Hello,
I am using ELK 5.6 (for several reasons)
I dont not succeed to assign a variable string using this ruby code:
s = event.get("[sigfox][data]")
tab = s.split(/(\w{2})(\w{2})(\w{20})/)
pack_id = tab[1]
aes_cnt = tab[2]
data_enc = tab[3]
aes_iv = ""
for i in 1..16 do
aes_iv = aes_iv + aes_cnt
end
#puts aes_iv
decipher = OpenSSL::Cipher::AES.new(128, :CTR)
decipher.decrypt
key = "0F93FE9F47266737B2981718E71D2FAA"
iv = aes_iv
# convert value to HEX
decipher.key = [key].pack("H*")
event.set("[dkey]", decipher.key)
decipher.iv = [iv].pack("H*")
event.set("[d4]", decipher.iv)
data = [data_enc].pack("H*")
event.set("[data]", data)
#plain = decipher.update(data) + decipher.final
plain = decipher.update(data)
#plain = decipher.final
data_decoded = plain.unpack("H*").first
event.set("[data_decoded]", data_decoded)
=> data_decoded field in elasticsearch is empty
Using the same code outside logstash in pure ruby script it works so I guess the problem is located on the event.set method.
#!/usr/bin/ruby
#
require 'openssl'
require 'base64'
s = "c03e9f1ca2d995d26263ed1d"
tab = s.split(/(\w{2})(\w{2})(\w{20})/)
pack_id = tab[1]
aes_cnt = tab[2]
data_enc = tab[3]
puts pack_id
puts aes_cnt
puts data_enc
aes_iv = ""
for i in 1..16 do
aes_iv = aes_iv + aes_cnt
end
#puts aes_iv
decipher = OpenSSL::Cipher::AES.new(128, :CTR)
decipher.decrypt
key = "0F93FE9F47266737B2981718E71D2FAA"
iv = aes_iv
# convert value to HEX
decipher.key = [key].pack("H*")
decipher.iv = [iv].pack("H*")
data = [data_enc].pack("H*")
plain = decipher.update(data)
#plain = decipher.final
data_decoded = plain.unpack("H*").first
puts data_decoded
Results:
]# ./script.rb
test
c0
3e
9f1ca2d995d26263ed1d
4020e69600000000f075
f075
00000000
96
e6
4020
38630 => 'data_decoded' variable
Any idea?
BR