ccrypto-ruby 0.1.0 → 0.1.2

data/lib/ccrypto/ruby/engines/cipher_engine.rb

@@ -11,73 +11,194 @@ module Ccrypto
 
       teLogger_tag :r_cipher_eng
 
+      NotAbleToFigureOutOnOpenSSLv2 = [
+        "aes-128-cbc-hmac-sha1",
+        "aes-256-cbc-hmac-sha1",
+        "aes-128-cbc-hmac-sha256",
+        "aes-256-cbc-hmac-sha256",
+        "aes-128-ccm",
+        "aes-192-ccm",
+        "aes-256-ccm",
+        "aria-128-ccm",
+        "aria-192-ccm",
+        "aria-256-ccm",
+        "rc4-hmac-md5"
+      ]
+
+      #CherryPick = [
+      #  "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
+      #  "aes-128-gcm", "aes-192-gcm", "aes-256-gcm",
+      #  "aria-128-cbc","aria-192-cbc", "aria-256-cbc",
+      #  "aria-128-gcm","aria-192-gcm", "aria-256-gcm",
+      #  "camellia-128-cbc","camellia-192-cbc", "camellia-256-cbc",
+      #  "camellia-128-ctr","camellia-192-ctr", "camellia-256-ctr",
+      #  "chacha20-poly1305"
+      #]
+
       def self.supported_ciphers
         if @sCipher.nil?
-          @sCipher = OpenSSL::Cipher.ciphers
+          @sCipherStr = []
+          @sCipher = []
+
+          OpenSSL::Cipher.ciphers.each do |c|
+            
+            teLogger.debug "found cipher : #{c}"
+            next if c =~ /^id-\w*/ 
+            teLogger.debug "loading cipher : #{c}"
+
+            if OpenSSL::VERSION < "3.0.0" and NotAbleToFigureOutOnOpenSSLv2.include?(c)
+              teLogger.debug "Running on OpenSSL < v3. Skipping cipher #{c}"
+              next
+            end
+
+            begin
+              co = OpenSSL::Cipher.new(c)
+              #teLogger.debug "Algo #{c} : authenticated? #{co.authenticated?}"
+              #p co.methods.sort
+              cc = c.split("-")
+              @sCipherStr << c
+              
+              algo = cc.first
+              exclusion = ["chacha20","sm4"]
+              # to find string like aes128, aes256 from openssl
+              if not exclusion.include?(algo) and (algo =~ /[0-9]/) != nil
+                # match the one before the numbers
+                algo = $` 
+              end
+
+              native = { algo_str: c }
+              keysize = co.key_len*8
+              opts = { keysize: keysize, ivLength: co.iv_len, authMode: co.authenticated? }
+
+              if c.downcase =~ /\w*(gcm|ecb|cbc|cfb|cfb1|cfb8|ofb|ctr|ccm|xts|wrap|poly1305)/
+                teLogger.debug "Mode extraction : #{$&} / #{$'}"
+                # after the match
+                if not_empty?($')
+                  opts[:mode] = "#{$&}#{$'}"
+                else
+                  # the match
+                  opts[:mode] = $&.downcase
+                end
+              else
+                # no mode defined. Seems defaulted to cbc according to document
+                if co.authenticated?
+                  opts[:mode] = "gcm"
+                else
+                  opts[:mode] = "cbc"
+                end
+              end
+
+              teLogger.debug "Mode : #{opts[:mode]}"
+              if opts[:mode] == :xts.to_s
+                opts[:min_input_length] = 16
+              elsif opts[:mode] == "cbc-hmac-sha1"
+                opts[:min_input_length] = 16
+                opts[:mandatory_block_size] = 16
+              elsif opts[:mode] == "cbc-hmac-sha256"
+                opts[:min_input_length] = 32
+                opts[:mandatory_block_size] = 32
+              elsif opts[:mode] == "wrap"
+                case algo
+                when "aes"
+                  case keysize
+                  when 128
+                    opts[:min_input_length] = 16
+                    opts[:mandatory_block_size] = 8
+                  when 192
+                    opts[:min_input_length] = 24
+                    opts[:mandatory_block_size] = 8
+                  when 256
+                    opts[:min_input_length] = 32
+                    opts[:mandatory_block_size] = 8
+                  end
+                when "des3", "des"
+                  opts[:min_input_length] = 8
+                  opts[:mandatory_block_size] = 8
+                end
+              end
+
+              conf = Ccrypto::CipherConfig.new(algo, opts)
+              conf.native_config = native
+
+              Ccrypto::SupportedCipherList.instance.register(conf)
+
+              @sCipher << conf
+            rescue OpenSSL::Cipher::CipherError => ex
+              teLogger.debug "Algo '#{c}' hit error : #{ex.message}"
+            end
+          end
         end
 
         @sCipher
 
       end
 
+      def self.get_cipher(algo, keysize = nil, mode = nil)
+        supported_ciphers if Ccrypto::SupportedCipherList.instance.algo_count == 0
+
+        if is_empty?(algo)
+          []
+        elsif is_empty?(keysize) and is_empty?(mode)
+          teLogger.debug "get_cipher algo #{algo} only"
+          Ccrypto::SupportedCipherList.instance.find_algo(algo)
+        elsif is_empty?(mode) and not_empty?(keysize)
+          teLogger.debug "get_cipher algo #{algo} keysize #{keysize}"
+          Ccrypto::SupportedCipherList.instance.find_algo_keysize(algo, keysize)
+        elsif not_empty?(mode) and is_empty?(keysize)
+          teLogger.debug "get_cipher algo #{algo} mode #{mode}"
+          Ccrypto::SupportedCipherList.instance.find_algo_mode(algo, mode)
+        elsif not_empty?(keysize) and not_empty?(mode)
+          teLogger.debug "get_cipher #{algo}/#{keysize}/#{mode}"
+          Ccrypto::SupportedCipherList.instance.find_algo_keysize_mode(algo, keysize, mode)
+        end
+      end
+      class << self
+        alias_method :get_cipher_config, :get_cipher
+      end
+
+      def self.supported_cipher_list
+        supported_ciphers if Ccrypto::SupportedCipherList.instance.algo_count == 0
+        Ccrypto::SupportedCipherList.instance
+      end
+
       def self.is_supported_cipher?(c)
         case c
         when String
-          supported_ciphers.include?(c)  
-        when Hash
-          spec = to_openssl_spec(c)
-          begin
-            OpenSSL::Cipher.new(spec)
-            true
-          rescue Exception => ex
+          supported_ciphers if @sCipherStr.nil?
+
+          if not @sCipherStr.nil?
+            @sCipherStr.include?(C)
+          else
             false
           end
+        when Ccrypto::CipherConfig
+          @sCipher.include?(c)
         else
           raise Ccrypto::CipherEngineException, "Unsupported input #{c} to check supported cipher"
         end
       end
 
       def self.to_openssl_spec(spec)
-        res = []
 
-        teLogger.debug "to_openssl_spec #{spec}"
-        case spec.algo
-        when :blowfish
-          res << "bf"
+        case spec
+        when Ccrypto::CipherConfig
+          spec.native_config[:algo_str]
+          #@sCipher[spec]
         else
-          res << spec.algo
+          raise Ccrypto::Error, "Unknown spec #{spec.inspect}"
         end
 
-        res << spec.keysize if not_empty?(spec.keysize) and spec.keysize.to_i > 0 and not spec.is_algo?(:chacha20) and not spec.is_algo?(:seed) and not spec.is_algo?(:sm4) and not spec.is_algo?(:blowfish)
-
-        res << spec.mode 
-
-        teLogger.debug "to_openssl_spec #{res}"
-
-        res.join("-")
-        
-      end
+      end # self.to_openssl_spec(spec)
 
       def initialize(*args, &block)
+
         @spec = args.first
 
-        #teLogger = TteLogger.new
-        teLogger.debug "Cipher spec : #{@spec}"
+        raise Ccrypto::CipherEngineException, "Not supported cipher spec #{@spec.class}" if not @spec.is_a?(Ccrypto::CipherConfig)
 
-        begin
-          case @spec
-          #when String
-          #  @cipher = OpenSSL::Cipher.new(@spec)
-          when Ccrypto::CipherEngineConfig
-            @cipher = OpenSSL::Cipher.new(@spec.provider_config)
-          when Ccrypto::DirectCipherConfig
-            @cipher = OpenSSL::Cipher.new(self.class.to_openssl_spec(@spec))
-          else
-            raise Ccrypto::CipherEngineException, "Not supported cipher init type #{@spec.class}"
-          end
-        rescue OpenSSL::Cipher::CipherError, RuntimeError => ex
-          raise Ccrypto::CipherEngineException, ex
-        end
+        teLogger.debug "Cipher spec : #{@spec} (Native algo : #{@spec.native_config[:algo_str]})"
+
+        @cipher = OpenSSL::Cipher.new(@spec.native_config[:algo_str])
 
         case @spec.cipherOps
         when :encrypt, :enc
@@ -94,11 +215,11 @@ module Ccrypto
         if @spec.has_iv?
           teLogger.debug "IV from spec"
           @cipher.iv = @spec.iv
-          teLogger.debug "IV : #{to_hex(@spec.iv)}"
+          teLogger.debug "IV : #{to_hex(@spec.iv)} / #{@spec.iv.length}"
         else
           teLogger.debug "Generate random IV"
           @spec.iv = @cipher.random_iv
-          teLogger.debug "IV : #{to_hex(@spec.iv)}"
+          teLogger.debug "IV : #{to_hex(@spec.iv)} / #{@spec.iv.length}"
         end
 
 
@@ -118,25 +239,50 @@ module Ccrypto
         end
 
 
-        if @spec.is_mode?(:gcm)
-
-          if not_empty?(@spec.auth_data) 
-            teLogger.debug "Setting auth data"
+        if @spec.is_mode?(:ccm)
+          #if not_empty?(@spec.auth_data)
+            if @spec.is_encrypt_cipher_mode?
+              teLogger.debug "Setting ccm plaintext data length (ccm mode) [#{@spec.plaintext_length}]"
+              @cipher.ccm_data_len = @spec.plaintext_length
+              teLogger.debug "Setting auth data (ccm mode)"
+              @cipher.auth_data = @spec.auth_data.nil? ? "" : @spec.auth_data
+              teLogger.debug "Setting auth tag len (ccm mode)"
+              @cipher.auth_tag_len = 12
+            elsif @spec.is_decrypt_cipher_mode?
+              teLogger.debug "Setting ccm cipher data length (ccm mode) #{@spec.ciphertext_length}"
+              @cipher.ccm_data_len = @spec.ciphertext_length
+              teLogger.debug "Setting auth data (ccm mode)"
+              @cipher.auth_data = @spec.auth_data.nil? ? "" : @spec.auth_data
+              teLogger.debug "Setting auth tag (ccm mode)"
+              @cipher.auth_tag = @spec.auth_tag
+            end
+          #end
+
+
+        elsif @spec.is_auth_mode_cipher?
+
+          if not_empty?(@spec.auth_data) and not ((@spec.is_mode?("cbc-hmac-sha1") or @spec.is_mode?("cbc-hmac-sha256")))
+            teLogger.debug "Setting auth data (generic mode)"
             @cipher.auth_data = @spec.auth_data
-          end
 
-          if not_empty?(@spec.auth_tag) 
-            raise CipherEngineException, "Tag length of 16 bytes is expected" if @spec.auth_tag.bytesize != 16
-            teLogger.debug "Setting auth tag"
-            @cipher.auth_tag = @spec.auth_tag
+            if @spec.is_decrypt_cipher_mode?
+              teLogger.debug "Setting auth tag (generic mode)"
+              raise CipherEngineException, "Tag length of 16 bytes is expected" if @spec.auth_tag.bytesize != 16 and @spec.is_mode?(:gcm)
+              @cipher.auth_tag = @spec.auth_tag
+            end
           end
 
         end
 
-      end
+
+      end # initialize 
 
       def update(val)
-        @cipher.update(val) 
+        if not_empty?(val)
+          res = @cipher.update(val) 
+          teLogger.debug "(update) Written #{val.length} bytes"
+          res
+        end
       end
 
       def final(val = nil)
@@ -145,17 +291,22 @@ module Ccrypto
         begin
 
           if not_empty?(val)
-            res << @cipher.update(val)
+            teLogger.debug "(final) Written #{val.length} bytes"
+            res << @cipher.update(val) 
           end
 
           res << @cipher.final
+          teLogger.debug "(final) cipher finalized"
 
         rescue Exception => ex
+          teLogger.error self
+          teLogger.error ex.backtrace.join("\n")
           raise CipherEngineException, ex
         end
 
-        if @spec.is_mode?(:gcm) and @spec.is_encrypt_cipher_mode?
-          @spec.auth_tag = @cipher.auth_tag 
+        #if @spec.is_mode?(:gcm)
+        if @spec.is_auth_mode_cipher? and @spec.is_encrypt_cipher_mode?
+          @spec.auth_tag = @cipher.auth_tag
         end
 
         res.join
@@ -165,6 +316,14 @@ module Ccrypto
         @cipher.reset
       end
 
+      def method_missing(mtd, *args, &block)
+        if not @cipher.nil?
+          @cipher.send(mtd, *args, &block)
+        else
+          super
+        end
+      end
+
     end
   end
 end

data/lib/ccrypto/ruby/engines/digest_engine.rb

@@ -27,9 +27,10 @@ module Ccrypto
         Ccrypto::SHAKE256.provider_info("shake256"),
         Ccrypto::BLAKE2b512.provider_info("BLAKE2b512"),
         Ccrypto::BLAKE2s256.provider_info("BLAKE2s256"),
-        Ccrypto::SM3.provider_info("SM3"),
-        Ccrypto::RIPEMD160.provider_info("RIPEMD160"),
-        Ccrypto::WHIRLPOOL.provider_info("whirlpool")
+        Ccrypto::SM3.provider_info("SM3")
+        # deprecated starting OpenSSL v3.0
+        #Ccrypto::RIPEMD160.provider_info("RIPEMD160"),
+        #Ccrypto::WHIRLPOOL.provider_info("whirlpool")
       ]
 
 
@@ -38,14 +39,21 @@ module Ccrypto
       end
 
       def self.is_supported?(eng)
-        res = supported.include?(eng)
-        begin
-          res = digest(eng) if not res
-        rescue DigestEngineException => ex
-          res = false
+
+        case eng
+        when Ccrypto::DigestConfig
+          SupportedDigest.include?(eng) 
+        when String, Symbol
+          if eng.is_a?(Symbol)
+            engineKeys.include?(eng)
+          else
+            e = eng.gsub("-","_")
+            engineKeys.include?(e.to_sym)
+          end
+        else
+          raise DigestEngineException, "Unknown engine '#{eng}'"
         end
 
-        res
       end
 
       def self.instance(*args, &block)
@@ -59,16 +67,30 @@ module Ccrypto
       end
 
       def self.digest(key)
-        
-        res = engineKeys[key]
-        if is_empty?(res)
-          teLogger.debug "No digest available for #{key}"
-          raise DigestEngineException, "Not supported digest engine #{key}"
+
+        case key
+        when Ccrypto::DigestConfig
+          DigestEngine.new(OpenSSL::Digest.new(key.provider_config))
+        when String, Symbol
+          if key.is_a?(Symbol)
+            res = engineKeys[key]
+          else
+            k = key.gsub("-","_")
+            res = engineKeys[k.to_sym]
+          end
+
+          if is_empty?(res)
+            teLogger.debug "No digest available for #{key}"
+            raise DigestEngineException, "Not supported digest engine #{key}"
+          else
+            teLogger.debug "Found digest #{key.to_sym}"
+            DigestEngine.new(OpenSSL::Digest.new(res.provider_config))
+          end
+
         else
-          teLogger.debug "Found digest #{key.to_sym}"
-          DigestEngine.new(OpenSSL::Digest.new(res.provider_config))
+          raise DigestEngineException, "Not supported digest engine #{key}"
         end
-
+        
       end
 
       def self.engineKeys

data/lib/ccrypto/ruby/engines/ecc_engine.rb

@@ -1,5 +1,7 @@
 
 require 'openssl'
+if OpenSSL::VERSION < "3.0.0"
+
 module PKeyPatch
   def to_pem; public_key.to_pem end
   def to_der; public_key.to_der end
@@ -13,20 +15,51 @@ module PKeyPatch
 end
 OpenSSL::PKey::EC::Point.prepend PKeyPatch
 
+end
+
 require_relative '../keybundle_store/pkcs12'
 require_relative '../keybundle_store/pem_store'
+require_relative '../ecc_const'
 
 module Ccrypto
   module Ruby
 
     class ECCPublicKey < Ccrypto::ECCPublicKey
-      
+
       def to_bin
-        @native_pubKey.to_der
+        if OpenSSL::VERSION < "3.0.0"
+          @native_pubKey.to_der
+        else
+          const = ECCConst[@native_pubKey.group.curve_name]
+          # At 01 April 2023
+          # at Ruby 3.2.1/OpenSSL gem 3.1.0/OpenSSL 3.0.2
+          # The gem has bug that the encoding is incorrect
+          OpenSSL::ASN1::Sequence.new([
+            OpenSSL::ASN1::ObjectId.new("2.8.8.128.0"),
+            OpenSSL::ASN1::Integer.new(0x0100),
+            OpenSSL::ASN1::Integer.new(const),
+            OpenSSL::ASN1::BitString.new(@native_pubKey.to_bn)
+          ]).to_der
+        end
       end
 
       def self.to_key(bin)
-        ek = OpenSSL::PKey::EC.new(bin)
+        if OpenSSL::VERSION > "3.0.0"
+          ek = OpenSSL::PKey::EC.new(bin)
+        else
+          seq = OpenSSL::ASN1Object.decode(bin).value
+          envp = ASN1Object.decode(seq[0]).value
+          raise KeypairEngineException, "Not ECC public key" if envp != "2.8.8.8.128.0"
+          ver = ASN1Object.decode(seq[1]).value
+          raise KeypairEngineException, "Unsupported version" if ver != 0x0100
+          cv = ASN1Object.decode(seq[2]).value
+          curve = ECCConst.invert[cv]
+          raise KeypairEngineException, "Unknown curve '#{curve}'" if curve.nil?
+          kv = ASN1Object.decode(seq[3]).value
+
+          ek = OpenSSL::PKey::EC::Point.new(OpenSSL::PKey::EC::Group.new(curve), kv)
+        end
+
         ECCPublicKey.new(ek)
       end
 
@@ -49,7 +82,11 @@ module Ccrypto
 
       def public_key
         if @pubKey.nil?
-          @pubKey = ECCPublicKey.new(@nativeKeypair.public_key)
+          #if OpenSSL::VERSION < "3.0.0"
+            @pubKey = ECCPublicKey.new(@nativeKeypair.public_key)
+          #else
+          #  @pubKey = ECCPublicKey.new(@nativeKeypair.public_key.to_bn)
+          #end
         end
         @pubKey
       end
@@ -65,12 +102,21 @@ module Ccrypto
           tkey = pubKey
         when Ccrypto::ECCPublicKey
           tkey = pubKey.native_pubKey
-          tkey = tkey.public_key if not tkey.is_a?(OpenSSL::PKey::EC::Point)
+          if OpenSSL::VERSION < "3.0.0"
+            tkey = tkey.public_key if not tkey.is_a?(OpenSSL::PKey::EC::Point)
+          else
+            tkey = OpenSSL::PKey::EC.new(tkey)
+          end
         else
           raise KeypairEngineException, "Unknown public key type #{pubKey.class}" 
         end
 
-        raise KeypairEngineException, "OpenSSL::PKey::EC::Point is required. Given #{tkey.inspect}" if not tkey.is_a?(OpenSSL::PKey::EC::Point)
+        if OpenSSL::VERSION < "3.0.0"
+          raise KeypairEngineException, "OpenSSL::PKey::EC::Point is required. Given #{tkey.inspect}" if not tkey.is_a?(OpenSSL::PKey::EC::Point)
+        else
+          raise KeypairEngineException, "OpenSSL::PKey::EC is required. Given #{tkey.inspect}" if not tkey.is_a?(OpenSSL::PKey::EC)
+        end
+
         @nativeKeypair.dh_compute_key(tkey) 
       end
 
@@ -171,9 +217,24 @@ module Ccrypto
 
       teLogger_tag :r_ecc
 
+      NotAbleToFigureOutOnOpenSSLv2 = [
+        "Oakley-EC2N-3",
+        "Oakley-EC2N-4"
+      ]
+
       def self.supported_curves
         if @curves.nil?
-          @curves = OpenSSL::PKey::EC.builtin_curves.map { |c| Ccrypto::ECCConfig.new(c[0]) }
+          @curves = []
+          OpenSSL::PKey::EC.builtin_curves.sort.map { |c| 
+            
+            next if c[0] =~ /^wap/ or NotAbleToFigureOutOnOpenSSLv2.include?(c[0])
+
+            if c[0] == "prime256v1"
+              @curves << Ccrypto::ECCConfig.new(c[0], Ccrypto::KeypairConfig::Algo_Active, true) 
+            else
+              @curves << Ccrypto::ECCConfig.new(c[0]) 
+            end
+          }
         end
         @curves
       end
@@ -203,14 +264,28 @@ module Ccrypto
       end
 
       def self.verify(pubKey, val, sign)
-        uPubKey = pubKey.native_pubKey
-        if pubKey.native_pubKey.is_a?(OpenSSL::PKey::EC::Point)
-          uPubKey = OpenSSL::PKey::EC.new(uPubKey.group)
-          uPubKey.public_key = pubKey.native_pubKey
-        end
+        if OpenSSL::VERSION > "3.0.0"
+          p pubKey.native_pubKey
+          p pubKey.native_pubKey.methods.sort
+          uPubKey = pubKey.native_pubKey
+          if uPubKey.is_a?(OpenSSL::PKey::EC::Point)
+            res = uPubKey.dsa_verify_asn1(val, sign)
+            res
+          else
+            raise KeypairEngineException, "Unsupported public key type '#{uPubKey.class}'"
+          end
 
-        res = uPubKey.dsa_verify_asn1(val, sign)
-        res
+        else
+          # OpenSSL v2 - Ruby 2.x
+          uPubKey = pubKey.native_pubKey
+          if pubKey.native_pubKey.is_a?(OpenSSL::PKey::EC::Point)
+            uPubKey = OpenSSL::PKey::EC.new(uPubKey.group)
+            uPubKey.public_key = pubKey.native_pubKey
+          end
+
+          res = uPubKey.dsa_verify_asn1(val, sign)
+          res
+        end
       end
 
     end

data/lib/ccrypto/ruby/engines/ed25519_engine.rb

@@ -0,0 +1,84 @@
+
+require 'ed25519'
+
+module Ccrypto
+  module Ruby
+   
+    class ED25519Exception < StandardError; end
+
+    class ED25519PublicKey < Ccrypto::ED25519PublicKey
+
+    end
+
+    class ED25519KeyBundle
+      include Ccrypto::ED25519KeyBundle
+
+      include TR::CondUtils
+
+      include TeLogger::TeLogHelper
+      teLogger_tag :ed25519_kb
+
+      def initialize(kp)
+        @nativeKeypair = kp
+      end
+
+      def public_key
+        if @pubKey.nil?
+          @pubKey = ED25519PublicKey.new(@nativeKeypair.verify_key)
+        end
+        @pubKey
+      end
+
+      def private_key
+        ED25519PrivateKey.new(@nativeKeypair)
+      end
+
+    end # ED25519KeyBundle
+
+    class ED25519Engine
+      include TeLogger::TeLogHelper
+      teLogger_tag :ed25519_eng
+
+      def initialize(*args, &block)
+        @config = args.first 
+        teLogger.debug "Config : #{@config}"
+      end
+
+      def generate_keypair(&block)
+        teLogger.debug "Generating ED25519 keypair"
+        ED25519KeyBundle.new(Ed25519::SigningKey.generate)
+      end
+
+      def sign(val)
+         
+        raise KeypairEngineException, "Keypair is required" if @config.keypair.nil?
+        raise KeypairEngineException, "ED25519 keypair is required" if not @config.keypair.is_a?(ED25519KeyBundle)
+
+        kp = @config.keypair
+
+        res = kp.nativeKeypair.sign(val)
+        teLogger.debug "Data of length #{val.length} signed using ED25519"
+
+        res
+
+      end
+
+      def self.verify(pubKey, val, sign)
+        case pubKey
+        when Ccrypto::ED25519PublicKey
+          uPubKey = pubKey
+        else
+          raise KeypairEngineException, "Unsupported public key '#{pubKey.class}' for ED25519 operation"
+        end
+
+        begin
+          uPubKey.verify(sign, val)
+        rescue Ed25519::VerifyError => ex
+          false
+        end
+      end
+
+    end
+
+  end
+end

data/lib/ccrypto/ruby/engines/pkcs7_engine.rb

@@ -136,6 +136,7 @@ module Ccrypto
 
         cipher = "AES-256-CBC" if is_empty?(cipher)
 
+        teLogger.debug "Setting P7 encryption cipher #{cipher}"
         cip = OpenSSL::Cipher.new(cipher)
 
         begin