We have some software that interacts with third party software. Recently we've been working on using Private/Public key encryption scheme to allow them to send us a small amount of data (encrypting with a public key) and us decrypting with a private key only we know. Pretty standard stuff. We're using RSA, 2048-bit keys. RSA has been around for, well, ever in computer terms. It's a pretty big standard.
We use OpenSSL to do all of our decryption (using rsautl, the -decrypt command and a secret private key). To save on data being passed around, we only push out the modulus to them (these are devices that are operating on bandwith == expensive networks) and use the standard 65537 exponent to make life easy for both of us.
So far so good, right?
We started doing some testing with them. We couldn't decrypt anything they sent us. We gave them a test private key and modulus that we could both use for testing. They couldn't decrypt what they were encrypting either. Wait, what? They created their own private key and modulus, and used it. Everything worked fine for them. They sent it to us. I try to encrypt with the modulus and decrypt with the given private key. No go. Now I'm really confused.
So I look at the private key using RSA and extract the modulus from it. I'm comparing the two and they don't match. Wait, they don't match? Then I look a little closer... they are reversed (well, almost... since they are hex strings I'm looking at, the sets of two are reversed).
It appears that on Windows, CryptoAPI works in Least Significant Byte Order, while OpenSSL works in Most Significant Byte Order (as you may be able to guess from the title). But, Reversing the key order alone doesn't work. I still can't decrypt their data. Then we discover that not only do we have to reverse the modulus, we also have to reverse the output encrypted data.
At least it all works now, but byte ordering sucks.
Showing posts with label programming. Show all posts
Showing posts with label programming. Show all posts
Friday, April 16, 2010
Friday, April 17, 2009
VB6, Collections and a mini-Rant
I enjoy where I work a lot. There are great people, an interesting and relaxed work environment and some interesting challenges.
But every once in a while, things turn a little sour... mostly when dealing with Visual Basic 6. To give any non-programmers a run down, VB6 is a crappy, slimmed down programming language that, thanks to it's ease of creating interfaces, became quite popular. But VB6 has a lot of limitations that just don't exist in other languages. Some of these are easier to get around than others... As an example, one of our applications has many issues with focus and how VB6 handles change of focus from other apps to itself. Or, rather, how it doesn't handle it nicely. Not pretty.
Today, I'm trying to add some functionality that should be quite easy. I want to use a dictionary to store some data. A dictionary stores data in it, using a key to reference a dataset (similar to a real life dictionary that uses a word to refer to a definition). Dictionaries are quite nice in that it is easy to look something up, since we just ask the dictionary for "ephemeral ", for example, and it returns it's definition "Short-lived; existing or continuing for a short time only" (Dictionary.com's word of the day). Dictionaries are simple, have a fast lookup (key for what I need) and store anything. VB6 has a container that is very similar to a dictionary, but is called a Collection.
The problem with collections is that they don't allow you to use user-defined structs. A struct is just a very simple way of combining some related data together. There is a different way of doing this called a class in VB6. Classes can be used with no problems with collections. So why am I complaining? Because I can place a struct inside the current codebase without having to add another file (each class in VB6 needs to have it's own file). I don't mind adding new files, but for something as minor as holding three items (that's right, just three), I now have to add an entire new file with a grand total of four lines of code in it. Four lines of code. Talk about a waste of time and space.
And don't get me started on classes in VB6. They are a perversion of the programming term class. But that's a rant for another day.
But every once in a while, things turn a little sour... mostly when dealing with Visual Basic 6. To give any non-programmers a run down, VB6 is a crappy, slimmed down programming language that, thanks to it's ease of creating interfaces, became quite popular. But VB6 has a lot of limitations that just don't exist in other languages. Some of these are easier to get around than others... As an example, one of our applications has many issues with focus and how VB6 handles change of focus from other apps to itself. Or, rather, how it doesn't handle it nicely. Not pretty.
Today, I'm trying to add some functionality that should be quite easy. I want to use a dictionary to store some data. A dictionary stores data in it, using a key to reference a dataset (similar to a real life dictionary that uses a word to refer to a definition). Dictionaries are quite nice in that it is easy to look something up, since we just ask the dictionary for "ephemeral ", for example, and it returns it's definition "Short-lived; existing or continuing for a short time only" (Dictionary.com's word of the day). Dictionaries are simple, have a fast lookup (key for what I need) and store anything. VB6 has a container that is very similar to a dictionary, but is called a Collection.
The problem with collections is that they don't allow you to use user-defined structs. A struct is just a very simple way of combining some related data together. There is a different way of doing this called a class in VB6. Classes can be used with no problems with collections. So why am I complaining? Because I can place a struct inside the current codebase without having to add another file (each class in VB6 needs to have it's own file). I don't mind adding new files, but for something as minor as holding three items (that's right, just three), I now have to add an entire new file with a grand total of four lines of code in it. Four lines of code. Talk about a waste of time and space.
And don't get me started on classes in VB6. They are a perversion of the programming term class. But that's a rant for another day.
Subscribe to:
Posts (Atom)
Posts
