pkcs7-cryptographer 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -1
- data/Gemfile.lock +1 -1
- data/lib/pkcs7/cryptographer.rb +24 -7
- data/lib/pkcs7/cryptographer/initializers.rb +5 -0
- data/lib/pkcs7/cryptographer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a02040b2706a005f695860704e338946e5cb68c6dcbf92fc7a2bb9c17b9425b2
|
|
4
|
+
data.tar.gz: 52a840fb9394002e9400e31a0d4960b0fefcfcab4466ce2535c3afcd2915932a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83d51e4785b3eff57409208a09956c29826e2dde08c75a7b87e340f70b129f2f80614b4c5792e159618354ae97059eff2febd58a01ce08c460758fba0feb9e52
|
|
7
|
+
data.tar.gz: 139e5b0e31cdfeed9c67468f92a21dc2f9f36bc3f207fe941df54194e199f43b2681e79072b5e1ea67f33696dd5422c4bf34595377845ea579cccb22487f85fe
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
data/lib/pkcs7/cryptographer.rb
CHANGED
|
@@ -39,12 +39,7 @@ module PKCS7
|
|
|
39
39
|
certificate = x509_certificate(certificate)
|
|
40
40
|
public_certificate = x509_certificate(public_certificate)
|
|
41
41
|
signed_data = OpenSSL::PKCS7.sign(certificate, key, data)
|
|
42
|
-
|
|
43
|
-
encrypted_data = OpenSSL::PKCS7.encrypt(
|
|
44
|
-
[public_certificate],
|
|
45
|
-
signed_data.to_pem,
|
|
46
|
-
OpenSSL::Cipher.new("aes-256-cbc")
|
|
47
|
-
)
|
|
42
|
+
encrypted_data = encrypt(public_certificate, signed_data)
|
|
48
43
|
|
|
49
44
|
encrypted_data.to_pem
|
|
50
45
|
end
|
|
@@ -72,11 +67,33 @@ module PKCS7
|
|
|
72
67
|
public_certificate = x509_certificate(public_certificate)
|
|
73
68
|
encrypted_data = pkcs7(data)
|
|
74
69
|
decrypted_data = encrypted_data.decrypt(key, certificate)
|
|
70
|
+
|
|
75
71
|
signed_data = OpenSSL::PKCS7.new(decrypted_data)
|
|
72
|
+
verified = verified_signature?(signed_data, public_certificate, ca_store)
|
|
76
73
|
|
|
77
|
-
return false unless
|
|
74
|
+
return false unless verified
|
|
78
75
|
|
|
79
76
|
signed_data.data
|
|
80
77
|
end
|
|
78
|
+
|
|
79
|
+
private
|
|
80
|
+
|
|
81
|
+
def encrypt(public_certificate, signed_data)
|
|
82
|
+
OpenSSL::PKCS7.encrypt(
|
|
83
|
+
[public_certificate],
|
|
84
|
+
signed_data.to_der,
|
|
85
|
+
OpenSSL::Cipher.new("aes-256-cbc"),
|
|
86
|
+
OpenSSL::PKCS7::BINARY
|
|
87
|
+
)
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def verified_signature?(signed_data, public_certificate, ca_store)
|
|
91
|
+
signed_data.verify(
|
|
92
|
+
[public_certificate],
|
|
93
|
+
ca_store,
|
|
94
|
+
nil,
|
|
95
|
+
OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOCHAIN
|
|
96
|
+
)
|
|
97
|
+
end
|
|
81
98
|
end
|
|
82
99
|
end
|
|
@@ -8,6 +8,11 @@ module PKCS7
|
|
|
8
8
|
# certificate, key or encrypted message string.
|
|
9
9
|
###
|
|
10
10
|
module Initializers
|
|
11
|
+
# PRIVATE METHODS
|
|
12
|
+
# ------------------------------------------------------------------------
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
11
16
|
def x509_certificate(certificate)
|
|
12
17
|
wrap_in_class_or_return(certificate, OpenSSL::X509::Certificate)
|
|
13
18
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pkcs7-cryptographer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel Munera Sanchez
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|