pkcs7-cryptographer 0.2.3 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +60 -10
- data/lib/pkcs7/cryptographer/entity.rb +6 -6
- data/lib/pkcs7/cryptographer/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c4ad91179d8ddcac665a391f85dd03bb066a0fb14d8e09d997d5f363f9d5434
|
4
|
+
data.tar.gz: 24ef42a9ea9c625af0de5dffda7fdd178b48b1a94ec998a82d90d993f90101b3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 88e9e776e81ceed455d41cb1bff2b7272725512ea0fa8121db0c6180d548639d6742326733f20853344cb08a7d7688509a6f5ced6126aa7a7bcb87e964cdbda4
|
7
|
+
data.tar.gz: 5c067348e4eadbb962c913ad1a8fa65037c03bb1cdabbd9305de7aef8ea4f2c5262a7aa6e15361763dc3d6a4f1791d05d6dbc1627676557a4b3b1becc117cc26
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -4,13 +4,12 @@
|
|
4
4
|

|
5
5
|
|
6
6
|
|
7
|
-
|
8
|
-
Cryptographer is an small utility to encrypt and decrypt messages
|
7
|
+
Cryptographer is an small utility to encrypt, sign and decrypt messages
|
9
8
|
using PKCS7.
|
10
9
|
|
11
10
|
PKCS7 is used to store signed and encrypted data.This specific implementation
|
12
|
-
uses aes-256-cbc as chipher in the encryption process. If you want to read
|
13
|
-
information about the involved data structures and theory around this,
|
11
|
+
uses `aes-256-cbc` as chipher in the encryption process. If you want to read
|
12
|
+
more information about the involved data structures and theory around this,
|
14
13
|
please visit:
|
15
14
|
|
16
15
|
- https://ruby-doc.org/stdlib-3.0.0/libdoc/openssl/rdoc/OpenSSL.html
|
@@ -37,6 +36,8 @@ Or install it yourself as:
|
|
37
36
|
```
|
38
37
|
## Usage
|
39
38
|
|
39
|
+
### Using bare PKCS7::Cryptographer
|
40
|
+
|
40
41
|
After installing the gem you will have the `PKCS7::Cryptographer` available.
|
41
42
|
|
42
43
|
`PKCS7::Cryptographer` is a class that provides two public methods:
|
@@ -44,12 +45,13 @@ After installing the gem you will have the `PKCS7::Cryptographer` available.
|
|
44
45
|
- `sign_and_encrypt`
|
45
46
|
- `decrypt_and_verify`
|
46
47
|
|
47
|
-
|
48
|
+
If you want to use the barebones cryptographer, you can. Please look at the
|
49
|
+
following example:
|
48
50
|
|
49
51
|
|
50
|
-
### Using bare PKCS7::Cryptographer
|
51
52
|
|
52
53
|
```ruby
|
54
|
+
require 'pkcs7/cryptographer'
|
53
55
|
|
54
56
|
# This script assumes you have a read_file method to read the certificates and
|
55
57
|
# keys.
|
@@ -71,7 +73,7 @@ Read the following examples to get a better undertanding:
|
|
71
73
|
# Only the client can read the message since the required public
|
72
74
|
# certificate to read it is the client certificate.
|
73
75
|
|
74
|
-
# It could be read if the CA_STORE of the reader has certificate of the
|
76
|
+
# It could be read if the CA_STORE of the reader has the certificate of the
|
75
77
|
# CA that signed the client certificate as trusted.
|
76
78
|
|
77
79
|
cryptographer = PKCS7::Cryptographer.new
|
@@ -84,6 +86,8 @@ Read the following examples to get a better undertanding:
|
|
84
86
|
public_certificate: CLIENT_CERTIFICATE
|
85
87
|
)
|
86
88
|
|
89
|
+
# encrypted_data is a PEM formatted string
|
90
|
+
|
87
91
|
# READ MESSAGE IN CLIENT
|
88
92
|
# ----------------------------------------------------------------------------
|
89
93
|
# Store of trusted certificates
|
@@ -103,8 +107,16 @@ Read the following examples to get a better undertanding:
|
|
103
107
|
|
104
108
|
### Using PKCS7::Cryptographer::Entity
|
105
109
|
|
110
|
+
There is a possibility to use entities to communicate using encrypted data. In
|
111
|
+
order to use it you have to import the entities implementation.
|
112
|
+
|
113
|
+
Please look at the following example:
|
114
|
+
|
106
115
|
```ruby
|
107
116
|
|
117
|
+
require 'pkcs7/cryptographer'
|
118
|
+
require 'pkcs7/cryptographer/entity'
|
119
|
+
|
108
120
|
# This script assumes you have a read_file method to read the certificates and
|
109
121
|
# keys. If you have any question about how to generate the keys/certificates
|
110
122
|
# check this post: https://mariadb.com/kb/en/certificate-creation-with-openssl/
|
@@ -129,24 +141,62 @@ Read the following examples to get a better undertanding:
|
|
129
141
|
)
|
130
142
|
|
131
143
|
client_entity = PKCS7::Cryptographer::Entity.new(
|
132
|
-
certificate: CLIENT_CERTIFICATE
|
144
|
+
certificate: CLIENT_CERTIFICATE
|
133
145
|
)
|
134
146
|
|
135
147
|
# SEND MESSAGE TO THE CLIENT
|
136
148
|
# ----------------------------------------------------------------------------
|
137
149
|
data = "Victor Ibarbo"
|
138
|
-
encrypted_data = ca_entity.encrypt_data(data: data,
|
150
|
+
encrypted_data = ca_entity.encrypt_data(data: data, receiver: client_entity)
|
139
151
|
|
140
152
|
# READ MESSAGE IN CLIENT
|
141
153
|
# ----------------------------------------------------------------------------
|
142
154
|
decrypted_data = client_entity.decrypt_data(
|
143
155
|
data: encrypted_data,
|
144
|
-
|
156
|
+
sender: ca_entity
|
145
157
|
)
|
146
158
|
|
147
159
|
# decrypted_data returns: "Victor Ibarbo"
|
148
160
|
```
|
149
161
|
|
162
|
+
When using entities, all the complexity of knowing which PKI credentials to
|
163
|
+
send to the cryptographer dissapears. You only need to initialize the
|
164
|
+
entities and use the methods to indicate to whom the message will be sent.
|
165
|
+
|
166
|
+
If you want to verify if certain entity you defined "trust" another one, use the
|
167
|
+
`trustable_entity?(<the other entity>)`.
|
168
|
+
|
169
|
+
```ruby
|
170
|
+
ca_entity = PKCS7::Cryptographer::Entity.new(
|
171
|
+
key: CA_KEY,
|
172
|
+
certificate: CA_CERTIFICATE,
|
173
|
+
ca_store: CA_STORE
|
174
|
+
)
|
175
|
+
|
176
|
+
client_entity = PKCS7::Cryptographer::Entity.new(
|
177
|
+
certificate: CLIENT_CERTIFICATE
|
178
|
+
)
|
179
|
+
|
180
|
+
ca_entity.trustable_entity?(client_entity)
|
181
|
+
|
182
|
+
# Returns true because the client certificate was signed by the root
|
183
|
+
# certificate of the ca_authority.
|
184
|
+
```
|
185
|
+
|
186
|
+
When sending data to an entity, you will most of the time initialize the entity
|
187
|
+
only with the `certificate` keyword arguments. So, initializing a receiver will
|
188
|
+
most of the time looks like this:
|
189
|
+
|
190
|
+
```ruby
|
191
|
+
client_entity = PKCS7::Cryptographer::Entity.new(
|
192
|
+
certificate: CLIENT_CERTIFICATE
|
193
|
+
)
|
194
|
+
```
|
195
|
+
|
196
|
+
The entity above can't encrypt messages or decrypt them, if you want to decrypt
|
197
|
+
and encrypt the entity should have its the key (private key), certificate and
|
198
|
+
the list of trusted certificates of the entity (ca_store).
|
199
|
+
|
150
200
|
## Development
|
151
201
|
|
152
202
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run
|
@@ -32,24 +32,24 @@ module PKCS7
|
|
32
32
|
@ca_store.verify(entity.certificate)
|
33
33
|
end
|
34
34
|
|
35
|
-
def encrypt_data(data:,
|
36
|
-
perform_safely(
|
35
|
+
def encrypt_data(data:, receiver:)
|
36
|
+
perform_safely(receiver) do
|
37
37
|
@cryptographer.sign_and_encrypt(
|
38
38
|
data: data,
|
39
39
|
key: @key,
|
40
40
|
certificate: @certificate,
|
41
|
-
public_certificate:
|
41
|
+
public_certificate: receiver.certificate
|
42
42
|
)
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
46
|
-
def decrypt_data(data:,
|
47
|
-
perform_safely(
|
46
|
+
def decrypt_data(data:, sender:)
|
47
|
+
perform_safely(sender) do
|
48
48
|
@cryptographer.decrypt_and_verify(
|
49
49
|
data: data,
|
50
50
|
key: @key,
|
51
51
|
certificate: @certificate,
|
52
|
-
public_certificate:
|
52
|
+
public_certificate: sender.certificate,
|
53
53
|
ca_store: @ca_store
|
54
54
|
)
|
55
55
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pkcs7-cryptographer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Munera Sanchez
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-03-
|
11
|
+
date: 2021-03-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|