class PKCS7::Cryptographer
Cryptographer
is an small utility that allows to encrypt and decrypt messages using PKCS7
. PKCS7
is used to store signed and encrypted data. It uses aes-256-cbc as chipher in the encryption process. If you want to read more information about the involved data structures and theory around this, please visit:
Constants
- VERSION
Public Instance Methods
@description: Take some PKCS7
encrypted data, this method decrypt the data using the information given and verify the signature to ensure only is read by the intented audience. @param [String|OpenSSL::PKCS7] data @param [String|OpenSSL::PKey::RSA] key @param [String|OpenSSL::X509::Certificate] certificate @param [String|OpenSSL::X509::Certificate] public_certificate @param [OpenSSL::X509::Store] ca_store @return [String] decrypted data
# File lib/pkcs7/cryptographer.rb, line 58 def decrypt_and_verify( data:, key:, certificate:, public_certificate:, ca_store: ) key = rsa_key(key) certificate = x509_certificate(certificate) public_certificate = x509_certificate(public_certificate) encrypted_data = pkcs7(data) decrypted_data = encrypted_data.decrypt(key, certificate) signed_data = OpenSSL::PKCS7.new(decrypted_data) verified = verified_signature?(signed_data, public_certificate, ca_store) return false unless verified signed_data.data end
@description: Take some string data, this method encrypts and sign the data using the information given. @param [String] data @param [String|OpenSSL::PKey::RSA] key @param [String|OpenSSL::X509::Certificate] certificate @param [String|OpenSSL::X509::Certificate] public_certificate @return [String] encrypted data
# File lib/pkcs7/cryptographer.rb, line 32 def sign_and_encrypt( data:, key:, certificate:, public_certificate: ) key = rsa_key(key) certificate = x509_certificate(certificate) public_certificate = x509_certificate(public_certificate) signed_data = OpenSSL::PKCS7.sign(certificate, key, data) encrypted_data = encrypt(public_certificate, signed_data) encrypted_data.to_pem end
Private Instance Methods
# File lib/pkcs7/cryptographer.rb, line 81 def encrypt(public_certificate, signed_data) OpenSSL::PKCS7.encrypt( [public_certificate], signed_data.to_der, OpenSSL::Cipher.new("aes-256-cbc"), OpenSSL::PKCS7::BINARY ) end
# File lib/pkcs7/cryptographer.rb, line 90 def verified_signature?(signed_data, public_certificate, ca_store) signed_data.verify( [public_certificate], ca_store, nil, OpenSSL::PKCS7::NOINTERN | OpenSSL::PKCS7::NOCHAIN ) end