pkcs7-cryptographer 0.2.3 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c6f89bcec7efd95afb71a4efdb3ba0ab85b87e38b71115f3b4081ee7e99bbea3
4
- data.tar.gz: be8a8b20477ad48c2451b513f179f9652641981ef4ffa19876655e2dd3e9933d
3
+ metadata.gz: 0c4ad91179d8ddcac665a391f85dd03bb066a0fb14d8e09d997d5f363f9d5434
4
+ data.tar.gz: 24ef42a9ea9c625af0de5dffda7fdd178b48b1a94ec998a82d90d993f90101b3
5
5
  SHA512:
6
- metadata.gz: 5e3b5c8eb9e520727c3aa6e9cc4f632c8b2272e991b0393dc1f7c94a0286cbc3eaffb8fd6f02e4864f9860dbf20bf6ceed0bde92625890678f8fdeb38af4d088
7
- data.tar.gz: 6e7c13a7e6db27874f2bf2d31f05f54d614cda843c099419936f639e8c9c9274c7e355a5a0e0831b976afb5456fd1ba658af6474985ca50362ab3f3bc54a2927
6
+ metadata.gz: 88e9e776e81ceed455d41cb1bff2b7272725512ea0fa8121db0c6180d548639d6742326733f20853344cb08a7d7688509a6f5ced6126aa7a7bcb87e964cdbda4
7
+ data.tar.gz: 5c067348e4eadbb962c913ad1a8fa65037c03bb1cdabbd9305de7aef8ea4f2c5262a7aa6e15361763dc3d6a4f1791d05d6dbc1627676557a4b3b1becc117cc26
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- pkcs7-cryptographer (0.2.3)
4
+ pkcs7-cryptographer (1.0.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -4,13 +4,12 @@
4
4
  ![main workflow](https://github.com/dmuneras/pkcs7-cryptographer/actions/workflows/main.yml/badge.svg)
5
5
 
6
6
 
7
-
8
- Cryptographer is an small utility to encrypt and decrypt messages
7
+ Cryptographer is an small utility to encrypt, sign and decrypt messages
9
8
  using PKCS7.
10
9
 
11
10
  PKCS7 is used to store signed and encrypted data.This specific implementation
12
- uses aes-256-cbc as chipher in the encryption process. If you want to read more
13
- information about the involved data structures and theory around this,
11
+ uses `aes-256-cbc` as chipher in the encryption process. If you want to read
12
+ more information about the involved data structures and theory around this,
14
13
  please visit:
15
14
 
16
15
  - https://ruby-doc.org/stdlib-3.0.0/libdoc/openssl/rdoc/OpenSSL.html
@@ -37,6 +36,8 @@ Or install it yourself as:
37
36
  ```
38
37
  ## Usage
39
38
 
39
+ ### Using bare PKCS7::Cryptographer
40
+
40
41
  After installing the gem you will have the `PKCS7::Cryptographer` available.
41
42
 
42
43
  `PKCS7::Cryptographer` is a class that provides two public methods:
@@ -44,12 +45,13 @@ After installing the gem you will have the `PKCS7::Cryptographer` available.
44
45
  - `sign_and_encrypt`
45
46
  - `decrypt_and_verify`
46
47
 
47
- Read the following examples to get a better undertanding:
48
+ If you want to use the barebones cryptographer, you can. Please look at the
49
+ following example:
48
50
 
49
51
 
50
- ### Using bare PKCS7::Cryptographer
51
52
 
52
53
  ```ruby
54
+ require 'pkcs7/cryptographer'
53
55
 
54
56
  # This script assumes you have a read_file method to read the certificates and
55
57
  # keys.
@@ -71,7 +73,7 @@ Read the following examples to get a better undertanding:
71
73
  # Only the client can read the message since the required public
72
74
  # certificate to read it is the client certificate.
73
75
 
74
- # It could be read if the CA_STORE of the reader has certificate of the
76
+ # It could be read if the CA_STORE of the reader has the certificate of the
75
77
  # CA that signed the client certificate as trusted.
76
78
 
77
79
  cryptographer = PKCS7::Cryptographer.new
@@ -84,6 +86,8 @@ Read the following examples to get a better undertanding:
84
86
  public_certificate: CLIENT_CERTIFICATE
85
87
  )
86
88
 
89
+ # encrypted_data is a PEM formatted string
90
+
87
91
  # READ MESSAGE IN CLIENT
88
92
  # ----------------------------------------------------------------------------
89
93
  # Store of trusted certificates
@@ -103,8 +107,16 @@ Read the following examples to get a better undertanding:
103
107
 
104
108
  ### Using PKCS7::Cryptographer::Entity
105
109
 
110
+ There is a possibility to use entities to communicate using encrypted data. In
111
+ order to use it you have to import the entities implementation.
112
+
113
+ Please look at the following example:
114
+
106
115
  ```ruby
107
116
 
117
+ require 'pkcs7/cryptographer'
118
+ require 'pkcs7/cryptographer/entity'
119
+
108
120
  # This script assumes you have a read_file method to read the certificates and
109
121
  # keys. If you have any question about how to generate the keys/certificates
110
122
  # check this post: https://mariadb.com/kb/en/certificate-creation-with-openssl/
@@ -129,24 +141,62 @@ Read the following examples to get a better undertanding:
129
141
  )
130
142
 
131
143
  client_entity = PKCS7::Cryptographer::Entity.new(
132
- certificate: CLIENT_CERTIFICATE,
144
+ certificate: CLIENT_CERTIFICATE
133
145
  )
134
146
 
135
147
  # SEND MESSAGE TO THE CLIENT
136
148
  # ----------------------------------------------------------------------------
137
149
  data = "Victor Ibarbo"
138
- encrypted_data = ca_entity.encrypt_data(data: data, to: client_entity)
150
+ encrypted_data = ca_entity.encrypt_data(data: data, receiver: client_entity)
139
151
 
140
152
  # READ MESSAGE IN CLIENT
141
153
  # ----------------------------------------------------------------------------
142
154
  decrypted_data = client_entity.decrypt_data(
143
155
  data: encrypted_data,
144
- from: ca_entity
156
+ sender: ca_entity
145
157
  )
146
158
 
147
159
  # decrypted_data returns: "Victor Ibarbo"
148
160
  ```
149
161
 
162
+ When using entities, all the complexity of knowing which PKI credentials to
163
+ send to the cryptographer dissapears. You only need to initialize the
164
+ entities and use the methods to indicate to whom the message will be sent.
165
+
166
+ If you want to verify if certain entity you defined "trust" another one, use the
167
+ `trustable_entity?(<the other entity>)`.
168
+
169
+ ```ruby
170
+ ca_entity = PKCS7::Cryptographer::Entity.new(
171
+ key: CA_KEY,
172
+ certificate: CA_CERTIFICATE,
173
+ ca_store: CA_STORE
174
+ )
175
+
176
+ client_entity = PKCS7::Cryptographer::Entity.new(
177
+ certificate: CLIENT_CERTIFICATE
178
+ )
179
+
180
+ ca_entity.trustable_entity?(client_entity)
181
+
182
+ # Returns true because the client certificate was signed by the root
183
+ # certificate of the ca_authority.
184
+ ```
185
+
186
+ When sending data to an entity, you will most of the time initialize the entity
187
+ only with the `certificate` keyword arguments. So, initializing a receiver will
188
+ most of the time looks like this:
189
+
190
+ ```ruby
191
+ client_entity = PKCS7::Cryptographer::Entity.new(
192
+ certificate: CLIENT_CERTIFICATE
193
+ )
194
+ ```
195
+
196
+ The entity above can't encrypt messages or decrypt them, if you want to decrypt
197
+ and encrypt the entity should have its the key (private key), certificate and
198
+ the list of trusted certificates of the entity (ca_store).
199
+
150
200
  ## Development
151
201
 
152
202
  After checking out the repo, run `bin/setup` to install dependencies. Then, run
@@ -32,24 +32,24 @@ module PKCS7
32
32
  @ca_store.verify(entity.certificate)
33
33
  end
34
34
 
35
- def encrypt_data(data:, to:)
36
- perform_safely(to) do
35
+ def encrypt_data(data:, receiver:)
36
+ perform_safely(receiver) do
37
37
  @cryptographer.sign_and_encrypt(
38
38
  data: data,
39
39
  key: @key,
40
40
  certificate: @certificate,
41
- public_certificate: to.certificate
41
+ public_certificate: receiver.certificate
42
42
  )
43
43
  end
44
44
  end
45
45
 
46
- def decrypt_data(data:, from:)
47
- perform_safely(from) do
46
+ def decrypt_data(data:, sender:)
47
+ perform_safely(sender) do
48
48
  @cryptographer.decrypt_and_verify(
49
49
  data: data,
50
50
  key: @key,
51
51
  certificate: @certificate,
52
- public_certificate: from.certificate,
52
+ public_certificate: sender.certificate,
53
53
  ca_store: @ca_store
54
54
  )
55
55
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module PKCS7
4
4
  class Cryptographer
5
- VERSION = "0.2.3"
5
+ VERSION = "1.0.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pkcs7-cryptographer
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Munera Sanchez
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-03-25 00:00:00.000000000 Z
11
+ date: 2021-03-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler