pkcs7-cryptographer 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -1
- data/Gemfile.lock +1 -1
- data/lib/pkcs7/cryptographer.rb +24 -7
- data/lib/pkcs7/cryptographer/initializers.rb +5 -0
- data/lib/pkcs7/cryptographer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a02040b2706a005f695860704e338946e5cb68c6dcbf92fc7a2bb9c17b9425b2
|
4
|
+
data.tar.gz: 52a840fb9394002e9400e31a0d4960b0fefcfcab4466ce2535c3afcd2915932a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83d51e4785b3eff57409208a09956c29826e2dde08c75a7b87e340f70b129f2f80614b4c5792e159618354ae97059eff2febd58a01ce08c460758fba0feb9e52
|
7
|
+
data.tar.gz: 139e5b0e31cdfeed9c67468f92a21dc2f9f36bc3f207fe941df54194e199f43b2681e79072b5e1ea67f33696dd5422c4bf34595377845ea579cccb22487f85fe
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
data/lib/pkcs7/cryptographer.rb
CHANGED
@@ -39,12 +39,7 @@ module PKCS7
|
|
39
39
|
certificate = x509_certificate(certificate)
|
40
40
|
public_certificate = x509_certificate(public_certificate)
|
41
41
|
signed_data = OpenSSL::PKCS7.sign(certificate, key, data)
|
42
|
-
|
43
|
-
encrypted_data = OpenSSL::PKCS7.encrypt(
|
44
|
-
[public_certificate],
|
45
|
-
signed_data.to_pem,
|
46
|
-
OpenSSL::Cipher.new("aes-256-cbc")
|
47
|
-
)
|
42
|
+
encrypted_data = encrypt(public_certificate, signed_data)
|
48
43
|
|
49
44
|
encrypted_data.to_pem
|
50
45
|
end
|
@@ -72,11 +67,33 @@ module PKCS7
|
|
72
67
|
public_certificate = x509_certificate(public_certificate)
|
73
68
|
encrypted_data = pkcs7(data)
|
74
69
|
decrypted_data = encrypted_data.decrypt(key, certificate)
|
70
|
+
|
75
71
|
signed_data = OpenSSL::PKCS7.new(decrypted_data)
|
72
|
+
verified = verified_signature?(signed_data, public_certificate, ca_store)
|
76
73
|
|
77
|
-
return false unless
|
74
|
+
return false unless verified
|
78
75
|
|
79
76
|
signed_data.data
|
80
77
|
end
|
78
|
+
|
79
|
+
private
|
80
|
+
|
81
|
+
def encrypt(public_certificate, signed_data)
|
82
|
+
OpenSSL::PKCS7.encrypt(
|
83
|
+
[public_certificate],
|
84
|
+
signed_data.to_der,
|
85
|
+
OpenSSL::Cipher.new("aes-256-cbc"),
|
86
|
+
OpenSSL::PKCS7::BINARY
|
87
|
+
)
|
88
|
+
end
|
89
|
+
|
90
|
+
def verified_signature?(signed_data, public_certificate, ca_store)
|
91
|
+
signed_data.verify(
|
92
|
+
[public_certificate],
|
93
|
+
ca_store,
|
94
|
+
nil,
|
95
|
+
OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOCHAIN
|
96
|
+
)
|
97
|
+
end
|
81
98
|
end
|
82
99
|
end
|
@@ -8,6 +8,11 @@ module PKCS7
|
|
8
8
|
# certificate, key or encrypted message string.
|
9
9
|
###
|
10
10
|
module Initializers
|
11
|
+
# PRIVATE METHODS
|
12
|
+
# ------------------------------------------------------------------------
|
13
|
+
|
14
|
+
private
|
15
|
+
|
11
16
|
def x509_certificate(certificate)
|
12
17
|
wrap_in_class_or_return(certificate, OpenSSL::X509::Certificate)
|
13
18
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pkcs7-cryptographer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Munera Sanchez
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-04-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|