Locksmith 0.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/hola.rb +5 -0
- data/lib/ssl.rb +183 -0
- metadata +46 -0
data/lib/hola.rb
ADDED
data/lib/ssl.rb
ADDED
@@ -0,0 +1,183 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
require 'base64'
|
3
|
+
|
4
|
+
# A class that assists in encrypting and decrypting data using a
|
5
|
+
# combination of RSA and AES
|
6
|
+
#
|
7
|
+
# Data will be AES encrypted for speed, the Key and IV used in
|
8
|
+
# the AES stage will be encrypted using RSA
|
9
|
+
#
|
10
|
+
# ssl = SSL.new(public_key, private_key, passphrase)
|
11
|
+
#
|
12
|
+
# data = File.read("largefile.dat")
|
13
|
+
#
|
14
|
+
# crypted_data = ssl.encrypt_with_private(data)
|
15
|
+
#
|
16
|
+
# pp crypted_data
|
17
|
+
#
|
18
|
+
# This will result in a hash of data like:
|
19
|
+
#
|
20
|
+
# crypted = {:key => "crd4NHvG....=",
|
21
|
+
# :data => "XWXlqN+i...=="}
|
22
|
+
#
|
23
|
+
# The key and data will be base 64 encoded already
|
24
|
+
#
|
25
|
+
# You can pass the data hash into ssl.decrypt_with_public which
|
26
|
+
# should return your original data
|
27
|
+
#
|
28
|
+
# There are matching methods for using a public key to encrypt
|
29
|
+
# data to be decrypted using a private key
|
30
|
+
class SSL
|
31
|
+
PASSWD_CHARS = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@$%^&*()_+{}|":\;?><,./~`'
|
32
|
+
|
33
|
+
attr_reader :public_key_file, :private_key_file, :ssl_cipher
|
34
|
+
|
35
|
+
def initialize(pubkey=nil, privkey=nil, passphrase=nil, ssl_cipher="aes-256-cbc")
|
36
|
+
@public_key_file = pubkey
|
37
|
+
@private_key_file = privkey
|
38
|
+
|
39
|
+
@public_key = read_key(:public, pubkey)
|
40
|
+
@private_key = read_key(:private, privkey, passphrase)
|
41
|
+
@ssl_cipher = ssl_cipher
|
42
|
+
|
43
|
+
raise "Unknown SSL cipher #{ssl_cipher}" unless OpenSSL::Cipher.ciphers.include?(ssl_cipher)
|
44
|
+
end
|
45
|
+
|
46
|
+
# Encrypts supplied data using AES and then encrypts using RSA
|
47
|
+
# the key and IV
|
48
|
+
#
|
49
|
+
# Return a hash with everything base 64 encoded
|
50
|
+
def encrypt_with_public(plain_text)
|
51
|
+
crypted = aes_encrypt(plain_text)
|
52
|
+
|
53
|
+
encoded_key = base64_encode(rsa_encrypt_with_public(crypted[:key]))
|
54
|
+
encoded_data = base64_encode(crypted[:data])
|
55
|
+
|
56
|
+
{:key => encoded_key, :data => encoded_data}
|
57
|
+
end
|
58
|
+
|
59
|
+
# Encrypts supplied data using AES and then encrypts using RSA
|
60
|
+
# the key and IV
|
61
|
+
#
|
62
|
+
# Return a hash with everything base 64 encoded
|
63
|
+
def crypt_with_private(plain_text)
|
64
|
+
crypted = aes_encrypt(plain_text)
|
65
|
+
|
66
|
+
encoded_key = base64_encode(rsa_encrypt_with_private(crypted[:key]))
|
67
|
+
encoded_data = base64_encode(crypted[:data])
|
68
|
+
|
69
|
+
{:key => encoded_key, :data => encoded_data}
|
70
|
+
end
|
71
|
+
|
72
|
+
# Decrypts data, expects a hash as create with crypt_with_public
|
73
|
+
def decrypt_with_private(crypted)
|
74
|
+
raise "Crypted data should include a key" unless crypted.include?(:key)
|
75
|
+
raise "Crypted data should include data" unless crypted.include?(:data)
|
76
|
+
|
77
|
+
key = rsa_decrypt_with_private(base64_decode(crypted[:key]))
|
78
|
+
|
79
|
+
aes_decrypt(key, base64_decode(crypted[:data]))
|
80
|
+
end
|
81
|
+
|
82
|
+
# Decrypts data, expects a hash as create with crypt_with_private
|
83
|
+
def decrypt_with_public(crypted)
|
84
|
+
raise "Crypted data should include a key" unless crypted.include?(:key)
|
85
|
+
raise "Crypted data should include data" unless crypted.include?(:data)
|
86
|
+
|
87
|
+
key = rsa_decrypt_with_public(base64_decode(crypted[:key]))
|
88
|
+
|
89
|
+
aes_decrypt(key, base64_decode(crypted[:data]))
|
90
|
+
end
|
91
|
+
|
92
|
+
# Use the public key to RSA encrypt data
|
93
|
+
def rsa_encrypt_with_public(plain_string)
|
94
|
+
raise "No public key set" unless @public_key
|
95
|
+
|
96
|
+
@public_key.public_encrypt(plain_string)
|
97
|
+
end
|
98
|
+
|
99
|
+
# Use the private key to RSA decrypt data
|
100
|
+
def rsa_decrypt_with_private(crypt_string)
|
101
|
+
raise "No private key set" unless @private_key
|
102
|
+
|
103
|
+
@private_key.private_decrypt(crypt_string)
|
104
|
+
end
|
105
|
+
|
106
|
+
# Use the private key to RSA encrypt data
|
107
|
+
def rsa_encrypt_with_private(plain_string)
|
108
|
+
raise "No private key set" unless @private_key
|
109
|
+
|
110
|
+
@private_key.private_encrypt(plain_string)
|
111
|
+
end
|
112
|
+
|
113
|
+
# Use the public key to RSA decrypt data
|
114
|
+
def rsa_decrypt_with_public(crypt_string)
|
115
|
+
raise "No public key set" unless @public_key
|
116
|
+
|
117
|
+
@public_key.public_decrypt(crypt_string)
|
118
|
+
end
|
119
|
+
|
120
|
+
# encrypts a string, returns a hash of key, iv and data
|
121
|
+
def aes_encrypt(plain_string)
|
122
|
+
cipher = OpenSSL::Cipher::Cipher.new(ssl_cipher)
|
123
|
+
cipher.encrypt
|
124
|
+
|
125
|
+
key = cipher.random_key
|
126
|
+
|
127
|
+
cipher.key = key
|
128
|
+
cipher.pkcs5_keyivgen(key)
|
129
|
+
encrypted_data = cipher.update(plain_string) + cipher.final
|
130
|
+
|
131
|
+
{:key => key, :data => encrypted_data}
|
132
|
+
end
|
133
|
+
|
134
|
+
# decrypts a string given key, iv and data
|
135
|
+
def aes_decrypt(key, crypt_string)
|
136
|
+
cipher = OpenSSL::Cipher::Cipher.new(ssl_cipher)
|
137
|
+
|
138
|
+
cipher.decrypt
|
139
|
+
cipher.key = key
|
140
|
+
cipher.pkcs5_keyivgen(key)
|
141
|
+
decrypted_data = cipher.update(crypt_string) + cipher.final
|
142
|
+
end
|
143
|
+
|
144
|
+
# base 64 encode a string
|
145
|
+
def base64_encode(string)
|
146
|
+
Base64.encode64(string).chomp
|
147
|
+
end
|
148
|
+
|
149
|
+
# base 64 decode a string
|
150
|
+
def base64_decode(string)
|
151
|
+
Base64.decode64(string)
|
152
|
+
end
|
153
|
+
|
154
|
+
# returns a random string made up of characters in the constant PASSWD_CHARS
|
155
|
+
def random_string(length=20)
|
156
|
+
pw = ""
|
157
|
+
|
158
|
+
nr_chars = PASSWD_CHARS.size
|
159
|
+
|
160
|
+
srand()
|
161
|
+
|
162
|
+
length.times { pw << PASSWD_CHARS[ rand( nr_chars ) ] }
|
163
|
+
|
164
|
+
return pw
|
165
|
+
end
|
166
|
+
|
167
|
+
# Reads either a :public or :private key from disk, uses an
|
168
|
+
# optional passphrase to read the private key
|
169
|
+
def read_key(type, key=nil, passphrase=nil)
|
170
|
+
return key if key.nil?
|
171
|
+
|
172
|
+
raise "Could not find key #{key}" unless File.exist?(key)
|
173
|
+
|
174
|
+
if type == :public
|
175
|
+
return OpenSSL::PKey::RSA.new(File.read(key))
|
176
|
+
elsif type == :private
|
177
|
+
return OpenSSL::PKey::RSA.new(File.read(key), passphrase)
|
178
|
+
else
|
179
|
+
raise "Can only load :public or :private keys"
|
180
|
+
end
|
181
|
+
end
|
182
|
+
|
183
|
+
end
|
metadata
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: Locksmith
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Dion Santana
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-07-02 00:00:00.000000000 Z
|
13
|
+
dependencies: []
|
14
|
+
description: SSL Based separation of duties 4 rails
|
15
|
+
email: dion.santana@gmail.com
|
16
|
+
executables: []
|
17
|
+
extensions: []
|
18
|
+
extra_rdoc_files: []
|
19
|
+
files:
|
20
|
+
- lib/hola.rb
|
21
|
+
- lib/ssl.rb
|
22
|
+
homepage: http://rubygems.org/gems/locksmith
|
23
|
+
licenses: []
|
24
|
+
post_install_message:
|
25
|
+
rdoc_options: []
|
26
|
+
require_paths:
|
27
|
+
- lib
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
29
|
+
none: false
|
30
|
+
requirements:
|
31
|
+
- - ! '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
35
|
+
none: false
|
36
|
+
requirements:
|
37
|
+
- - ! '>='
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
requirements: []
|
41
|
+
rubyforge_project:
|
42
|
+
rubygems_version: 1.8.24
|
43
|
+
signing_key:
|
44
|
+
specification_version: 3
|
45
|
+
summary: SSL SoD 4 rails
|
46
|
+
test_files: []
|