age.rb 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6135f621a6b58de2582dea23188562bc6c5203c5218ebf4ac52fa034c743680f
+  data.tar.gz: 0a0fb8788f8aee9f39fa25dc74f9fb907ae2e4e1d213bdd47b28b0cba4b44c30
+SHA512:
+  metadata.gz: 4458de0a38dcdb52bba5ee03a31ba873f867fa731df40c94d780f510a712f217c8d5a413f7cb78796fb24e1d6873d325164fb5756a716d4dc01004f127f8302c
+  data.tar.gz: d4435de3d279c8bb24c38635237e3627e1b6eb7b4c9f471e0ce3e37cd9d50d5ab45a9af8f29fecb674deeab0c33b1d736db86195c3cdafcc8d314f6dcaa316df

data/ext/Makefile

@@ -0,0 +1,22 @@
+.PHONY: all
+all: vet fmt lint build
+
+.PHONY: vet
+vet:
+	go vet ./...
+
+.PHONY: fmt
+fmt:
+	go fmt ./...
+
+.PHONY: lint
+lint:
+	golangci-lint run ./...
+
+.PHONY: build
+build:
+	go build -o ../age.so -buildmode=c-shared age.go
+
+.PHONY: clean
+clean:
+	rm -f ../age.so ../age.h

data/ext/age.go

@@ -0,0 +1,232 @@
+package main
+
+/*
+#include <stdlib.h>
+
+typedef struct {
+	char* data;
+	int length;
+} AgeInput;
+
+typedef struct {
+	char** data;
+	int* length;
+} AgeOutput;
+
+typedef struct {
+	char** pubkey;
+	char** privkey;
+} AgeKeyPair;
+*/
+import "C"
+
+import (
+	"bytes"
+	"io"
+	"strings"
+	"unsafe"
+
+	"filippo.io/age"
+	"filippo.io/age/agessh"
+	"filippo.io/age/armor"
+)
+
+func __performEncryption(input *C.AgeInput, output *C.AgeOutput, armored C.int, recipients ...age.Recipient) *C.char {
+	var buffer bytes.Buffer
+	var writer io.Writer = &buffer
+	var armorWriter io.WriteCloser
+
+	if armored != 0 {
+		armorWriter = armor.NewWriter(writer)
+		writer = armorWriter
+	}
+
+	encryptor, err := age.Encrypt(writer, recipients...)
+	if err != nil {
+		return C.CString("Error during encryption setup: " + err.Error())
+	}
+
+	plainBytes := C.GoBytes(unsafe.Pointer(input.data), C.int(input.length))
+	if _, err := encryptor.Write(plainBytes); err != nil {
+		return C.CString("Error during encryption: " + err.Error())
+	}
+
+	if err := encryptor.Close(); err != nil {
+		return C.CString("Error closing encryption stream: " + err.Error())
+	}
+
+	if armorWriter != nil {
+		if err := armorWriter.Close(); err != nil {
+			return C.CString("Error closing armor writer: " + err.Error())
+		}
+	}
+
+	bytes := buffer.Bytes()
+	*output.length = C.int(len(bytes))
+	*output.data = (*C.char)(C.CBytes(bytes))
+
+	return nil
+}
+
+func __performDecryption(input *C.AgeInput, output *C.AgeOutput, armored C.int, identities ...age.Identity) *C.char {
+	encryptedBytes := C.GoBytes(unsafe.Pointer(input.data), C.int(input.length))
+	var reader io.Reader = bytes.NewReader(encryptedBytes)
+
+	if armored != 0 {
+		reader = armor.NewReader(reader)
+	}
+
+	decryptor, err := age.Decrypt(reader, identities...)
+	if err != nil {
+		return C.CString("Error during decryption setup: " + err.Error())
+	}
+
+	var buffer bytes.Buffer
+	if _, err = buffer.ReadFrom(decryptor); err != nil {
+		return C.CString("Error during decryption: " + err.Error())
+	}
+
+	plainBytes := buffer.Bytes()
+	*output.length = C.int(len(plainBytes))
+	*output.data = (*C.char)(C.CBytes(plainBytes))
+
+	return nil
+}
+
+//export encrypt
+func encrypt(pubKeyStrs *C.char, input *C.AgeInput, output *C.AgeOutput, armored C.int) *C.char {
+	pubKeyStrList := strings.Split(C.GoString(pubKeyStrs), ",")
+	recipients := []age.Recipient{}
+
+	for _, pubKeyStr := range pubKeyStrList {
+		var pubKey age.Recipient
+		var err error
+
+		if strings.HasPrefix(pubKeyStr, "age1pq1") {
+			pubKey, err = age.ParseHybridRecipient(pubKeyStr)
+			if err != nil {
+				return C.CString("Error parsing hybrid public key: " + err.Error())
+			}
+		} else {
+			pubKey, err = age.ParseX25519Recipient(pubKeyStr)
+			if err != nil {
+				return C.CString("Error parsing public key: " + err.Error())
+			}
+		}
+		recipients = append(recipients, pubKey)
+	}
+
+	return __performEncryption(input, output, armored, recipients...)
+}
+
+//export decrypt
+func decrypt(privKeyStrs *C.char, input *C.AgeInput, output *C.AgeOutput, armored C.int) *C.char {
+	privKeyStrList := strings.Split(C.GoString(privKeyStrs), ",")
+	identities := []age.Identity{}
+
+	for _, privKeyStr := range privKeyStrList {
+		var privKey age.Identity
+		var err error
+
+		if strings.HasPrefix(privKeyStr, "AGE-SECRET-KEY-PQ") {
+			privKey, err = age.ParseHybridIdentity(privKeyStr)
+			if err != nil {
+				return C.CString("Error parsing hybrid private key: " + err.Error())
+			}
+		} else {
+			privKey, err = age.ParseX25519Identity(privKeyStr)
+			if err != nil {
+				return C.CString("Error parsing private key: " + err.Error())
+			}
+		}
+		identities = append(identities, privKey)
+	}
+
+	return __performDecryption(input, output, armored, identities...)
+}
+
+//export generate_keypair
+func generate_keypair(keypair *C.AgeKeyPair, pq C.int) *C.char {
+	var pubKey string
+	var privKey string
+
+	if pq != 0 {
+		identity, err := age.GenerateHybridIdentity()
+		if err != nil {
+			return C.CString("Error generating hybrid keypair: " + err.Error())
+		}
+		pubKey = identity.Recipient().String()
+		privKey = identity.String()
+	} else {
+		identity, err := age.GenerateX25519Identity()
+		if err != nil {
+			return C.CString("Error generating keypair: " + err.Error())
+		}
+		pubKey = identity.Recipient().String()
+		privKey = identity.String()
+	}
+
+	*keypair.pubkey = C.CString(pubKey)
+	*keypair.privkey = C.CString(privKey)
+
+	return nil
+}
+
+//export encrypt_with_passphrase
+func encrypt_with_passphrase(passphrase *C.char, input *C.AgeInput, output *C.AgeOutput, armored C.int) *C.char {
+	recipient, err := age.NewScryptRecipient(C.GoString(passphrase))
+	if err != nil {
+		return C.CString("Error creating scrypt recipient: " + err.Error())
+	}
+
+	return __performEncryption(input, output, armored, recipient)
+}
+
+//export decrypt_with_passphrase
+func decrypt_with_passphrase(passphrase *C.char, input *C.AgeInput, output *C.AgeOutput, armored C.int) *C.char {
+	identity, err := age.NewScryptIdentity(C.GoString(passphrase))
+	if err != nil {
+		return C.CString("Error creating scrypt identity: " + err.Error())
+	}
+
+	return __performDecryption(input, output, armored, identity)
+}
+
+//export encrypt_with_ssh_keys
+func encrypt_with_ssh_keys(sshPubKeyStrs *C.char, input *C.AgeInput, output *C.AgeOutput, armored C.int) *C.char {
+	sshPubKeyStrList := strings.Split(C.GoString(sshPubKeyStrs), ",")
+	recipients := []age.Recipient{}
+
+	for _, sshPubKeyStr := range sshPubKeyStrList {
+		recipient, err := agessh.ParseRecipient(sshPubKeyStr)
+		if err != nil {
+			return C.CString("Error parsing SSH public key: " + err.Error())
+		}
+		recipients = append(recipients, recipient)
+	}
+
+	return __performEncryption(input, output, armored, recipients...)
+}
+
+//export decrypt_with_ssh_keys
+func decrypt_with_ssh_keys(sshPrivKeyStrs *C.char, input *C.AgeInput, output *C.AgeOutput, armored C.int) *C.char {
+	sshPrivKeyStrList := strings.Split(C.GoString(sshPrivKeyStrs), ",")
+	identities := []age.Identity{}
+
+	for _, sshPrivKeyStr := range sshPrivKeyStrList {
+		identity, err := agessh.ParseIdentity([]byte(sshPrivKeyStr))
+		if err != nil {
+			return C.CString("Error parsing SSH private key: " + err.Error())
+		}
+		identities = append(identities, identity)
+	}
+
+	return __performDecryption(input, output, armored, identities...)
+}
+
+//export free_memory
+func free_memory(ptr *C.char) {
+	C.free(unsafe.Pointer(ptr))
+}
+
+func main() {}

data/ext/extconf.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'mkmf'
+
+# Check if Go is installed
+go_bin = find_executable('go')
+abort 'Go is required to build this gem. Please install Go from https://golang.org/dl/' unless go_bin
+
+# Build the CGO shared library
+puts 'Building CGO shared library...'
+Dir.chdir(__dir__) do
+  abort 'age.go not found in ext directory. The gem source files may be corrupted.' unless File.exist?('age.go')
+
+  output_path = File.join('..', 'age.so')
+  unless system(go_bin, 'build', '-o', output_path, '-buildmode=c-shared', 'age.go')
+    abort 'Failed to build CGO shared library. Ensure Go is properly installed and dependencies are available.'
+  end
+end
+
+# Create a dummy Makefile since we've already built the library
+File.write('Makefile', <<~MAKEFILE)
+  .PHONY: install clean
+
+  install:
+  \t@echo "Shared library already built"
+
+  clean:
+  \t@echo "Nothing to clean"
+MAKEFILE

data/ext/go.mod

@@ -0,0 +1,12 @@
+module github.com/tschaefer/ruby-age
+
+go 1.25.3
+
+require filippo.io/age v1.3.1
+
+require (
+	filippo.io/edwards25519 v1.1.0 // indirect
+	filippo.io/hpke v0.4.0 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+)

data/ext/go.sum

@@ -0,0 +1,14 @@
+c2sp.org/CCTV/age v0.0.0-20251208015420-e9274a7bdbfd h1:ZLsPO6WdZ5zatV4UfVpr7oAwLGRZ+sebTUruuM4Ra3M=
+c2sp.org/CCTV/age v0.0.0-20251208015420-e9274a7bdbfd/go.mod h1:SrHC2C7r5GkDk8R+NFVzYy/sdj0Ypg9htaPXQq5Cqeo=
+filippo.io/age v1.3.1 h1:hbzdQOJkuaMEpRCLSN1/C5DX74RPcNCk6oqhKMXmZi0=
+filippo.io/age v1.3.1/go.mod h1:EZorDTYUxt836i3zdori5IJX/v2Lj6kWFU0cfh6C0D4=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/hpke v0.4.0 h1:p575VVQ6ted4pL+it6M00V/f2qTZITO0zgmdKCkd5+A=
+filippo.io/hpke v0.4.0/go.mod h1:EmAN849/P3qdeK+PCMkDpDm83vRHM5cDipBJ8xbQLVY=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=

data/lib/age/bindings.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'ffi'
+
+module Age
+  ##
+  # FFI bindings for the age cgo library.
+  module Bindings
+    extend FFI::Library
+
+    ffi_lib File.expand_path('../../age.so', __dir__)
+
+    ##
+    # Struct for input data to encryption/decryption functions.
+    class AgeInput < FFI::Struct
+      layout :data, :pointer,
+             :length, :int
+    end
+
+    ##
+    # Struct for output data from encryption/decryption functions.
+    class AgeOutput < FFI::Struct
+      layout :data, :pointer,
+             :length, :pointer
+    end
+
+    ##
+    # Struct for age key pairs.
+    class AgeKeyPair < FFI::Struct
+      layout :public_key, :pointer,
+             :private_key, :pointer
+    end
+
+    attach_function :encrypt, [:string, AgeInput.by_ref, AgeOutput.by_ref, :int], :pointer
+    attach_function :decrypt, [:string, AgeInput.by_ref, AgeOutput.by_ref, :int], :pointer
+    attach_function :encrypt_with_passphrase, [:string, AgeInput.by_ref, AgeOutput.by_ref, :int], :pointer
+    attach_function :decrypt_with_passphrase, [:string, AgeInput.by_ref, AgeOutput.by_ref, :int], :pointer
+    attach_function :encrypt_with_ssh_keys, [:string, AgeInput.by_ref, AgeOutput.by_ref, :int], :pointer
+    attach_function :decrypt_with_ssh_keys, [:string, AgeInput.by_ref, AgeOutput.by_ref, :int], :pointer
+    attach_function :generate_keypair, [AgeKeyPair.by_ref, :int], :pointer
+    attach_function :free_memory, [:pointer], :void
+  end
+end

data/lib/age/errors.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Age
+  ##
+  # Custom error class for encryption errors.
+  class EncryptionError < StandardError
+    ##
+    # @return [String, nil] reason for the encryption error
+    attr_reader :reason
+
+    def initialize(reason = nil)
+      @reason = reason
+      super('Encryption failed.')
+    end
+  end
+
+  ##
+  # Custom error class for decryption errors.
+  class DecryptionError < StandardError
+    ##
+    # @return [String, nil] reason for the decryption error
+    attr_reader :reason
+
+    def initialize(reason = nil)
+      @reason = reason
+      super('Decryption failed.')
+    end
+  end
+
+  ##
+  # Custom error class for generate key pair errors.
+  class GenerateKeyPairError < StandardError
+    ##
+    # @return [String, nil] reason for the key pair generation error
+    attr_reader :reason
+
+    def initialize(reason = nil)
+      @reason = reason
+      super('Generation key pair failed.')
+    end
+  end
+end

data/lib/age/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Age
+  VERSION = '0.1.0'
+end

data/lib/age.rb

@@ -0,0 +1,370 @@
+# frozen_string_literal: true
+
+require 'ffi'
+
+require 'age/bindings'
+require 'age/errors'
+require 'age/version'
+
+##
+# Ruby bindings for [age](https://github.com/FiloSottile/age) using a CGO shared
+# library with FFI bindings.
+#
+# Age is a simple, modern, and secure file encryption tool, format, and Go
+# library. This gem provides a Ruby interface to age's encryption and decryption
+# capabilities.
+#
+# Features:
+#
+# - Encrypt and decrypt data using age public/private key pairs
+# - Encrypt and decrypt files directly
+# - Generate age keypairs programmatically
+# - Multiple recipients support for encryption
+# - ASCII armor format support for text-safe encrypted output
+# - FFI-based integration with Go's age implementation
+# - Binary data handling with proper encoding
+module Age
+  class << self
+    ##
+    # Encrypts plain data using the provided age public keys.
+    #
+    # @param pubkeys [Array<String>] List of age public keys.
+    # @param plain [Bytes] Plain data to encrypt.
+    # @param armor [Boolean] Whether to armor the output.
+    #
+    # @return [Bytes] Encrypted data.
+    def encrypt(pubkeys, plain, armor: false)
+      pubkeys = pubkeys.join(',') if pubkeys.is_a?(Array)
+      perform_encryption(plain) do |input, output|
+        Age::Bindings.encrypt(pubkeys, input, output, armor ? 1 : 0)
+      end
+    end
+
+    ## Encrypts plain data using the provided passphrase.
+    #
+    # @param passphrase [String] Passphrase to use for encryption.
+    # @param plain [Bytes] Plain data to encrypt.
+    # @param armor [Boolean] Whether to armor the output.
+    #
+    # @return [Bytes] Encrypted data.
+    def encrypt_with_passphrase(passphrase, plain, armor: false)
+      perform_encryption(plain) do |input, output|
+        Age::Bindings.encrypt_with_passphrase(passphrase, input, output, armor ? 1 : 0)
+      end
+    end
+
+    ##
+    # Encrypts plain data using the provided SSH public keys.
+    #
+    # @param ssh_pubkeys [Array<String>] List of SSH public keys (ssh-rsa, ssh-ed25519).
+    # @param plain [Bytes] Plain data to encrypt.
+    # @param armor [Boolean] Whether to armor the output.
+    #
+    # @return [Bytes] Encrypted data.
+    def encrypt_with_ssh_keys(ssh_pubkeys, plain, armor: false)
+      ssh_pubkeys = ssh_pubkeys.join(',') if ssh_pubkeys.is_a?(Array)
+      perform_encryption(plain) do |input, output|
+        Age::Bindings.encrypt_with_ssh_keys(ssh_pubkeys, input, output, armor ? 1 : 0)
+      end
+    end
+
+    ##
+    # Decrypts encrypted data using the provided age private keys.
+    #
+    # @param privkeys [Array<String>] List of age private keys.
+    # @param encrypted [Bytes] Encrypted data to decrypt.
+    # @param armor [Boolean] Whether the input is armored.
+    #
+    # @return [Bytes] Decrypted plain data.
+    def decrypt(privkeys, encrypted, armor: false)
+      privkeys = privkeys.join(',') if privkeys.is_a?(Array)
+      perform_decryption(encrypted) do |input, output|
+        Age::Bindings.decrypt(privkeys, input, output, armor ? 1 : 0)
+      end
+    end
+
+    ##
+    # Decrypts encrypted data using the provided passphrase.
+    #
+    # @param passphrase [String] Passphrase to use for decryption.
+    # @param encrypted [Bytes] Encrypted data to decrypt.
+    # @param armor [Boolean] Whether the input is armored.
+    #
+    # @return [Bytes] Decrypted plain data.
+    def decrypt_with_passphrase(passphrase, encrypted, armor: false)
+      perform_decryption(encrypted) do |input, output|
+        Age::Bindings.decrypt_with_passphrase(passphrase, input, output, armor ? 1 : 0)
+      end
+    end
+
+    ##
+    # Decrypts encrypted data using the provided SSH private keys.
+    #
+    # @param ssh_privkeys [Array<String>] List of SSH private keys (ssh-rsa, ssh-ed25519).
+    # @param encrypted [Bytes] Encrypted data to decrypt.
+    # @param armor [Boolean] Whether the input is armored.
+    #
+    # @return [Bytes] Decrypted plain data.
+    def decrypt_with_ssh_keys(ssh_privkeys, encrypted, armor: false)
+      ssh_privkeys = ssh_privkeys.join(',') if ssh_privkeys.is_a?(Array)
+      perform_decryption(encrypted) do |input, output|
+        Age::Bindings.decrypt_with_ssh_keys(ssh_privkeys, input, output, armor ? 1 : 0)
+      end
+    end
+
+    ## Encrypts a file using the provided age public keys.
+    #
+    # @param pubkeys [Array<String>] List of age public keys.
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path. If nil, appends `.age` to infile.
+    # @param armor [Boolean] Whether to armor the output.
+    #
+    # @return [void]
+    def encrypt_file(pubkeys, infile, outfile = nil, armor: false)
+      perform_file_encryption(infile, outfile) do |plain|
+        encrypt(pubkeys, plain, armor:)
+      end
+    end
+
+    ##
+    # Encrypts a file using the provided passphrase.
+    #
+    # @param passphrase [String] Passphrase to use for encryption.
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path. If nil, appends `.age` to infile.
+    # @param armor [Boolean] Whether to armor the output.
+    #
+    # @return [void]
+    def encrypt_file_with_passphrase(passphrase, infile, outfile = nil, armor: false)
+      perform_file_encryption(infile, outfile) do |plain|
+        encrypt_with_passphrase(passphrase, plain, armor:)
+      end
+    end
+
+    ##
+    # Encrypts a file using the provided SSH public keys.
+    #
+    # @param ssh_pubkeys [Array<String>] List of SSH public keys (ssh-rsa, ssh-ed25519).
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path. If nil, appends `.age` to infile.
+    # @param armor [Boolean] Whether to armor the output.
+    #
+    # @return [void]
+    def encrypt_file_with_ssh_keys(ssh_pubkeys, infile, outfile = nil, armor: false)
+      perform_file_encryption(infile, outfile) do |plain|
+        encrypt_with_ssh_keys(ssh_pubkeys, plain, armor:)
+      end
+    end
+
+    ## Decrypts a file using the provided age private keys.
+    #
+    # @param privkeys [Array<String>] List of age private keys.
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path. If nil, removes `.age` from infile.
+    #
+    # @return [void]
+    def decrypt_file(privkeys, infile, outfile = nil)
+      perform_file_decryption(infile, outfile) do |encrypted, armor|
+        decrypt(privkeys, encrypted, armor:)
+      end
+    end
+
+    ##
+    # Decrypts a file using the provided passphrase.
+    #
+    # @param passphrase [String] Passphrase to use for decryption.
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path. If nil, removes `.age` from infile.
+    #
+    # @return [void]
+    def decrypt_file_with_passphrase(passphrase, infile, outfile = nil)
+      perform_file_decryption(infile, outfile) do |encrypted, armor|
+        decrypt_with_passphrase(passphrase, encrypted, armor:)
+      end
+    end
+
+    ##
+    # Decrypts a file using the provided SSH private keys.
+    #
+    # @param ssh_privkeys [Array<String>] List of SSH private keys (ssh-rsa, ssh-ed25519).
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path. If nil, removes `.age` from infile.
+    #
+    # @return [void]
+    def decrypt_file_with_ssh_keys(ssh_privkeys, infile, outfile = nil)
+      perform_file_decryption(infile, outfile) do |encrypted, armor|
+        decrypt_with_ssh_keys(ssh_privkeys, encrypted, armor:)
+      end
+    end
+
+    ##
+    # Generates a new age key pair.
+    #
+    # @param postquantum [Boolean] Whether to generate a post-quantum key pair.
+    #
+    # @return [Hash{Symbol => String}] A hash containing :public_key and :private_key.
+    def generate_keypair(postquantum: false)
+      pubkey_ptr = FFI::MemoryPointer.new(:pointer)
+      privkey_ptr = FFI::MemoryPointer.new(:pointer)
+      keypair = Age::Bindings::AgeKeyPair.new
+      keypair[:public_key] = pubkey_ptr
+      keypair[:private_key] = privkey_ptr
+
+      err_ptr = Age::Bindings.generate_keypair(keypair, postquantum ? 1 : 0)
+      unless err_ptr.null?
+        err_msg = read_string_from_pointer(err_ptr)
+        raise GenerateKeyPairError, err_msg
+      end
+
+      pubkey = read_string_from_pointer(pubkey_ptr.read_pointer)
+      privkey = read_string_from_pointer(privkey_ptr.read_pointer)
+
+      { public_key: pubkey, private_key: privkey }
+    end
+
+    ##
+    # Performs encryption operation with common FFI setup.
+    #
+    # @param plain [Bytes] Plain data to encrypt.
+    # @yield [input, output] Block that performs the actual encryption call.
+    #
+    # @return [Bytes] Encrypted data.
+    def perform_encryption(plain)
+      plain = plain.b if plain.respond_to?(:b)
+
+      plain_ptr = FFI::MemoryPointer.new(:char, plain.bytesize)
+      plain_ptr.put_bytes(0, plain)
+
+      input = Age::Bindings::AgeInput.new
+      input[:data] = plain_ptr
+      input[:length] = plain.bytesize
+
+      encrypted_ptr = FFI::MemoryPointer.new(:pointer)
+      encrypted_len_ptr = FFI::MemoryPointer.new(:int)
+
+      output = Age::Bindings::AgeOutput.new
+      output[:data] = encrypted_ptr
+      output[:length] = encrypted_len_ptr
+
+      err_ptr = yield(input, output)
+      unless err_ptr.null?
+        err_msg = read_string_from_pointer(err_ptr)
+        raise EncryptionError, err_msg
+      end
+
+      bytes = read_bytes_from_pointer(encrypted_ptr.read_pointer, encrypted_len_ptr.read_int)
+      bytes.force_encoding('BINARY')
+    end
+
+    ##
+    # Performs decryption operation with common FFI setup.
+    #
+    # @param encrypted [Bytes] Encrypted data to decrypt.
+    # @yield [input, output] Block that performs the actual decryption call.
+    #
+    # @return [Bytes] Decrypted plain data.
+    def perform_decryption(encrypted)
+      encrypted = encrypted.b if encrypted.respond_to?(:b)
+
+      encrypted_ptr = FFI::MemoryPointer.new(:char, encrypted.bytesize)
+      encrypted_ptr.put_bytes(0, encrypted)
+
+      input = Age::Bindings::AgeInput.new
+      input[:data] = encrypted_ptr
+      input[:length] = encrypted.bytesize
+
+      plain_ptr = FFI::MemoryPointer.new(:pointer)
+      plain_len_ptr = FFI::MemoryPointer.new(:int)
+
+      output = Age::Bindings::AgeOutput.new
+      output[:data] = plain_ptr
+      output[:length] = plain_len_ptr
+
+      err_ptr = yield(input, output)
+      unless err_ptr.null?
+        err_msg = read_string_from_pointer(err_ptr)
+        raise DecryptionError, err_msg
+      end
+
+      bytes = read_bytes_from_pointer(plain_ptr.read_pointer, plain_len_ptr.read_int)
+      bytes.force_encoding('BINARY')
+    end
+
+    ##
+    # Performs file encryption with common file handling.
+    #
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path.
+    # @yield [plain] Block that performs the actual encryption.
+    #
+    # @return [void]
+    def perform_file_encryption(infile, outfile)
+      outfile ||= "#{infile}.age"
+      plain = File.binread(infile)
+      encrypted = yield(plain)
+      File.binwrite(outfile, encrypted)
+    end
+
+    ##
+    # Performs file decryption with common file handling and armor detection.
+    #
+    # @param infile [String] Input file path.
+    # @param outfile [String, nil] Output file path.
+    # @yield [encrypted, armor] Block that performs the actual decryption.
+    #
+    # @return [void]
+    def perform_file_decryption(infile, outfile)
+      outfile ||= File.basename(infile, '.*')
+      encrypted = File.binread(infile)
+      armor = detect_armor_format?(encrypted)
+      plain = yield(encrypted, armor)
+      File.binwrite(outfile, plain)
+    end
+
+    ##
+    # Detects if the encrypted data is in armor format.
+    #
+    # @param encrypted [String] Encrypted data.
+    #
+    # @return [Boolean] True if armored, false otherwise.
+    def detect_armor_format?(encrypted)
+      encrypted.start_with?('-----BEGIN AGE ENCRYPTED FILE-----') &&
+        encrypted.end_with?("-----END AGE ENCRYPTED FILE-----\n")
+    end
+
+    ##
+    # Reads a string from a pointer and frees the memory.
+    #
+    # @param ptr [FFI::Pointer] Pointer to the string.
+    #
+    # @return [String, nil] The string read from the pointer, or nil.
+    def read_string_from_pointer(ptr)
+      return nil if ptr.null?
+
+      str = ptr.read_string
+      Age::Bindings.free_memory(ptr)
+
+      str
+    end
+
+    ##
+    # Reads bytes from a pointer and frees the memory.
+    #
+    # @param ptr [FFI::Pointer] Pointer to the bytes.
+    # @param length [Integer] Length of the bytes to read.
+    #
+    # @return [String, nil] The bytes read from the pointer, or nil.
+    def read_bytes_from_pointer(ptr, length)
+      return nil if ptr.null? || length.zero?
+
+      bytes = ptr.read_bytes(length)
+      Age::Bindings.free_memory(ptr)
+
+      bytes
+    end
+
+    private :perform_encryption, :perform_decryption, :perform_file_encryption,
+            :perform_file_decryption, :detect_armor_format?,
+            :read_string_from_pointer, :read_bytes_from_pointer
+  end
+end

metadata

@@ -0,0 +1,69 @@
+--- !ruby/object:Gem::Specification
+name: age.rb
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tobias Schäfer
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+description: 'age.rb: Ruby bindings for age
+
+  '
+email:
+- github@blackox.org
+executables: []
+extensions:
+- ext/extconf.rb
+extra_rdoc_files: []
+files:
+- ext/Makefile
+- ext/age.go
+- ext/extconf.rb
+- ext/go.mod
+- ext/go.sum
+- lib/age.rb
+- lib/age/bindings.rb
+- lib/age/errors.rb
+- lib/age/version.rb
+homepage: https://github.com/tschaefer/age.rb
+licenses:
+- BSD-3-Clause
+metadata:
+  rubygems_mfa_required: 'true'
+  source_code_uri: https://github.com/tschaefer/age.rb
+  bug_tracker_uri: https://github.com/tschaefer/age.rb/issues
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.2.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.3
+specification_version: 4
+summary: 'age.rb: Ruby bindings for age'
+test_files: []