easy-crypto 0.0.3 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +30 -6
- data/lib/easycrypto.rb +2 -0
- data/lib/easycrypto/crypto.rb +45 -0
- data/lib/easycrypto/key.rb +5 -1
- data/lib/easycrypto/version.rb +1 -1
- data/spec/easycrypto/crypto_spec.rb +69 -12
- data/spec/easycrypto/key_spec.rb +18 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: badbe38cfba80b77b62dd33031021281163ca05fb1a59965e5a3a0e9cffea971
|
|
4
|
+
data.tar.gz: a6c9097921116ce09bca54e24acd7394ec7311448d3918f6343234ac721e8008
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a56d205ecd4541735b72b040535d351c06710f745b30582ceed565452e52c33decc0be90db307a0d37cc83d77d0c1f4f2b98cdd86542f2c3dd8849df22a094c
|
|
7
|
+
data.tar.gz: 3ead7d75b180867defe24c13e200b385c7dd7abcda1b701a60595525d5360611ea00f9d6bb99a1c0f1ed47f3078f075dbaed8ad9453ddf56e09a5e44db35d3ad
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# EasyCrypto [](https://travis-ci.org/emartech/ruby-easy-crypto) [](https://badge.fury.io/rb/easy-crypto)
|
|
2
2
|
|
|
3
|
-
Provides simple wrappers around the openssl crypto implementation.
|
|
3
|
+
Provides simple wrappers around the openssl crypto implementation. The library provides two interfaces: simple and advanced. Simple mode is designed for ease-of-use and advanced mode provides some performance benefits in certain use-cases. See below for more details.
|
|
4
|
+
|
|
5
|
+
All the underlying crypto operations are the same.
|
|
4
6
|
|
|
5
7
|
## Installation
|
|
6
8
|
|
|
@@ -18,20 +20,42 @@ Or install it yourself as:
|
|
|
18
20
|
|
|
19
21
|
$ gem install easy-crypto
|
|
20
22
|
|
|
21
|
-
##
|
|
23
|
+
## Simple usage (Recommended)
|
|
24
|
+
|
|
25
|
+
```ruby
|
|
26
|
+
require 'easycrypto'
|
|
27
|
+
|
|
28
|
+
password = 'secret password'
|
|
29
|
+
plaintext = 'some data'
|
|
30
|
+
|
|
31
|
+
ecrypto = EasyCrypto::Crypto.new
|
|
32
|
+
|
|
33
|
+
encrypted = ecrypto.encrypt(password, plaintext)
|
|
34
|
+
decrypted = ecrypto.encrypt(password, encrypted)
|
|
35
|
+
|
|
36
|
+
decrypted == plaintext
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
## Advanced usage (Use for performance)
|
|
22
40
|
|
|
23
|
-
|
|
41
|
+
[Key derivation](https://en.wikipedia.org/wiki/Key_derivation_function) is a resource heavy process. The simple interface abstracts this away and forces you to recompute the key before each encryption/decryption process.
|
|
42
|
+
|
|
43
|
+
This interface allows you to cache the result of the key derivation. This is required if you need to encrypt/decrypt multiple times with the same derived key. Caching the key saves you the time to have to recompute it before every encryption/decryption.
|
|
24
44
|
|
|
25
45
|
```ruby
|
|
26
46
|
require 'easycrypto'
|
|
27
47
|
|
|
28
|
-
|
|
29
|
-
|
|
48
|
+
password = 'secret password'
|
|
49
|
+
plaintext = 'data to encrypt ...'
|
|
30
50
|
|
|
31
51
|
ecrypto = EasyCrypto::Crypto.new
|
|
32
52
|
|
|
33
53
|
key = EasyCrypto::Key.generate(key_password)
|
|
34
|
-
|
|
54
|
+
|
|
55
|
+
encrypted = ecrypto.encrypt_with_key(key, plaintext)
|
|
56
|
+
decrypted = ecrypto.decrypt_with_key(key, encrypted)
|
|
57
|
+
|
|
58
|
+
decrypted == plaintext
|
|
35
59
|
```
|
|
36
60
|
|
|
37
61
|
## License
|
data/lib/easycrypto.rb
CHANGED
data/lib/easycrypto/crypto.rb
CHANGED
|
@@ -7,6 +7,17 @@ module EasyCrypto
|
|
|
7
7
|
KEY_BITS = 256
|
|
8
8
|
AES_MODE = :GCM
|
|
9
9
|
IV_LEN = 12
|
|
10
|
+
AUTH_TAG_LEN = 16
|
|
11
|
+
|
|
12
|
+
def initialize(salt_length = DEFAULT_SALT_LENGTH)
|
|
13
|
+
@salt_length = salt_length
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def encrypt(password, plaintext)
|
|
17
|
+
key = EasyCrypto::Key.generate(password, @salt_length)
|
|
18
|
+
|
|
19
|
+
encrypt_with_key(key, plaintext)
|
|
20
|
+
end
|
|
10
21
|
|
|
11
22
|
def encrypt_with_key(key, plaintext)
|
|
12
23
|
validate_key_type(key)
|
|
@@ -20,6 +31,27 @@ module EasyCrypto
|
|
|
20
31
|
Base64.strict_encode64(key.salt + iv + encrypted + cipher.auth_tag)
|
|
21
32
|
end
|
|
22
33
|
|
|
34
|
+
def decrypt(password, ciphertext)
|
|
35
|
+
salt = get_salt_from_ciphertext(ciphertext)
|
|
36
|
+
key = EasyCrypto::Key.generate_with_salt(password, salt)
|
|
37
|
+
|
|
38
|
+
decrypt_with_key(key, ciphertext)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def decrypt_with_key(key, ciphertext)
|
|
42
|
+
validate_key_type(key)
|
|
43
|
+
|
|
44
|
+
raw_ciphertext = Base64.strict_decode64(ciphertext)
|
|
45
|
+
|
|
46
|
+
iv = raw_ciphertext[key.salt.length, IV_LEN]
|
|
47
|
+
encrypted = raw_ciphertext[(key.salt.length + IV_LEN)..-(AUTH_TAG_LEN + 1)]
|
|
48
|
+
auth_tag = raw_ciphertext[-AUTH_TAG_LEN..-1]
|
|
49
|
+
|
|
50
|
+
decipher = create_decipher(key, iv, auth_tag)
|
|
51
|
+
|
|
52
|
+
decipher.update(encrypted) + decipher.final
|
|
53
|
+
end
|
|
54
|
+
|
|
23
55
|
private
|
|
24
56
|
|
|
25
57
|
def validate_key_type(key)
|
|
@@ -37,5 +69,18 @@ module EasyCrypto
|
|
|
37
69
|
cipher.iv = iv
|
|
38
70
|
cipher
|
|
39
71
|
end
|
|
72
|
+
|
|
73
|
+
def create_decipher(key, iv, auth_tag)
|
|
74
|
+
decipher = OpenSSL::Cipher::AES.new(Crypto::KEY_BITS, Crypto::AES_MODE).decrypt
|
|
75
|
+
decipher.key = key.key
|
|
76
|
+
decipher.iv = iv
|
|
77
|
+
decipher.auth_tag = auth_tag
|
|
78
|
+
decipher
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def get_salt_from_ciphertext(ciphertext)
|
|
82
|
+
raw_ciphertext = Base64.strict_decode64(ciphertext)
|
|
83
|
+
raw_ciphertext[0, @salt_length]
|
|
84
|
+
end
|
|
40
85
|
end
|
|
41
86
|
end
|
data/lib/easycrypto/key.rb
CHANGED
|
@@ -7,7 +7,6 @@ module EasyCrypto
|
|
|
7
7
|
ITERATION_COUNT = 10_000
|
|
8
8
|
KEY_LENGTH = 32
|
|
9
9
|
HASH_ALGO = 'sha256'
|
|
10
|
-
DEFAULT_SALT_LENGTH = 12
|
|
11
10
|
|
|
12
11
|
attr_reader :key, :salt
|
|
13
12
|
|
|
@@ -18,6 +17,11 @@ module EasyCrypto
|
|
|
18
17
|
|
|
19
18
|
def self.generate(password, salt_length = DEFAULT_SALT_LENGTH)
|
|
20
19
|
salt = OpenSSL::Random.random_bytes(salt_length)
|
|
20
|
+
|
|
21
|
+
generate_with_salt(password, salt)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def self.generate_with_salt(password, salt)
|
|
21
25
|
key = OpenSSL::KDF.pbkdf2_hmac(
|
|
22
26
|
password,
|
|
23
27
|
salt: salt,
|
data/lib/easycrypto/version.rb
CHANGED
|
@@ -1,32 +1,89 @@
|
|
|
1
1
|
require 'easycrypto'
|
|
2
2
|
|
|
3
3
|
RSpec.describe EasyCrypto::Crypto do
|
|
4
|
+
let(:salt) { 'aaaaaaaaaaaa' }
|
|
5
|
+
let(:iv) { 'bbbbbbbbbbbb' }
|
|
6
|
+
let(:password) { 'some password' }
|
|
7
|
+
let(:data) { 'some data' }
|
|
8
|
+
let(:key) { EasyCrypto::Key.generate_with_salt(password, salt) }
|
|
9
|
+
|
|
4
10
|
it 'has a version number' do
|
|
5
11
|
expect(EasyCrypto::VERSION).not_to be nil
|
|
6
12
|
end
|
|
7
13
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
+
it 'can encrypt and decrypt data' do
|
|
15
|
+
ciphertext = subject.encrypt(password, data)
|
|
16
|
+
plaintext = subject.decrypt(password, ciphertext)
|
|
17
|
+
|
|
18
|
+
expect(plaintext).to eq data
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it 'can encrypt and decrypt data with given key' do
|
|
22
|
+
key = EasyCrypto::Key.generate(password)
|
|
23
|
+
|
|
24
|
+
ciphertext = subject.encrypt_with_key(key, data)
|
|
25
|
+
plaintext = subject.decrypt_with_key(key, ciphertext)
|
|
26
|
+
|
|
27
|
+
expect(plaintext).to eq data
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
describe '#encrypt' do
|
|
31
|
+
before do
|
|
32
|
+
allow(OpenSSL::Random).to receive(:random_bytes).and_return(iv)
|
|
33
|
+
allow(EasyCrypto::Key).to receive(:generate).and_return(key)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
it 'can encrypt data' do
|
|
37
|
+
result = subject.encrypt(password, data)
|
|
38
|
+
raw_result = Base64.strict_decode64(result)
|
|
39
|
+
|
|
40
|
+
expect(raw_result[0,12]).to eq salt
|
|
41
|
+
expect(raw_result[12,12]).to eq iv
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
describe '#encrypt_with_key' do
|
|
46
|
+
before do
|
|
47
|
+
allow(OpenSSL::Random).to receive(:random_bytes).and_return(iv)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
it 'returns encrypted text as a single line' do
|
|
51
|
+
ciphertext = subject.encrypt_with_key(key, data)
|
|
52
|
+
|
|
53
|
+
expect(ciphertext).not_to include("\n")
|
|
14
54
|
end
|
|
15
55
|
|
|
16
56
|
it 'raise error if the encryptable data is not a string' do
|
|
17
|
-
ecrypto = EasyCrypto::Crypto.new
|
|
18
|
-
key = EasyCrypto::Key.generate('key password', 12)
|
|
19
57
|
expect{
|
|
20
|
-
|
|
58
|
+
subject.encrypt_with_key(key, 1234)
|
|
21
59
|
}.to raise_error(TypeError, 'Encryptable data must be a string')
|
|
22
60
|
end
|
|
23
61
|
|
|
24
62
|
it 'raise error if the encryptable data is empty' do
|
|
25
|
-
ecrypto = EasyCrypto::Crypto.new
|
|
26
|
-
key = EasyCrypto::Key.generate('key password', 12)
|
|
27
63
|
expect{
|
|
28
|
-
|
|
64
|
+
subject.encrypt_with_key(key, '')
|
|
29
65
|
}.to raise_error(ArgumentError, 'Encryptable data must not be empty')
|
|
30
66
|
end
|
|
67
|
+
|
|
68
|
+
it 'can encrypt data with given key' do
|
|
69
|
+
expected_ciphertext = 'YWFhYWFhYWFhYWFhYmJiYmJiYmJiYmJifAUY9TEdvoOQ79sxKd3zv1dT67K1GM36mQ=='
|
|
70
|
+
expect(subject.encrypt_with_key(key, data)).to eq expected_ciphertext
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
describe '#decrypt' do
|
|
75
|
+
it 'can decrypt encrypted data' do
|
|
76
|
+
ciphertext = 'FPXj2e2DZrFYRVUhqoBWXhVVVGUO2ZJgayU2F1f6duLtBjYOINvAZPWIXjIVHHslgg=='
|
|
77
|
+
|
|
78
|
+
expect(subject.decrypt(password, ciphertext)).to eq data
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
describe '#decrypt_with_key' do
|
|
83
|
+
it 'can decrypt encrypted data' do
|
|
84
|
+
ciphertext = 'YWFhYWFhYWFhYWFhzs8I/ks+nAy2V+Q7xIrJAnOHefyfO4zYwwmz1F2y1mf1wfXDqA=='
|
|
85
|
+
|
|
86
|
+
expect(subject.decrypt_with_key(key, ciphertext)).to eq data
|
|
87
|
+
end
|
|
31
88
|
end
|
|
32
89
|
end
|
data/spec/easycrypto/key_spec.rb
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
require 'easycrypto'
|
|
2
2
|
|
|
3
3
|
RSpec.describe EasyCrypto::Key do
|
|
4
|
-
|
|
5
|
-
context 'generate' do
|
|
4
|
+
describe '#generate' do
|
|
6
5
|
it 'returns key with a salt of the specified length' do
|
|
7
6
|
key = EasyCrypto::Key.generate('key password', 24)
|
|
8
7
|
|
|
@@ -15,4 +14,21 @@ RSpec.describe EasyCrypto::Key do
|
|
|
15
14
|
expect(key.salt.length).to be 12
|
|
16
15
|
end
|
|
17
16
|
end
|
|
17
|
+
|
|
18
|
+
describe '#generate_with_salt' do
|
|
19
|
+
let(:salt) { 'aaaaaaaaaaaa' }
|
|
20
|
+
|
|
21
|
+
it 'generates key with the given salt' do
|
|
22
|
+
key = EasyCrypto::Key.generate_with_salt('key password', salt)
|
|
23
|
+
|
|
24
|
+
expect(key.salt).to eq salt
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it 'generates the same key with the same password and salt' do
|
|
28
|
+
key_1 = EasyCrypto::Key.generate_with_salt('key password', salt)
|
|
29
|
+
key_2 = EasyCrypto::Key.generate_with_salt('key password', salt)
|
|
30
|
+
|
|
31
|
+
expect(key_1.key).to eq key_2.key
|
|
32
|
+
end
|
|
33
|
+
end
|
|
18
34
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: easy-crypto
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Emarsys Security
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-06-
|
|
11
|
+
date: 2018-06-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|