{"id":341,"date":"2021-08-24T17:28:21","date_gmt":"2021-08-24T14:28:21","guid":{"rendered":"https:\/\/www.nicau.ro\/?p=341"},"modified":"2021-08-24T17:43:10","modified_gmt":"2021-08-24T14:43:10","slug":"cast-128-encryption-in-practice","status":"publish","type":"post","link":"https:\/\/www.nicau.ro\/?p=341","title":{"rendered":"CAST-128 encryption in practice"},"content":{"rendered":"<p>\u00a0<\/p>\n<p><a href=\"http:\/\/www.nicau.ro\/wp-content\/uploads\/2021\/08\/CAST-128.png\"><img loading=\"lazy\" class=\"aligncenter size-thumbnail wp-image-369\" src=\"http:\/\/www.nicau.ro\/wp-content\/uploads\/2021\/08\/CAST-128-150x150.png\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.nicau.ro\/wp-content\/uploads\/2021\/08\/CAST-128-150x150.png 150w, https:\/\/www.nicau.ro\/wp-content\/uploads\/2021\/08\/CAST-128-144x144.png 144w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><\/a><\/p>\n<p>This symmetric-key block cipher comes in handy as it allows a variable key size of 40 to 128 bits and a block size of 64 bits. According to <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc2144.txt\">RFC2144<\/a> there is no difference between CAST-128 and CAST5, these are two names of a same thing.<\/p>\n<p>\u00a0<\/p>\n<p>Even if widely regarded unsafe, some of us still have reasons for using a smaller key. Other people should go for the full 128 bit key.<\/p>\n<p>We will discuss how you encrypt a text with <b>openssl<\/b> and decrypt it from <b>php<\/b>, along with a couple of subtleties for the beginner crypto user. For this example we will use CAST-128 with a 64 bit key.<\/p>\n<p>Common questions for block ciphers:<\/p>\n<ul>\n<li>how does the block size impact the plaintext? which kind of padding is being applied pre-encryption? &#8212; depending on the params, openssl may use the PKCS#5 padding algorithm or in case of zero padding it may expect the plaintext to be pre-paded\/have its length multiple of block length<\/li>\n<li>is the PKCS#5 padding similar to PKCS#7? &#8212; &#8220;PKCS#5 padding is identical to PKCS#7 padding, except that it has only been defined for block ciphers that use a 64-bit (8-byte) block size. In practice the two can be used interchangeably.&#8221; Source: <a href=\"https:\/\/en.wikipedia.org\/wiki\/Padding_(cryptography)\">Padding (cryptography)<\/a>.<\/li>\n<li>what initialization vector (iv) we use for CAST-128? &#8212; When we encode in CBC mode, &#8220;The iv is optional and defaults to all-zero.&#8221;. Source: <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc2144.txt\">RFC2144<\/a>\u00a0<\/li>\n<\/ul>\n<h3>OpenSSL<\/h3>\n<ul>\n<li>Depending on your platform along with your openssl version, params might not be the same, here all been tested on\u00a0a macOS Big Sur ver.11.4 with version OpenSSL 1.1.1i<\/li>\n<li>To encrypt with a 64 bit key, which is a medium key length supported by CAST-128 please note, the openssl will be padding your key up to 128 bit. Zeros will be added. So if you call openssl with <strong>enc -K &#8220;ABCDABEFAABBCCDD&#8221;<\/strong> which is a 64 bit key, in reality key will be <strong>ABCDABEFAABBCCDD0000000000000000<\/strong> \u00a0<\/li>\n<li>Make sure the input file does not contain any extra chars such as LF. Consider as input a file containing <strong>ANNABELLE\u00a0<\/strong>in plain text<\/li>\n<\/ul>\n<pre style=\"padding-left: 40px;\">MacBook-Pro:~ alexandru$ openssl enc -K \"ABCDABEFAABBCCDD\" -cast -e -in input.txt -out output.base64 -iv 0000000000000000 -nosalt -base64 -p<br \/>hex string is too short, padding with zero bytes to length<br \/>key=ABCDABEFAABBCCDD0000000000000000<br \/>iv =0000000000000000<br \/><br \/>MacBook-Pro:~ alexandru$ cat output.base64<br \/>M11VwvXjPq5sWTrZr4KNDA==<\/pre>\n<h3>PHP<\/h3>\n<ul>\n<li>From PHP are calling the openssl_decrypt and not the obsolete mcrypt_decrypt<\/li>\n<li>Due to the OPENSSL_RAW_DATA we are preparing most params as binary, with the only exception: $method<\/li>\n<li>The $decrypt_result will be plain text<\/li>\n<\/ul>\n<pre style=\"padding-left: 40px;\">$method = \"CAST5-CBC\";<br \/>$secret_key = hex2bin(\"ABCDABEFAABBCCDD\");        \/\/hex string transformed into binary<br \/><br \/>$encrypted_msg = \"M11VwvXjPq5sWTrZr4KNDA==\";      \/\/note, this is base64<br \/>$raw_encrypted_msg = base64_decode($encrypted_msg);<br \/><br \/>$iv = hex2bin(\"0000000000000000\");                \/\/hex string transformed into binary<br \/><br \/>if (is_bool($decrypt_result = openssl_decrypt($raw_encrypted_msg, $method, $secret_key, OPENSSL_RAW_DATA, $iv)))<br \/>    echo \"FAILED!\";<br \/>else<br \/>    echo $decrypt_result;<\/pre>\n<h3>Tricks<\/h3>\n<ul>\n<li>to find what kind of padding your openssl inserted on your plaintext: encrypt normally then decrypt adding the <strong>-nopad<\/strong> parameter, the PKCS#5 \/ PKCS#7 is NOT padding with zeros<\/li>\n<\/ul>\n<pre style=\"padding-left: 40px;\">openssl enc -K \"ABCDABEFAABBCCDD\" -cast -e -in input.txt -out output.base64 -iv 0000000000000000 -nosalt -base64<br \/>openssl enc -K \"ABCDABEFAABBCCDD\" -cast -d -in output.base64 -out output.dec -iv 0000000000000000 -nosalt -base64 -nopad<\/pre>\n<h3>References<\/h3>\n<ul>\n<li><a href=\"https:\/\/crypto.stackexchange.com\/questions\/24045\/is-cast5-still-a-secure-algorithm-to-use\">Is CAST5 still a secure algorithm to use?<\/a><\/li>\n<li><a href=\"http:\/\/index-of.co.uk\/Security\/OpenSSL%20Cookbook.pdf\">Ivan Risti\u0107 &#8211; OpenSSL Cookbook SE<\/a><\/li>\n<li><a href=\"https:\/\/people.eecs.berkeley.edu\/~daw\/papers\/keysched-icics97.ps\">Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA<\/a>.<\/li>\n<\/ul>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0 This symmetric-key block cipher comes in handy as it allows a variable key size of 40 to 128 bits and a block size of 64 bits. According to RFC2144 there is no difference between CAST-128 and CAST5, these are two names of a same thing. \u00a0 Even if widely regarded unsafe, some of us [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[13,14],"tags":[],"_links":{"self":[{"href":"https:\/\/www.nicau.ro\/index.php?rest_route=\/wp\/v2\/posts\/341"}],"collection":[{"href":"https:\/\/www.nicau.ro\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nicau.ro\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nicau.ro\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nicau.ro\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=341"}],"version-history":[{"count":32,"href":"https:\/\/www.nicau.ro\/index.php?rest_route=\/wp\/v2\/posts\/341\/revisions"}],"predecessor-version":[{"id":375,"href":"https:\/\/www.nicau.ro\/index.php?rest_route=\/wp\/v2\/posts\/341\/revisions\/375"}],"wp:attachment":[{"href":"https:\/\/www.nicau.ro\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nicau.ro\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nicau.ro\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}