rencrypt 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/README +36 -0
- data/lib/REncrypt.rb +80 -0
- metadata +54 -0
data/README
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
Warranty
|
2
|
+
|
3
|
+
This software is provided "as is" and without any express or implied warranties, including, without limitation, the implied warranties of merchantibility and fitness for a particular purpose.
|
4
|
+
|
5
|
+
************************
|
6
|
+
|
7
|
+
To create a key:
|
8
|
+
% openssl genrsa -des3 -out private.pem 2048
|
9
|
+
Generating RSA private key, 2048 bit long modulus
|
10
|
+
......+++
|
11
|
+
.+++
|
12
|
+
e is 65537 (0x10001)
|
13
|
+
Enter pass phrase for private.pem:
|
14
|
+
Verifying - Enter pass phrase for private.pem:
|
15
|
+
|
16
|
+
Then:
|
17
|
+
% openssl rsa -in private.pem -out public.pem -outform PEM -pubout
|
18
|
+
Enter pass phrase for private.pem:
|
19
|
+
writing RSA key
|
20
|
+
|
21
|
+
************************
|
22
|
+
|
23
|
+
To Encrypt:
|
24
|
+
>> require 'REncrypt'
|
25
|
+
=> true
|
26
|
+
>> privkey='/path/to/private.pem'
|
27
|
+
=> "/path/to/private.pem"
|
28
|
+
>> pubkey='/path/to/public.pem'
|
29
|
+
=> "/path/to/public.pem"
|
30
|
+
>> a= Rencrypt.encrypt_sensitive(pubkey, "some kind of data")
|
31
|
+
=> ["\016\331\332\e\363\253\001\363}\203\277\342\325\025m\026$\317\221\200\2237\352>tS\355\340\310k\333&", "}[\322\001\206*\301\314\030\023W\271\025\026\363\355\214+H\360\023\331\2128\302\320\276%\353\016\\\026\315p\222{CQI\"4\"4\377\223(\366${\006\332\n\254p\034vM\b\310\263x\223\364\227\223\242:\376Qfc\306]\374\253X&\343\350[5\243vM\204tQW\264\300[`\341F\361\245\316'\243\371\3620f\212\217\255\321\e\315\264\0247}\311\227\\\220\226'\235\027-\005 e\313H\216:\242(\023\342I\343O\213\0277M\177r\022\303\206\025\315>\353\247v8N*\243S\301\177\342\"\223n#CLv\032\021\246\301\236\367!\003\241\002L\2343\360?\225\361\310\310S\254\263 \037\331\250\347\355]\356\373\276A\330\000\275\360\306\200G\225\252\347\001#\305-\237^\376\363\020\360\254\006\233}\225\262\230\r\250\216T*\032\204\221\004\360z\232\005\003)\312\304\351\031\006\e\032\247$h\025\367\rw\375", "\320\223\343\t\373_\276\220\374\247\360s\030{\354\264:\360\261\\\vf;W\322\344\222\235[\325o\334\e)\326A\233\215DEN\214\337\325\273]\221!\f\313\336\351\213\371\300\343\266_\221\205\265v\017\245\2521X\026\346\210\226\035\r?\255\034<\331M\364\266\232\224\347\247tuX\370\2111\231\350F\341G\b^n\355\202\351\311E\230^\e^\230\205bN#\250<s\263}\271Go0\212\262iq\267\v\205\357M\002\036Q\\\340`\030a\006(1\267\361L\363\024fV\213(\276:F*\310\200@\216\024\241a<\370\032\350I))\224O\372\340\320\272.\234\335D\325!\273O0\2706\375G\rXV\311\325ml!\262N\256\370\216\f\305\364$\350\221\3245$<\217$Z1\222]\tG\234\272\304\342\361&uP\356Z\243\3330\242\225aE\224\367+z\020\311zM\371\325\tA\264\016^\017\376\266\312\005"]
|
32
|
+
|
33
|
+
To Decrypt:
|
34
|
+
Rencrypt.decrypt_sensitive(privkey, a[0], a[1], a[2], "somepasswordthatissecure")
|
35
|
+
=> "some kind of data"
|
36
|
+
>>
|
data/lib/REncrypt.rb
ADDED
@@ -0,0 +1,80 @@
|
|
1
|
+
# This library is a simple way to do encryption for storage into a database.
|
2
|
+
# The user will create a public and private key, preferrably with a password
|
3
|
+
# before initial use and then call the library to encrypt the data. The libary
|
4
|
+
# will return the encrypted data, encrypted key and encrypted iv for storage
|
5
|
+
# and retrieval at a later date. The only thing needed to unencrypt the data
|
6
|
+
# is the password to the OpenSSL private key
|
7
|
+
|
8
|
+
# Taken from inspiration from:
|
9
|
+
# http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/
|
10
|
+
|
11
|
+
|
12
|
+
require 'openssl'
|
13
|
+
class Rencrypt
|
14
|
+
|
15
|
+
attr_accessor :plain_data, :encrypted_data , :encrypted_key, :encrypted_iv
|
16
|
+
|
17
|
+
# Decrypt the previously encrypted data
|
18
|
+
# * privkey is the pathname to the private openssl key. Make sure its readable by your user
|
19
|
+
# * encrypted_data is the actual data to be unencrypted
|
20
|
+
# * encrypted_key is the key used on the previously
|
21
|
+
# * encrypted_iv is the initialization vector previously used previously
|
22
|
+
# * password is the private key password used when the OpenSSL private key was created
|
23
|
+
#
|
24
|
+
def self.decrypt_sensitive(privkey, encrypted_data, encrypted_key, encrypted_iv, password)
|
25
|
+
if encrypted_data
|
26
|
+
begin
|
27
|
+
private_key = OpenSSL::PKey::RSA.new(File.read(privkey),password)
|
28
|
+
rescue Exception => e
|
29
|
+
return "There was a problem with the private key: #{e}"
|
30
|
+
end
|
31
|
+
cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
|
32
|
+
cipher.decrypt
|
33
|
+
begin
|
34
|
+
cipher.key = private_key.private_decrypt(encrypted_key)
|
35
|
+
cipher.iv = private_key.private_decrypt(encrypted_iv)
|
36
|
+
rescue Exception => e
|
37
|
+
return "There was a problem with the key or IV: #{e}"
|
38
|
+
end
|
39
|
+
decrypted_data = cipher.update(encrypted_data)
|
40
|
+
decrypted_data << cipher.final
|
41
|
+
return decrypted_data
|
42
|
+
else
|
43
|
+
return "Error! No data to decrypt"
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# Holdover from from the conversion from a Model. Might not be needed. Yet to be seen.
|
48
|
+
def self.clear_sensitive
|
49
|
+
self.encrypted_data = self.encrypted_key = self.encrypted_iv = nil
|
50
|
+
end
|
51
|
+
|
52
|
+
# Encrypt data using a previously created public key
|
53
|
+
# * The fuction will create a random key and random iv
|
54
|
+
# * Returns the data, key and IV used to encrypt the data
|
55
|
+
# * Data, key and IV should be stored for retrieval later
|
56
|
+
def self.encrypt_sensitive(pubkey, data)
|
57
|
+
if data
|
58
|
+
begin
|
59
|
+
public_key = OpenSSL::PKey::RSA.new(File.read(pubkey))
|
60
|
+
rescue Exception => e
|
61
|
+
return "There was a problem with the public key: #{e}"
|
62
|
+
end
|
63
|
+
|
64
|
+
cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
|
65
|
+
cipher.encrypt
|
66
|
+
cipher.key = random_key = cipher.random_key
|
67
|
+
cipher.iv = random_iv = cipher.random_iv
|
68
|
+
|
69
|
+
encrypted_data = cipher.update(data)
|
70
|
+
encrypted_data << cipher.final
|
71
|
+
|
72
|
+
encrypted_key = public_key.public_encrypt(random_key)
|
73
|
+
encrypted_iv = public_key.public_encrypt(random_iv)
|
74
|
+
|
75
|
+
return edata = [encrypted_data, encrypted_key, encrypted_iv]
|
76
|
+
else
|
77
|
+
return "No data to encrypt"
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
metadata
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rencrypt
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Paul Voccio
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2008-06-18 00:00:00 -05:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description:
|
17
|
+
email: paul@substation9.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files:
|
23
|
+
- README
|
24
|
+
files:
|
25
|
+
- lib/REncrypt.rb
|
26
|
+
- README
|
27
|
+
has_rdoc: true
|
28
|
+
homepage:
|
29
|
+
post_install_message:
|
30
|
+
rdoc_options: []
|
31
|
+
|
32
|
+
require_paths:
|
33
|
+
- lib
|
34
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - ">="
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: "0"
|
39
|
+
version:
|
40
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - ">="
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: "0"
|
45
|
+
version:
|
46
|
+
requirements:
|
47
|
+
- openssl
|
48
|
+
rubyforge_project:
|
49
|
+
rubygems_version: 1.1.0
|
50
|
+
signing_key:
|
51
|
+
specification_version: 2
|
52
|
+
summary: A way to encrypt/decrypt data using PKI
|
53
|
+
test_files: []
|
54
|
+
|