On Mon, 12 Mar 2018 13:12:49 +0100, Michael Schwendt wrote: > On Fri, 9 Mar 2018 16:32:17 +0100, Florian Weimer wrote: > > > GnuTLS uses Nettle, but does not provide access to DES. You can use > > Nettle directly: > > > > https://www.lysator.liu.se/~nisse/nettle/nettle.html#DES > > > > OpenSSL will work as well, but as Nettle is a preexisting dependency, > > it's probably the right choice here. > > They don't seem to be compatible. > > Whereas Nettle is fully compatible with glibc's rpc/des_crypt.h API, it > offers a completely different interface than encrypt(), which operates on > arrays of 64 bytes for each 64-bit block of input. > > The ciphertext returned by encrypt() differs compared with Nettle and > des_crypt (and that's with the bit vector transformation from the man page). The example in "man encrypt" is the culprit. It extracts the bits from each byte upwards into the bit vector, i.e. offset 0 = bit 0 from byte 0, offset 1 = bit 1 from byte 0, offset 2 = bit 2 from byte 0 and so on. If doing it as in the Claws Mail source code, the ciphertext is the same for all three DES APIs. Claws Mail unpacks the bits in decreasing (!) order. That looks promising. $ ./encrypt passkey = passkey0 Before encrypting: eggplant After encrypting: fd 1a 5d 03 ad e5 a6 c2 After decrypting: eggplant $ ./des_crypt passkey = passkey0 Before encrypting: eggplant After encrypting: fd 1a 5d 03 ad e5 a6 c2 After decrypting: eggplant $ ./nettle passkey = passkey0 Before encrypting: eggplant After encrypting: fd 1a 5d 03 ad e5 a6 c2 After decrypting: eggplant _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
