CyberChef | Cyber Swiss Army Knife - a web app

The length of the GCM tag used here is not 32, but 16 bytes.

Furthermore, the BC provider expects ciphertext and tag in concatenated form (ciphertext|tag).

And you have to hex decode key, IV, ciphertext and tag. Since you are running BouncyCastle, you can use org.bouncycastle.util.encoders.Hex.decode(...).

Overall:

Easy to do in shell using arithmetic expansion, which supports bitwise operations.

Itoa isn't what you are looking for

The gRPC protocol is defined in this document. In particular, the section about "Length-Prefixed-Message" describes how the data is encoded:

The repeated sequence of Length-Prefixed-Message items is delivered in DATA frames

• Length-Prefixed-Message → Compressed-Flag Message-Length Message
• Compressed-Flag → 0 / 1 # encoded as 1 byte unsigned integer
• Message-Length → {length of Message} # encoded as 4 byte unsigned integer (big endian)
• Message → *{binary octet}

In other words, to read messages, read 1 byte for the compressed bit, then read 4 bytes for the length, then read that many bytes for the message. If he compressed bit is set, you will need to decompress the message using the format described in the "grpc-encoding" header. Then the format of the message is application-specific. Protobuf is common.

As your key and ciphertext are in hex encoding you need to convert them back to binary data before you can feed them to the decryption function.

The following code gives this output:

Just remove line breaks and it should work.

RC2 is described in RFC2268. It's a block cipher with variable key length and has an additional parameter called effective key length in bits, see RFC2268, Section 2. In the two codes and on the website, a different effective key length in bits is used, causing the different results.

In the Python code, when using PyCryptodome, the effective key length in bits is specified with the parameter effective_keylen upon creation of the ARC2-cipher instance, which may have values between 40 and 1024, where 1024 is the default value. Since the parameter isn't explicitly specified in the posted Python code, the default value is used. Note that this parameter is described in the PyCrypto documentation, but not in the PyCryptodome documentation.

The ciphertext of the website results for effective_keylen = 128. On the website there seems to be no possibility to change the effective key length in bits.

The ciphertext of the C# code can't be reproduced, probably because the IV isn't set in GetRc2Provider (so that the randomly generated IV is used). If this is fixed, it turns out that the effective key length in bits (RC2CryptoServiceProvider#EffectiveKeySize) is implicitly set to the actual key length. If the parameter is explicitly switched to a another value, a System.Security.Cryptography.CryptographicUnexpectedOperationException: EffectiveKeySize must be the same as KeySize in this implementation. is thrown.