[botan-devel] fpe

Jack Lloyd lloyd at randombit.net
Mon Apr 9 15:35:12 EDT 2012

On Thu, Apr 05, 2012 at 11:37:21AM -0700, carl clemens wrote:
> I'm having difficulty with the fpe example: - I don't pretend to understand anything.
> Any ideas would be appreciated.
> Thanks
> a.out 1 myaccount mypassword
> Input was: 1 0
> Encrypted: 1999717643319023 1
> Decrypted: 0 1
> Something went wrong :( Bad CC checksum?

The message is perhaps misleading. The example assumes that the input
is a 'valid' CC number, in that it has a correct checksum. The line

Input was: 1 0

Indicates the input '1' does not have a valid Luhn checksum. How the
example works is that it removes the checksum digit, encrypts the
rest, then computes what the checksum digit should be for the
ciphertext version. The decrypt side then again removes the checksum
and recomputes it. The procedure for removing and then re-adding the
checksum is not strictly necessary but it's a very useful technique
with FPE because it allows you to maintain arbitrary formatting
constraints of the input in the ciphertext (eg it's possible to
encrypt valid tax identifiers such that the ciphertext is also a valid
tax identifier, or words onto words or x86 opcodes onto x86 opcodes or

Here's another example that might make what is happening clearer:

$ ./fpe 1234567890123456 myaccount mypass
Input was: 1234567890123456 0
Encrypted: 6869413781040755 1
Decrypted: 1234567890123452 1
Something went wrong :( Bad CC checksum?

From the decrypted side, we can see that the valid checksum digit is
2, not 6:

                       |- note change here
$ ./fpe 1234567890123452 myaccount mypass
Input was: 1234567890123452 1
Encrypted: 6869413781040755 1
Decrypted: 1234567890123452 1


More information about the botan-devel mailing list