I tried a couple of hours without much luck, although I suspect it's just that I'm tight.
First, configure that you do not try to reprimand me .: P I have a box with restrictions on its openssl lib, so that it will not do rc4 as the minimum encryption as 40 bits. I have an obsolescence function that uses rc4-40, and I do not have the right to update the encryption to a tighter bit level, because it speaks to other software that I have no control or authority over.
So, the limit is 40 bits of RC4 and cannot use openssl. Any XS / perl that does not return to openssl should be great. I played with several modules, but nothing comes out of the box, and I'm not very good at such things, so I canβt see how to modify / monkey-patch / code fork to handle the key / bit.
This code is currently in use -
echo -ne "OHAI" | openssl rc4-40 -d -nosalt -k KeyPhrase0123456 | xxd 0000000: cbf7 71b2 ..q.
Replacement naive made from FAIL -
perl -MCrypt::RC4 -e 'print RC4("KeyPhrase0123456", "OHAI")' | xxd 0000000: bc14 808b ....
So I need a version of perl code to match the openssl call. I am trying everything reasonably (cf, not openssl-based) that I can find in CPAN, including Crypt :: RC4 ( :: XS ) and Net :: SSH :: Perl :: Cipher :: RC4 . Google led me to some apparently related and adapted code in Authen :: SASL - it was too confusing to follow, except it seemed to support authentication with rc4 -40. I have not tried Crypt :: GCrypt , although it looks promising, I do not see the right use. Cornered.
Is RC4 not working correctly with the openssl command? - was instructive, but ultimately did not help me with the processing / setting of the key / phrase.
Thanks for watching!
Update: after reading a little more in FIPS mode , I think that Crypt :: GCrypt will also be non-functional, even if I knew the right call.