lundi 24 août 2015

Legacy SSN encryption returns a blank string on decryption

I have a database containing encrypted SSNs which were encrypted using two different methods. The current implementation encrypts/decrypts without issue, however, attempting to decrypt legacy SSNs will always returns a blank string. Looking through the source control, it appears that they originally encrypted using ActiveSupport::MessageEncryptor#encrypt ActiveSupport::MessageEncryptor#decrypt like so:

Setup:

require 'active_support'
# 128 character hex string for the key
KEY = '11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111'
ENCRYPTOR = ActiveSupport::MessageEncryptor.new(KEY)

Decryption:

# All of the undecryptable SSNs are 50 characters
fake_legacy_encrypted_ssn = 'BVWR7PWl2/kuZ6d75/cnwv==--qMADiBu8XoRqn72tug1zaQ=='
ENCRYPTOR.decrypt(fake_legacy_encrypted_ssn)
#=> ""

Encryption:

# Encrypting an SSN returns a 70 characters string, meaning I'm not using the same encryption method?
fake_ssn = '123456789'
ENCRYPTOR.encrypt(fake_ssn)
#=> "Jz0xBXBIC+Pcb6krjopgNcsLcRPPAYytx8Wgn6snqT8=--6rAk3w58N+vRpmpuSEsTvA=="

I have tried installing previous versions of activesupport to hopefully find a different default encryption method other than aes-128-cbc implemented, but no such luck. Might anyone have any suggestions on how to go about decrypting these old SSN values?

Aucun commentaire:

Enregistrer un commentaire