Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

LSEncrypt - How to (decrypt?)

  • socius
  • socius's Avatar Topic Author
  • Offline
  • Premium Member
  • Premium Member
More
6 years 1 month ago #166701 by socius
Replied by socius on topic LSEncrypt - How to (decrypt?)
Hi,

Just a short note: I tried again with shorter keys of length 512 bit and 1024 bit (with 2048 bit length I unsuccessfully tried before - s. above).

With 512 bit there is this message:



With length 1024 bit an error message pops up quickly before the terminal window closes.



I made a screenrecording, but the quality is bad unfortunately - but: it seems that somethings working here - at least the warning message points to something new:


Code:
Call to undefined function mcrypt_get_iv_size()

Does that help to solve this? :-)

Thanks for your time!
Best, G
Attachments:
The topic has been locked.
  • socius
  • socius's Avatar Topic Author
  • Offline
  • Premium Member
  • Premium Member
More
6 years 1 month ago #166710 by socius
Replied by socius on topic LSEncrypt - How to (decrypt?)
Hi again,

I also tried to avoid the built-in decryption via the decrypt.php inside encrypted.cmd. I tried to do the decryption with the openssl function in R ( cran.r-project.org/web/packages/openssl/ ). This seems promising ( cran.r-project.org/web/packages/openssl/openssl.pdf#page=7 )

I just cut out the encrypted responses from encrypted.cmd and tried to decrypt them - but as you can see in the specification of the command, I'm missing
  • IV, a "16 byte raw vector returned by encrypt_envelope" and
  • session, a "raw vector with encrypted session key as returned by encrypt_envelope"

since I did not encrypt with the function in the R package, but with LSencrypt. How can I get this information? The decrypt.php uses the IV
Code:
$iv = substr($encryptedKey, 0, mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC));

How could we get these into R - and would this work? Here comes a small reproducible example for encryption/decryption with R:
Code:
#install.packages("openssl")  # https://cran.r-project.org/web/packages/openssl
library(openssl)
 
key.priv <- rsa_keygen(bits = 1024)  # Generate RSA keypair
key.publ <- key.priv$pubkey  # Extract the public key

# The respective functions for encryption and decryption s. https://cran.r-project.org/web/packages/openssl/openssl.pdf#page=7
text <- charToRaw("Hello world!")  # This is the text we want to encrypt

encrypted <- encrypt_envelope(text, pubkey = key.publ)  # We encrypt using the public key

decrypted <- decrypt_envelope(encrypted$data, encrypted$iv, encrypted$session, key = key.priv)  # That's how we decrypt again, using the encrypted data, IV and the encrypted session (I just pretend to know what the latter are).

text <- rawToChar(decrypted)  # This is the text we want to encrypt
text  # Yes: it's "Hello world!" again


Thanks for reading - and for all hints that lead to the decryption - be it via the LSEncryption Plugin or with an R function - everythings welcome! :-)

Best, G
Attachments:
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source