issues/1395. I am going to go ahead and post the two programs in case anyone else has to go through this rigamarole. Keep in mind this isn't mean to be hardcore secure, this is a stepping stone for ruby encrypting data and node decrypting it. You will have to take more steps to make sure higher security measures are taken.

The code is located at this gist: https://gist.github.com/799d6021890f34734470

These were run on ruby 1.9.2p290 and node 0.4.10