evp_bytes_to_key 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: bb6c3d29fea1e070a1fa7e82bdfc22d307d222e804e1139a6b58b77a86af5104
+  data.tar.gz: cac2ccad33d79e0d2eee561a574db37002466f003e110cee37de15c432a5cab4
+SHA512:
+  metadata.gz: ae248998f96ac0a2313eca5d77420b6675415acc685e5da17cac69582485f43a7fa020685d5d42160f9387d8267c19ef2641eb74ae2062f5a03a90d7b93ec3e8
+  data.tar.gz: 94c6277abed9b3be639e6cc948aa00f76188a402d2cb5a4fe65eb373b7003c7db3fdae6c3df2cb116012633754252608e94442bad4125809619e47d2c0a3a761

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+.DS_Store

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,53 @@
+AllCops:
+  TargetRubyVersion: 2.7
+  DisplayCopNames: true
+Style/HashSyntax:
+  Enabled: false
+Layout/LineLength:
+  Max: 140
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: true
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: true
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: true
+Lint/DuplicateElsifCondition:
+  Enabled: true
+Lint/MixedRegexpCaptureTypes:
+  Enabled: true
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+Style/AccessorGrouping:
+  Enabled: true
+Style/ArrayCoercion:
+  Enabled: true
+Style/BisectedAttrAccessor:
+  Enabled: true
+Style/CaseLikeIf:
+  Enabled: true
+Style/ExponentialNotation:
+  Enabled: true
+Style/HashAsLastArrayItem:
+  Enabled: true
+Style/HashEachMethods:
+  Enabled: true
+Style/HashLikeCase:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
+Style/RedundantAssignment:
+  Enabled: true
+Style/RedundantFetchBlock:
+  Enabled: true
+Style/RedundantFileExtensionInRequire:
+  Enabled: true
+Style/RedundantRegexpCharacterClass:
+  Enabled: true
+Style/RedundantRegexpEscape:
+  Enabled: true
+Style/SlicingWithRange:
+  Enabled: true

data/.travis.yml

@@ -0,0 +1,6 @@
+---
+language: ruby
+cache: bundler
+rvm:
+  - 2.7.0
+before_install: gem install bundler -v 2.1.2

data/CHANGELOG.md

@@ -0,0 +1,8 @@
+# CHANGELOG
+All notable changes to this project will be documented in this file.
+
+This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [0.1.0] - 2020-07-21
+### Added
+- Initial release

data/Gemfile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake', '~> 12.0'

data/Gemfile.lock

@@ -0,0 +1,63 @@
+PATH
+  remote: .
+  specs:
+    evp_bytes_to_key (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.1)
+    coderay (1.1.3)
+    diff-lcs (1.4.4)
+    method_source (1.0.0)
+    parallel (1.19.2)
+    parser (2.7.1.4)
+      ast (~> 2.4.1)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    rainbow (3.0.0)
+    rake (12.3.3)
+    regexp_parser (1.7.1)
+    rexml (3.2.4)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.3)
+    rubocop (0.88.0)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.1.0, < 1.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.1.0)
+      parser (>= 2.7.0.1)
+    ruby-progressbar (1.10.1)
+    unicode-display_width (1.7.0)
+    yard (0.9.25)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  evp_bytes_to_key!
+  pry (~> 0.13.1)
+  rake (~> 12.0)
+  rspec (~> 3.9.0)
+  rubocop (~> 0.88.0)
+  yard (~> 0.9.25)
+
+BUNDLED WITH
+   2.1.2

data/LICENSE.txt

@@ -0,0 +1,177 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS

data/README.md

@@ -0,0 +1,252 @@
+# EvpBytesToKey
+
+This gem is a pure Ruby implementation of OpenSSL's
+[`EVP_BytesToKey()`](https://www.openssl.org/docs/man1.0.2/man3/EVP_BytesToKey.html) function as it is used by
+the `openssl` command line utility. This function is used to generate a key and IV from a given password. (and
+optional salt)
+
+The purpose of this gem is to make it easier to encrypt or decrypt data that has been encrypted by `openssl`
+with a password on the command line by replicating the logic used to derive a key and IV from a given password.
+
+The [OpenSSL documentation](https://www.openssl.org/docs/man1.0.2/man3/EVP_BytesToKey.html) states:
+
+> Newer applications should use a more modern algorithm such as PBKDF2
+
+Therefore use of this key derivation function is at your own risk. It is provided here to make interoperation
+with Ruby more convenient.
+
+The is **not** a drop-in replacement for `EVP_BytesToKey()`. The [original
+function](https://github.com/openssl/openssl/blob/2e9d61ecd81a6a512a0700486ccc1b3784b4c969/crypto/evp/evp_key.c#L78-L154)
+supports specifying an algorithm (to determine key length and IV and IV length automatically), a message digest
+(so a digest other than MD5 can be used), and the number of rounds.
+
+This **is** a drop-in replacement for `EVP_BytesToKey()` as it is used by the `openssl` command line utility,
+that is, using MD5 with 1 round. However, the options passed to this method require some knowledge of the algorithm
+in use, e.g., `aes256` will use a 256-bit key and a 16-byte IV while `rc4-40` will use a 40-bit key
+and no IV. These are provided as arguments to `EvpBytesToKey::Key.new`.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'evp_bytes_to_key'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install evp_bytes_to_key
+
+## Requirements
+
+This gem requires Ruby 2.0.0 due to the format of its `gemspec` file but the `EvpBytesToKey` module has been tested to work in Ruby as low as 1.9.3.
+
+## Usage
+
+Require the gem first:
+
+```ruby
+require 'evp_bytes_to_key'
+```
+
+Set the arguments for key generation. All arguments are required.
+
+```ruby
+# must be a string and may be empty
+password = 'password'
+
+# must be nil or an eight-byte string
+salt = 'saltsalt'
+
+# must be a positive integer divisible by 8
+bits = 256
+
+# must be an integer >= 0
+iv_length = 16
+```
+
+Then use the `Key` class to get access to the key:
+
+```ruby
+key = EvpBytesToKey::Key.new(password, salt, bits, iv_length)
+=> #<EvpBytesToKey::Key:0x00007fe388095330
+ @bits=256,
+ @iv="\v\\\xA7\xB1\b\x1F\x94\xB1\xAC\x12\xE3\xC8\xBA\x87\xD0Z",
+ @iv_hex="0b5ca7b1081f94b1ac12e3c8ba87d05a",
+ @iv_length=16,
+ @key="\xFD\xBD\xF3A\x9F\xFF\x98\xBD\xB0$\x13\x90\xF6*\x9D\xB3_J\xBA)\xD7uf7y\x971N\xBF\xC7\t\xF2",
+ @key_hex="fdbdf3419fff98bdb0241390f62a9db35f4aba29d77566377997314ebfc709f2",
+ @password="password",
+ @salt="saltsalt">
+
+key.key_hex
+=> "fdbdf3419fff98bdb0241390f62a9db35f4aba29d77566377997314ebfc709f2"
+
+key.iv_hex
+=> "0b5ca7b1081f94b1ac12e3c8ba87d05a"
+
+key.key
+=> "\xFD\xBD\xF3A\x9F\xFF\x98\xBD\xB0$\x13\x90\xF6*\x9D\xB3_J\xBA)\xD7uf7y\x971N\xBF\xC7\t\xF2"
+
+key.iv
+=> "\v\\\xA7\xB1\b\x1F\x94\xB1\xAC\x12\xE3\xC8\xBA\x87\xD0Z"
+```
+
+These values can be compared to the values returned by the command line utility `openssl`:
+
+```bash
+echo -n "foo" | openssl enc -e -base64 -aes256 -S 73616c7473616c74 -pass pass:password -p
+
+salt=73616C7473616C74
+key=FDBDF3419FFF98BDB0241390F62A9DB35F4ABA29D77566377997314EBFC709F2
+iv =0B5CA7B1081F94B1AC12E3C8BA87D05A
+U2FsdGVkX19zYWx0c2FsdOnid6UWvFAXeeXIe+sL0l8=
+```
+
+Note that `openssl` requires the salt in hexadecimal format:
+
+```bash
+printf saltsalt | xxd
+00000000: 7361 6c74 7361 6c74                      saltsalt
+```
+
+### Examples
+
+#### `aes256` with a salt and IV
+
+Encrypt with `openssl`:
+
+```bash
+echo -n "foo" | openssl enc -e -base64 -aes256 -S 73616c7473616c74 -pass pass:password
+```
+
+This returns:
+
+    U2FsdGVkX19zYWx0c2FsdOnid6UWvFAXeeXIe+sL0l8=
+
+Decrypt with Ruby:
+
+```ruby
+require 'openssl'
+require 'base64'
+require 'evp_bytes_to_key'
+
+key = EvpBytesToKey::Key.new('password', 'saltsalt', 256, 16)
+decipher = OpenSSL::Cipher.new('aes256')
+decipher.decrypt
+decipher.key = key.key
+decipher.iv = key.iv
+ciphertext = Base64.strict_decode64('U2FsdGVkX19zYWx0c2FsdOnid6UWvFAXeeXIe+sL0l8=')
+ciphertext = ciphertext.byteslice(16..-1) if ciphertext.byteslice(0, 8) == 'Salted__'
+plaintext = decipher.update(ciphertext) + decipher.final
+```
+
+This returns:
+
+    "foo"
+
+Encrypt with Ruby:
+
+```
+require 'openssl'
+require 'base64'
+require 'evp_bytes_to_key'
+
+salt = 'saltsalt'
+key = EvpBytesToKey::Key.new('password', salt, 256, 16)
+cipher = OpenSSL::Cipher.new('aes256')
+cipher.encrypt
+cipher.key = key.key
+cipher.iv = key.iv
+ciphertext = cipher.update('foo') + cipher.final
+ciphertext = "Salted__#{salt}#{ciphertext}" if salt
+ciphertext = Base64.strict_encode64(ciphertext)
+```
+
+This returns:
+
+    "U2FsdGVkX19zYWx0c2FsdOnid6UWvFAXeeXIe+sL0l8="
+
+Decrypt with `openssl`:
+
+```bash
+echo -n "U2FsdGVkX19zYWx0c2FsdOnid6UWvFAXeeXIe+sL0l8=" | base64 --decode | openssl enc -d -aes256 -S 73616c7473616c74 -pass pass:password
+```
+
+This returns:
+
+    foo
+
+#### `rc4` with no salt and no IV
+
+Encrypt with `openssl`:
+
+```bash
+echo -n "foo" | openssl enc -e -base64 -rc4 -nosalt -pass pass:password
+```
+
+This returns:
+
+    jpdE
+
+Decrypt with Ruby:
+
+```ruby
+require 'openssl'
+require 'base64'
+require 'evp_bytes_to_key'
+
+key = EvpBytesToKey::Key.new('password', nil, 128, 0)
+decipher = OpenSSL::Cipher.new('rc4')
+decipher.decrypt
+decipher.key = key.key
+ciphertext = Base64.strict_decode64('jpdE')
+plaintext = decipher.update(ciphertext) + decipher.final
+```
+
+This returns:
+
+    "foo"
+
+Encrypt with Ruby:
+
+```
+require 'openssl'
+require 'base64'
+require 'evp_bytes_to_key'
+
+key = EvpBytesToKey::Key.new('password', nil, 128, 0)
+cipher = OpenSSL::Cipher.new('rc4')
+cipher.encrypt
+cipher.key = key.key
+ciphertext = cipher.update('foo') + cipher.final
+ciphertext = Base64.strict_encode64(ciphertext)
+```
+
+This returns:
+
+    "jpdE"
+
+Decrypt with `openssl`:
+
+```bash
+echo -n "jpdE" | base64 --decode | openssl enc -d -rc4 -nosalt -pass pass:password
+```
+
+This returns:
+
+    foo
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/anothermh/evp_bytes_to_key.

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'evp_bytes_to_key'
+require 'pry'
+
+Pry.start

data/bin/setup

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install

data/evp_bytes_to_key.gemspec

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require_relative 'lib/evp_bytes_to_key/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'evp_bytes_to_key'
+  spec.version       = EvpBytesToKey::VERSION
+  spec.authors       = ['anothermh']
+  spec.summary       = "A pure Ruby implementation of OpenSSL's EVP_BytesToKey() function"
+  spec.description   = 'The purpose of this gem is to make it easier to encrypt or decrypt data that has been encrypted by openssl'
+  spec.homepage      = 'https://github.com/anothermh/evp_bytes_to_key'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.0.0')
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+  spec.metadata['changelog_uri'] = "#{spec.homepage}/blob/master/CHANGELOG.md"
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'pry', '~> 0.13.1'
+  spec.add_development_dependency 'rspec', '~> 3.9.0'
+  spec.add_development_dependency 'rubocop', '~> 0.88.0'
+  spec.add_development_dependency 'yard', '~> 0.9.25'
+end

data/lib/evp_bytes_to_key.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'evp_bytes_to_key/version'
+require 'evp_bytes_to_key/error'
+require 'evp_bytes_to_key/key'
+
+# Parent module class for all classes in this gem
+module EvpBytesToKey
+end

data/lib/evp_bytes_to_key/error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module EvpBytesToKey
+  # Raised when arguments passed to initialize are invalid
+  class ArgumentError < ArgumentError; end
+end

data/lib/evp_bytes_to_key/key.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+require 'digest/md5'
+
+module EvpBytesToKey
+  # This class is used to generate a new encryption key (and iv, if applicable) from a password in a way that
+  # is compatible with how the openssl command line utility generates keys and ivs. It emulates the logic of
+  # EVP_KeyToBytes from OpenSSL but is not a direct drop-in replacement because it does not support options
+  # like the number of rounds to use or the message digest algorithm to use.
+  class Key
+    # @return [String] the key or iv value in the named format
+    attr_accessor :key, :key_hex, :iv, :iv_hex
+    private :key=, :key_hex=, :iv=, :iv_hex=
+
+    # Generate a key from a given password. This key is identical to the key generated
+    # by EVP_KeyToBytes() in the openssl command-line utility.
+    #
+    # @param password [String] the password used for key generation
+    # @param salt [String, nil] the salt used for key generation
+    # @param bits [Integer] the bit length of the key, must be divisible by 8
+    # @param iv_length [Integer] the byte length of the IV
+    #
+    # @return [EvpBytesToKey::Key]
+    def initialize(password = nil, salt = nil, bits = nil, iv_length = nil)
+      @password = validate_password(password)
+      @salt = validate_salt(salt)
+      @bits = validate_bits(bits)
+      @iv_length = validate_iv_length(iv_length)
+
+      generate_key!
+    end
+
+    private
+
+    # @param password [String] the password that should be used for key derivation
+    # @raise [EvpBytesToKey::ArgumentError]
+    # @return [String]
+    def validate_password(password)
+      raise EvpBytesToKey::ArgumentError, 'password must be a String' unless password.is_a?(String)
+
+      password
+    end
+
+    # @param salt [String] the salt to append to the password that should be used for key derivation
+    # @raise [EvpBytesToKey::ArgumentError]
+    # @return [String, nil]
+    def validate_salt(salt)
+      if salt
+        raise EvpBytesToKey::ArgumentError, 'salt must be an 8 byte String' unless salt.is_a?(String) && salt.bytesize == 8
+      end
+
+      salt
+    end
+
+    # @param bits [Integer] the size of the key that should be returned in bits
+    # @raise [EvpBytesToKey::ArgumentError]
+    # @return [Integer]
+    def validate_bits(bits)
+      unless bits.is_a?(Integer) && bits >= 0 && (bits % 8).zero?
+        raise EvpBytesToKey::ArgumentError, 'bits must be a non-negative Integer evenly divisible by 8'
+      end
+
+      bits
+    end
+
+    # @param iv_length [Integer] the size of the iv that should be returned in bytes
+    # @raise [EvpBytesToKey::ArgumentError]
+    # @return [Integer]
+    def validate_iv_length(iv_length)
+      unless iv_length.is_a?(Integer) && iv_length >= 0 && (iv_length % 2).zero?
+        raise EvpBytesToKey::ArgumentError, 'iv_length must be an even Integer >= 0'
+      end
+
+      iv_length
+    end
+
+    # Generate a key from the supplied arguments by iteratively hashing the values and adding them
+    # to bytes until bytes has been fully populated
+    #
+    # @return [void]
+    def generate_key!
+      key_length = @bits / 8
+      last_hash = ''
+      bytes = ''
+
+      # Each iteration hashes the previous hash + password + salt to get the new hash, which is
+      # appended to the list of all hashes until it has enough bytes to constitute both the key
+      # and the iv
+      loop do
+        last_hash = Digest::MD5.digest(last_hash + @password + @salt.to_s)
+        bytes += last_hash
+
+        break if bytes.bytesize >= key_length + @iv_length.to_i
+      end
+
+      set_key_and_iv(bytes, key_length)
+    end
+
+    # @param bytes [String] the byte string from which the key and iv are extracted
+    # @param key_length [Integer] the length of the key in bytes
+    # @return [void]
+    def set_key_and_iv(bytes, key_length)
+      self.key = bytes.byteslice(0..key_length - 1)
+      # rubocop:disable Style/UnpackFirst
+      self.key_hex = key.unpack('H*').first
+      # rubocop:enable Style/UnpackFirst
+
+      return unless bytes.bytesize > key_length
+
+      self.iv = bytes.byteslice(key_length..key_length + @iv_length - 1)
+      # rubocop:disable Style/UnpackFirst
+      self.iv_hex = iv.unpack('H*').first
+      # rubocop:enable Style/UnpackFirst
+    end
+  end
+end

data/lib/evp_bytes_to_key/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module EvpBytesToKey
+  # The current version of this gem
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: evp_bytes_to_key
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- anothermh
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-07-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.88.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.88.0
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.25
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.25
+description: The purpose of this gem is to make it easier to encrypt or decrypt data
+  that has been encrypted by openssl
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- evp_bytes_to_key.gemspec
+- lib/evp_bytes_to_key.rb
+- lib/evp_bytes_to_key/error.rb
+- lib/evp_bytes_to_key/key.rb
+- lib/evp_bytes_to_key/version.rb
+homepage: https://github.com/anothermh/evp_bytes_to_key
+licenses: []
+metadata:
+  homepage_uri: https://github.com/anothermh/evp_bytes_to_key
+  source_code_uri: https://github.com/anothermh/evp_bytes_to_key
+  changelog_uri: https://github.com/anothermh/evp_bytes_to_key/blob/master/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: A pure Ruby implementation of OpenSSL's EVP_BytesToKey() function
+test_files: []