class Eco::Data::Crypto::OpenSSL

Constants

BLOCK_OCTETS
DEFAULT_KEY_LENGTH
DEFAULT_RSA_LENGTH
SALT_LENGTH
SALT_SEED

Attributes

cipher[R]
digest[R]
kdf[R]
pkcs5[R]
rsa[R]
salt[R]
salt_seed[RW]

Public Class Methods

new(init = {}) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 80
def initialize(init = {})
  @digest = ::OpenSSL::Digest
  @pkcs5 = ::OpenSSL::PKCS5
  #@kdf = ::OpenSSL::KDF
  @cipher = ::OpenSSL::Cipher
  self.salt_seed = SALT_SEED
  @rsa = ::OpenSSL::PKey::RSA
end

Public Instance Methods

aes256_decrypt(data, key: , iv: , block_octets: BLOCK_OCTETS) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 152
def aes256_decrypt(data, key: , iv: , block_octets: BLOCK_OCTETS)
  block_bits = block_bits * 8
  #validation = encrypted_data && encrypted_data.key && encrypted_data.iv
  # return nil unless validation
  cipher = @cipher.new('aes-256-cbc')
  cipher.decrypt
  cipher.key = key
  cipher.iv  = iv
  #cipher.key = encrypted_data.key
  #cipher.iv = encrypted_data.iv
  #str_c = encrypted_data.content
  str_c = data
  str = ""
  while str_c.length > 0
    str += cipher.update(str_c.slice!(0, block_bits))
    #puts str[-50..-1] || str
  end
  str += cipher.final
  return str
end
aes256_encrypt(data, key: nil, iv: nil, block_octets: BLOCK_OCTETS) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 130
def aes256_encrypt(data, key: nil, iv: nil, block_octets: BLOCK_OCTETS)
  block_bits = block_bits * 8
  cipher = @cipher.new('aes-256-cbc')
  cipher.encrypt

  if key ; cipher.key = key
  else   ; key = cipher.random_key
  end
  if iv  ; cipher.iv = iv
  else   ; iv = cipher.random_iv
  end

  str_c = ""
  while str.length > 0
    str_c += cipher.update(str.slice!(0, block_bits))
  end
  str_c += cipher.final
  return str_c
  #EncryptedData.new({content: str_c, key: key, iv: iv})


end
aes256_pass(pass) click to toggle source
def scrypt (pass, salt: @salt, cost: 14, length: DEFAULT_KEY_LENGTH)
  block_size = 8
  parallelization = 1
  octets = length.div(8)
  @kdf.scrypt(pass, salt: salt, N: 2**cost, r: block_size, p: parallelization, length: octets)
end

end

# File lib/eco/data/crypto/encryption.rb, line 127
def aes256_pass(pass)
  self.pbkdf2(pass, length: 256)
end
pbkdf2(pass, salt: @salt || "salt", iterations: 1000, length: DEFAULT_KEY_LENGTH, hash: "sha256") click to toggle source

default hmac hash to “sha256” -> github.com/hueniverse/iron/issues/55

# File lib/eco/data/crypto/encryption.rb, line 105
def pbkdf2 (pass, salt: @salt || "salt", iterations: 1000, length: DEFAULT_KEY_LENGTH, hash: "sha256")
  octets = length.div(8)
  #puts "this has been called"
  #puts "pass: #{pass}"
  #puts "salt: #{salt}"
  #puts "iterations: #{iterations}"
  #puts "length: #{length}"
  #puts "hash: #{hash}"
  @pkcs5.pbkdf2_hmac(pass, salt, iterations, octets, hash)
end
pbkdf2_sha1(pass, salt: @salt, iterations: 1000, length: DEFAULT_KEY_LENGTH) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 115
def pbkdf2_sha1 (pass, salt: @salt, iterations: 1000, length: DEFAULT_KEY_LENGTH)
  #self.pbkdf2(pass, salt: salt, iterations: iternations, length: length, hash: "sha1")
  @pkcs5.pbkdf2_hmac(pass, salt, iterations, octets, "sha1")
end
rsa_keygen(length = DEFAULT_RSA_LENGTH, filename: "rsa") click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 172
def rsa_keygen(length = DEFAULT_RSA_LENGTH, filename: "rsa")
  filename = "rsa" if !filename
  key =  @rsa.new(length)
  File.open('./' + filename + '.pem',"w") {|fd| fd << key.to_pem }
  File.open('./' + filename + '.pub',"w") {|fd| fd << key.public_key.to_pem }
end
rsa_keygen_ssh(length = DEFAULT_RSA_LENGTH, filename: "rsa") click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 178
def rsa_keygen_ssh(length = DEFAULT_RSA_LENGTH, filename: "rsa")
  # to do conersion pem to ssh-rsa: https://stackoverflow.com/a/3162593/4352306
  # conversion explained here: http://blog.oddbit.com/2011/05/08/converting-openssh-public-keys/
  # much simpler developed in php here: https://stackoverflow.com/a/5524323/4352306
  filename = "rsa" if !filename
  key =  @rsa.new(length)
  File.open('./' + filename + '.der',"w") {|fd| fd << key.ssh_type }
  File.open('./' + filename + '.pub',"w") {|fd| fd << key.public_key.ssh_type }
end
rsa_keypairs?(private_key, public_key) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 187
def rsa_keypairs?(private_key, public_key)
  str_original = "See, my mule don’t like people laughing"

  pub_key = @rsa.new(public_key)
  str_original.force_encoding(Encoding::UTF_8)
  encrypted_data = Base64.encode64(pub_key.public_encrypt(str_original))

  priv_key = @rsa.new(private_key)
  begin # see here: https://stackoverflow.com/a/13251160/4352306 (padding error when false pub key)
    decrypted_data = priv_key.private_decrypt(Base64.decode64(encrypted_data))
    # OpenSSL core Ruby library is written in C which uses different encoding (ASCII-8BIT)
    # that's why we force UTF-8 encoding (before and after encryption)
    # see this answer: https://stackoverflow.com/a/27326915/4352306
    decrypted_data.force_encoding(Encoding::UTF_8)
  rescue
    return false
  end

  puts "encrypted string: #{str_original}"
  puts "decrypted string: #{decrypted_data}"
  return (decrypted_data == str_original)
end
salt_seed=(value) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 88
def salt_seed=(value)
  @salt_seed = value
  @salt = self.pbkdf2(@salt_seed, salt: @salt_seed, length: SALT_LENGTH)
end
sha256(str = nil) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 92
def sha256 (str = nil)
  sha = @digest.SHA256.new
  digest = sha.digest(str) unless !str
  sha.reset
  digest
end
sha512(str = nil) click to toggle source
# File lib/eco/data/crypto/encryption.rb, line 98
def sha512 (str = nil)
  sha = @digest.SHA512.new
  digest = sha.digest(str) unless !str
  sha.reset
  digest
end