fast-aes 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +128 -0
- data/Rakefile +8 -0
- data/ext/fast_aes.c +20 -4
- data/spec/fast_aes_spec.rb +1 -0
- data/spec/spec_helper.rb +75 -0
- metadata +31 -44
- data/README.rdoc +0 -113
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: ce9431b455072259499c70fc70e332eb875d7c6f
|
4
|
+
data.tar.gz: 46506253d61cc6bb077a9d8f99196c412f8be968
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: f49c22bd080b343cad1459e9cb211915d0d3ccaf517209fd8cfd13f942b7f8be3e5702cf7fcb22152b68c75d7f9e9dcc40c2e5dedc51dca3290e8dc54a04702a
|
7
|
+
data.tar.gz: 96e7bff7d5a967ac76ea52fb6420dba805b1067bc7c85166984540d125adfcd8c8a1e4c1dbc3f94ed792e4e267753b0fc7b2f86750806670c5ef69fba875e162
|
data/README.md
ADDED
@@ -0,0 +1,128 @@
|
|
1
|
+
# FastAES - Simple but LOW security AES gem
|
2
|
+
|
3
|
+
**This gem is a relic from 5 years ago, when libraries such as OpenSSL did not work correctly with Ruby.**
|
4
|
+
**Use in new projects is strongly discouraged. The core Ruby OpenSSL library is faster and more secure.**
|
5
|
+
|
6
|
+
## Replacement Code
|
7
|
+
|
8
|
+
Refer to the [Ruby OpenSSL documentation](http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL.html)
|
9
|
+
for details on how to leverage AES in Ruby:
|
10
|
+
|
11
|
+
cipher = OpenSSL::Cipher.new 'AES-128-CBC'
|
12
|
+
cipher.encrypt
|
13
|
+
iv = cipher.random_iv
|
14
|
+
|
15
|
+
pwd = 'some hopefully not too guessable password'
|
16
|
+
salt = OpenSSL::Random.random_bytes 16
|
17
|
+
iter = 20000
|
18
|
+
key_len = cipher.key_len
|
19
|
+
digest = OpenSSL::Digest::SHA256.new
|
20
|
+
|
21
|
+
key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest)
|
22
|
+
cipher.key = key
|
23
|
+
|
24
|
+
# Now encrypt the data:
|
25
|
+
encrypted = cipher.update document
|
26
|
+
encrypted << cipher.final
|
27
|
+
|
28
|
+
As mentioned, alot has changed in the **5+ years** since this gem was written. Please do not use it anymore.
|
29
|
+
|
30
|
+
### Security Notice
|
31
|
+
|
32
|
+
A while back a [github issue](https://github.com/nateware/fast-aes/issues/2) was filed highlighting
|
33
|
+
that this gem supports ECB and not the (significantly) more secure CBC method. You can read more details
|
34
|
+
on [Wikipedia's ECB writeup](http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29).
|
35
|
+
|
36
|
+
From the article:
|
37
|
+
|
38
|
+
> The disadvantage [of ECB] is that identical plaintext blocks are encrypted into
|
39
|
+
> identical ciphertext blocks; thus, it does not hide data patterns well. In some senses,
|
40
|
+
> it doesn't provide serious message confidentiality, and it is not recommended for use in
|
41
|
+
> cryptographic protocols at all.
|
42
|
+
|
43
|
+
If you're concerned about security, you need take responsibility for verifying whether this
|
44
|
+
gem meets your requirements. It probably does not.
|
45
|
+
|
46
|
+
## Original Intro
|
47
|
+
|
48
|
+
This is a simple implementation of AES (the US government's Advanced Encryption Standard,
|
49
|
+
aka "Rijndael"), written in C for speed. You can read more on the
|
50
|
+
[Wikipedia AES Page](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
|
51
|
+
The algorithm itself was extracted from work by Christophe Devine for the open source Netcat clone
|
52
|
+
[sbd](http://www.cycom.se/dl/sbd).
|
53
|
+
|
54
|
+
This code supports the main features of AES, specifically:
|
55
|
+
|
56
|
+
- 128, 192, and 256-bit ciphers
|
57
|
+
- Electronic Codebook (ECB) mode only - *see* *Security* *Note*
|
58
|
+
- Encrypted blocks are padded at 16-bit boundaries ([read more on padding](http://www.di-mgt.com.au/cryptopad.html#whatispadding))
|
59
|
+
|
60
|
+
You can read specifics about AES-ECB in the IPSec-related [RFC 3602](http://www.rfc-archive.org/getrfc.php?rfc=3602).
|
61
|
+
|
62
|
+
### Example
|
63
|
+
|
64
|
+
Basic encryption/decryption with this gem:
|
65
|
+
|
66
|
+
require 'fast-aes'
|
67
|
+
|
68
|
+
# key can be 128, 192, or 256 bits
|
69
|
+
key = '42#3b%c$dxyT,7a5=+5fUI3fa7352&^:'
|
70
|
+
|
71
|
+
aes = FastAES.new(key)
|
72
|
+
|
73
|
+
text = "Hey there, how are you?"
|
74
|
+
|
75
|
+
data = aes.encrypt(text)
|
76
|
+
|
77
|
+
puts aes.decrypt(data) # "Hey there, how are you?"
|
78
|
+
|
79
|
+
|
80
|
+
## Why AES?
|
81
|
+
|
82
|
+
### SSL vs AES
|
83
|
+
|
84
|
+
I'm going to guess you're using Ruby with Rails, which means you're doing 90+% web development.
|
85
|
+
In that case, if you need security, SSL is the obvious choice (and the right one).
|
86
|
+
|
87
|
+
But there will probably come a time, padawan, when you need a couple backend servers to talk -
|
88
|
+
maybe job servers, or an admin port, or whatever. Maybe even a simple chat server.
|
89
|
+
|
90
|
+
You can setup SSL certificates for this but there's a good amount of maintenance overhead there.
|
91
|
+
Or, you can directly use an encryption algorithm, such as AES. Setting up an SSH tunnel is another
|
92
|
+
alternative, if you control both systems. I think it's easier to configure encryption as part of
|
93
|
+
your application, rather than having to mess with each individual system, but that's me.
|
94
|
+
|
95
|
+
For more information on how SSL/AES/RC4/TLS all interact,
|
96
|
+
[read this article on SSL and AES](http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html)
|
97
|
+
|
98
|
+
### AES vs Other Encryption Standards
|
99
|
+
|
100
|
+
There are a bizillion (literally!) different encryption standards out there. If you have
|
101
|
+
a PhD, and can't find a job, writing an encryption algorithm is a good thing to put on your resume -
|
102
|
+
on the outside chance that someone will hire you and use it. If you don't possess the talent to
|
103
|
+
write an encryption standard, you can spend hours trying to crack one - for similar reasons. As a
|
104
|
+
result, of the many encryption alternatives, most are either (a) cracked or (b) covered by patents.
|
105
|
+
|
106
|
+
Personally, when it comes to encryption, I think choosing what the US government chooses is a decent
|
107
|
+
choice. They tend to be "security conscious."
|
108
|
+
|
109
|
+
## Author
|
110
|
+
|
111
|
+
Original AES C reference code by Christophe Devine. Thanks Christophe!
|
112
|
+
|
113
|
+
This gem copyright (c) 2010-2011 [Nate Wiger](http://nateware.com). Released under the MIT License.
|
114
|
+
|
115
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
|
116
|
+
associated documentation files (the "Software"), to deal in the Software without restriction,
|
117
|
+
including without limitation the rights to use, copy, modify, merge, publish, distribute,
|
118
|
+
sublicense, and/or sell copies of the Software, and to permit persons to whom the
|
119
|
+
Software is furnished to do so, subject to the following conditions:
|
120
|
+
|
121
|
+
The above copyright notice and this permission notice shall be included in all copies or substantial
|
122
|
+
portions of the Software.
|
123
|
+
|
124
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
|
125
|
+
BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
126
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
127
|
+
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
128
|
+
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
data/ext/fast_aes.c
CHANGED
@@ -16,6 +16,7 @@
|
|
16
16
|
|
17
17
|
/* Global boolean */
|
18
18
|
int fast_aes_do_gen_tables = 1;
|
19
|
+
int fast_aes_printed_deprecation_notice = 0;
|
19
20
|
|
20
21
|
/* Old school. Oh yeah */
|
21
22
|
#ifndef RSTRING_PTR
|
@@ -95,11 +96,26 @@ VALUE fast_aes_initialize(VALUE self, VALUE key)
|
|
95
96
|
/*printf("AES key=%s, bits=%d\n", fast_aes->key, fast_aes->key_bits);*/
|
96
97
|
break;
|
97
98
|
default:
|
98
|
-
|
99
|
-
rb_raise(rb_eArgError, error_mesg);
|
99
|
+
sprintf(error_mesg, "AES key must be 128, 192, or 256 bits in length (got %d): %s", key_bits, key_data);
|
100
|
+
rb_raise(rb_eArgError, "%s", error_mesg);
|
100
101
|
return Qnil;
|
101
102
|
}
|
102
103
|
|
104
|
+
/* Deprecation warning */
|
105
|
+
if (! fast_aes_printed_deprecation_notice) {
|
106
|
+
fprintf(stderr,
|
107
|
+
"*************************************************************************************\n"
|
108
|
+
"* WARNING: The Ruby fast-aes gem is insecure and should NOT be used! *\n"
|
109
|
+
"* Please switch to: http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL.html *\n"
|
110
|
+
"* If this message is a mystery, you have a gem that depends on fast-aes *\n"
|
111
|
+
"* Check your Gemfile.lock for any gems that depend on fast-aes *\n"
|
112
|
+
"* To silence this message, you can lock fast-aes to version = 0.1.1 in your Gemfile *\n"
|
113
|
+
"*************************************************************************************\n"
|
114
|
+
"\n"
|
115
|
+
);
|
116
|
+
fast_aes_printed_deprecation_notice = 1;
|
117
|
+
}
|
118
|
+
|
103
119
|
if (fast_aes_initialize_state(fast_aes)) {
|
104
120
|
rb_raise(rb_eRuntimeError, "Failed to initialize AES internal state");
|
105
121
|
return Qnil;
|
@@ -250,8 +266,8 @@ VALUE fast_aes_decrypt(
|
|
250
266
|
/*//////////////////////////////////////////////////////////////////////////
|
251
267
|
////////////////////////////////////////////////////////////////////////////
|
252
268
|
// Strip trailing zeros, simple but effective. This is something fucking
|
253
|
-
|
254
|
-
|
269
|
+
// loose-cannon rjc couldn't figure out despite being a "genius". He needs
|
270
|
+
// a punch in the junk, I swear to god.
|
255
271
|
*/
|
256
272
|
while (puiNumBytesOut > 0) {
|
257
273
|
if (pDataOut[puiNumBytesOut - 1] != 0) break;
|
data/spec/fast_aes_spec.rb
CHANGED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,75 @@
|
|
1
|
+
# This file was generated by the `rails generate rspec:install` command. Conventionally, all
|
2
|
+
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
3
|
+
# The generated `.rspec` file contains `--require spec_helper` which will cause this
|
4
|
+
# file to always be loaded, without a need to explicitly require it in any files.
|
5
|
+
#
|
6
|
+
# Given that it is always loaded, you are encouraged to keep this file as
|
7
|
+
# light-weight as possible. Requiring heavyweight dependencies from this file
|
8
|
+
# will add to the boot time of your test suite on EVERY test run, even for an
|
9
|
+
# individual file that may not need all of that loaded. Instead, make a
|
10
|
+
# separate helper file that requires this one and then use it only in the specs
|
11
|
+
# that actually need it.
|
12
|
+
#
|
13
|
+
# The `.rspec` file also contains a few flags that are not defaults but that
|
14
|
+
# users commonly want.
|
15
|
+
#
|
16
|
+
# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
|
17
|
+
RSpec.configure do |config|
|
18
|
+
# The settings below are suggested to provide a good initial experience
|
19
|
+
# with RSpec, but feel free to customize to your heart's content.
|
20
|
+
|
21
|
+
# These two settings work together to allow you to limit a spec run
|
22
|
+
# to individual examples or groups you care about by tagging them with
|
23
|
+
# `:focus` metadata. When nothing is tagged with `:focus`, all examples
|
24
|
+
# get run.
|
25
|
+
config.filter_run :focus
|
26
|
+
config.run_all_when_everything_filtered = true
|
27
|
+
|
28
|
+
# Many RSpec users commonly either run the entire suite or an individual
|
29
|
+
# file, and it's useful to allow more verbose output when running an
|
30
|
+
# individual spec file.
|
31
|
+
if config.files_to_run.one?
|
32
|
+
# Use the documentation formatter for detailed output,
|
33
|
+
# unless a formatter has already been configured
|
34
|
+
# (e.g. via a command-line flag).
|
35
|
+
config.default_formatter = 'doc'
|
36
|
+
end
|
37
|
+
|
38
|
+
# Print the 10 slowest examples and example groups at the
|
39
|
+
# end of the spec run, to help surface which specs are running
|
40
|
+
# particularly slow.
|
41
|
+
config.profile_examples = 10
|
42
|
+
|
43
|
+
# Run specs in random order to surface order dependencies. If you find an
|
44
|
+
# order dependency and want to debug it, you can fix the order by providing
|
45
|
+
# the seed, which is printed after each run.
|
46
|
+
# --seed 1234
|
47
|
+
config.order = :random
|
48
|
+
|
49
|
+
# Seed global randomization in this process using the `--seed` CLI option.
|
50
|
+
# Setting this allows you to use `--seed` to deterministically reproduce
|
51
|
+
# test failures related to randomization by passing the same `--seed` value
|
52
|
+
# as the one that triggered the failure.
|
53
|
+
Kernel.srand config.seed
|
54
|
+
|
55
|
+
# rspec-expectations config goes here. You can use an alternate
|
56
|
+
# assertion/expectation library such as wrong or the stdlib/minitest
|
57
|
+
# assertions if you prefer.
|
58
|
+
config.expect_with :rspec do |expectations|
|
59
|
+
expectations.syntax = [:expect, :should]
|
60
|
+
end
|
61
|
+
|
62
|
+
# rspec-mocks config goes here. You can use an alternate test double
|
63
|
+
# library (such as bogus or mocha) by changing the `mock_with` option here.
|
64
|
+
config.mock_with :rspec do |mocks|
|
65
|
+
# Enable only the newer, non-monkey-patching expect syntax.
|
66
|
+
# For more details, see:
|
67
|
+
# - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
|
68
|
+
mocks.syntax = :expect
|
69
|
+
|
70
|
+
# Prevents you from mocking or stubbing a method that does not exist on
|
71
|
+
# a real object. This is generally recommended.
|
72
|
+
mocks.verify_partial_doubles = true
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
metadata
CHANGED
@@ -1,70 +1,57 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: fast-aes
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
segments:
|
6
|
-
- 0
|
7
|
-
- 1
|
8
|
-
- 1
|
9
|
-
version: 0.1.1
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.2
|
10
5
|
platform: ruby
|
11
|
-
authors:
|
6
|
+
authors:
|
12
7
|
- Nate Wiger
|
13
8
|
autorequire:
|
14
9
|
bindir: bin
|
15
10
|
cert_chain: []
|
16
|
-
|
17
|
-
date: 2010-03-17 00:00:00 -07:00
|
18
|
-
default_executable:
|
11
|
+
date: 2014-09-11 00:00:00.000000000 Z
|
19
12
|
dependencies: []
|
20
|
-
|
21
|
-
|
22
|
-
email: nate@wiger.org
|
13
|
+
description: Simple but LOW security AES gem - OBSOLETE.
|
14
|
+
email: nwiger@gmail.com
|
23
15
|
executables: []
|
24
|
-
|
25
|
-
extensions:
|
16
|
+
extensions:
|
26
17
|
- ext/extconf.rb
|
27
|
-
extra_rdoc_files:
|
28
|
-
-
|
29
|
-
|
18
|
+
extra_rdoc_files:
|
19
|
+
- Rakefile
|
20
|
+
- README.md
|
21
|
+
files:
|
22
|
+
- README.md
|
23
|
+
- Rakefile
|
30
24
|
- ext/extconf.rb
|
31
25
|
- ext/fast_aes.c
|
32
26
|
- ext/fast_aes.h
|
33
27
|
- lib/fast-aes.rb
|
34
28
|
- lib/fast_aes_static.rb
|
35
29
|
- spec/fast_aes_spec.rb
|
30
|
+
- spec/spec_helper.rb
|
36
31
|
- test/benchmark.rb
|
37
|
-
- README.rdoc
|
38
|
-
has_rdoc: true
|
39
32
|
homepage: http://github.com/nateware/fast-aes
|
40
33
|
licenses: []
|
41
|
-
|
34
|
+
metadata: {}
|
42
35
|
post_install_message:
|
43
|
-
rdoc_options:
|
44
|
-
- --title
|
45
|
-
-
|
46
|
-
require_paths:
|
36
|
+
rdoc_options:
|
37
|
+
- "--title"
|
38
|
+
- Simple but LOW security AES gem - OBSOLETE
|
39
|
+
require_paths:
|
47
40
|
- lib
|
48
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
49
|
-
requirements:
|
41
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
42
|
+
requirements:
|
50
43
|
- - ">="
|
51
|
-
- !ruby/object:Gem::Version
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
56
|
-
requirements:
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
57
48
|
- - ">="
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
|
60
|
-
- 0
|
61
|
-
version: "0"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '0'
|
62
51
|
requirements: []
|
63
|
-
|
64
52
|
rubyforge_project: fast-aes
|
65
|
-
rubygems_version:
|
53
|
+
rubygems_version: 2.2.2
|
66
54
|
signing_key:
|
67
|
-
specification_version:
|
68
|
-
summary:
|
55
|
+
specification_version: 4
|
56
|
+
summary: Simple but LOW security AES gem - OBSOLETE
|
69
57
|
test_files: []
|
70
|
-
|
data/README.rdoc
DELETED
@@ -1,113 +0,0 @@
|
|
1
|
-
= FastAES - Fast AES implementation for Ruby in C
|
2
|
-
|
3
|
-
This is a lightweight, fast implementation of AES (the US government's Advanced Encryption Standard,
|
4
|
-
aka "Rijndael"), written in C for speed. You can read more on the {Wikipedia AES Page}[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard].
|
5
|
-
The algorithm itself was extracted from work by Christophe Devine for the open source Netcat clone
|
6
|
-
{sbd}[http://www.cycom.se/dl/sbd]. According to the community, this is
|
7
|
-
{one of the best performing AES implementations available}[http://www.derkeiler.com/Newsgroups/sci.crypt/2003-07/0162.html]:
|
8
|
-
|
9
|
-
> With some exceptions your code performs better than all others in
|
10
|
-
> enc[ryption]/dec[ryption]. Do you have an explanation of that fact? Thanks.
|
11
|
-
>
|
12
|
-
Well, I've tried to make the code as simple and straightforward as
|
13
|
-
possible; I also used a few basic tricks, like loop unrolling.
|
14
|
-
|
15
|
-
This gem supports the most important features of AES, specifically:
|
16
|
-
|
17
|
-
* 128, 192, and 256-bit ciphers
|
18
|
-
* Cipher Block Chaining (CBC) mode only
|
19
|
-
* Encrypted blocks are padded at 16-bit boundaries ({read more on padding}[http://www.di-mgt.com.au/cryptopad.html#whatispadding])
|
20
|
-
|
21
|
-
You can read specifics about AES-CBC in the IPSec-related {RFC 3602}[http://www.rfc-archive.org/getrfc.php?rfc=3602],
|
22
|
-
if you really care that much.
|
23
|
-
|
24
|
-
Bottom line, this gem works. Fast.
|
25
|
-
|
26
|
-
=== Other Ruby AES gems
|
27
|
-
|
28
|
-
I couldn't find any that worked worth a crap. The {ruby-aes}[http://rubyforge.org/projects/ruby-aes/]
|
29
|
-
project has Ruby 1.9 bugs that have been open over _two_ _years_ now, {crypt/rijndael}[http://crypt.rubyforge.org/rijndael.html]
|
30
|
-
doesn't work on Ruby 1.9 and is slooow (as it's written in Ruby), and some people even report getting
|
31
|
-
{inconsistent encryption results from other libraries}[http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/228214].
|
32
|
-
|
33
|
-
So I grabbed some C reference code, wrapped a Ruby interface around it, and voíla.
|
34
|
-
|
35
|
-
C'mon people, it's not that hard. It's called Google. In my day, you had to actually *WRITE* the code.
|
36
|
-
|
37
|
-
== Installation
|
38
|
-
|
39
|
-
gem install fast-aes
|
40
|
-
|
41
|
-
== Example
|
42
|
-
|
43
|
-
Simple encryption/decryption:
|
44
|
-
|
45
|
-
require 'fast-aes'
|
46
|
-
|
47
|
-
# key can be 128, 192, or 256 bits
|
48
|
-
key = '42#3b%c$dxyT,7a5=+5fUI3fa7352&^:'
|
49
|
-
|
50
|
-
aes = FastAES.new(key)
|
51
|
-
|
52
|
-
text = "Hey there, how are you?"
|
53
|
-
|
54
|
-
data = aes.encrypt(text)
|
55
|
-
|
56
|
-
puts aes.decrypt(data) # "Hey there, how are you?"
|
57
|
-
|
58
|
-
Pretty simple, jah?
|
59
|
-
|
60
|
-
== Why AES?
|
61
|
-
|
62
|
-
=== SSL vs AES
|
63
|
-
|
64
|
-
I'm going to guess you're using Ruby with Rails, which means you're doing 90+% web development.
|
65
|
-
In that case, if you need security, SSL is the obvious choice (and the right one).
|
66
|
-
|
67
|
-
But there will probably come a time, padawan, when you need a couple backend servers to talk -
|
68
|
-
maybe job servers, or an admin port, or whatever. Maybe even a simple chat server.
|
69
|
-
|
70
|
-
You can setup SSL certificates for this if you want it to be time-consuming to maintain.
|
71
|
-
Or you can directly use an encryption algorithm, such as AES. Setting up an SSH tunnel is another
|
72
|
-
good alternative, if you control both systems. I think it's easier to configure encryption keys
|
73
|
-
as part of your application, rather than having to mess with each individual system, but that's me.
|
74
|
-
|
75
|
-
For more information on how SSL/AES/RC4/TLS all interact,
|
76
|
-
{read this article on SSL and AES}[http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html]
|
77
|
-
|
78
|
-
=== AES vs Other Encryption Standards
|
79
|
-
|
80
|
-
There are a bizillion (literally!) different encryption standards out there. If you have
|
81
|
-
a PhD, and can't find a job, writing an encryption algorithm is a good thing to put on your resume -
|
82
|
-
on the outside chance that someone will hire you and use it. If you don't possess the talent to
|
83
|
-
write an encryption standard, you can spend hours trying to crack one - for similar reasons. As a
|
84
|
-
result, of the many encryption alternatives, most are either (a) cracked or (b) covered by patents.
|
85
|
-
|
86
|
-
Personally, when it comes to encryption, I think choosing what the US government chooses is a decent
|
87
|
-
choice. They tend to be "security conscious."
|
88
|
-
|
89
|
-
=== Special Note
|
90
|
-
|
91
|
-
As this software deals with encryption/decryption, please note there is *NO* *WARRANTY*, not even
|
92
|
-
with regards to FITNESS FOR A PARTICULAR PURPOSE or NONINFRINGEMENT. This means if you use this
|
93
|
-
library, and it turns out there's a flaw in the implementation that results in your data being
|
94
|
-
hacked, *IT* *IS* *NOT* *MY* *FAULT*. It's YOUR responsibility to check the implementation of this
|
95
|
-
library and algorithm. If you can't understand C code, that's NOT MY PROBLEM.
|
96
|
-
|
97
|
-
== Author
|
98
|
-
|
99
|
-
Original AES C reference code by Christophe Devine. Thanks Christophe!
|
100
|
-
|
101
|
-
This gem copyright (c) 2010 {Nate Wiger}[http://nate.wiger.org]. Released under the MIT License.
|
102
|
-
|
103
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
|
104
|
-
files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use,
|
105
|
-
copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the
|
106
|
-
Software is furnished to do so, subject to the following conditions:
|
107
|
-
|
108
|
-
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
109
|
-
|
110
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
111
|
-
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
112
|
-
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
113
|
-
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|