emboss

require 'socket'
require 'openssl'

class MyServer
 
  DHParam = OpenSSL::PKey::DH.new(128)

  TEST_KEY_RSA1024 = OpenSSL::PKey::RSA.new <<-_end_of_pem_
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx

emboss

p ="password"
#according to PKCS#5, should be at least 8 bytes. Public information, can be stored along with the pwd.
s = OpenSSL::Random.random_bytes(16) 
c = 20000 # varies depending on how fast the system is, tweak until it takes "long enough"
digest = OpenSSL::Digest::SHA256.new
#should be >= the output size of the underlying hash function, but ">" doesn't improve security (says PKCS#5)
dk_len = digest.digest_length

#store the result for new passwords 
value = OpenSSL::PKCS5.pbkdf2_hmac(p, s, c, dk_len, digest)

emboss

require 'openssl'
require 'base64'

rsa = OpenSSL::PKey::RSA.new(2048)
modulus = rsa.n
exponent = rsa.e

oid = OpenSSL::ASN1::ObjectId.new("rsaEncryption")
alg_id = OpenSSL::ASN1::Sequence.new([oid, OpenSSL::ASN1::Null.new(nil)])
ary = [OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]

emboss

require 'openssl'

data = "lesecret" * 10
cipher = OpenSSL::Cipher::AES256.new("CBC")
key = OpenSSL::Random.random_bytes(cipher.key_len)
cipher.encrypt
cipher.key = key

enc = cipher.update(data) + cipher.final

emboss

require 'openssl'

data = "letest" * 10

cipher = OpenSSL::Cipher::AES128.new('CBC')
cipher.encrypt
key = OpenSSL::Random.random_bytes(cipher.key_len)
cipher.key = key
cipher.iv = "OpenSSL for Ruby rulez!"

emboss

require 'net/http'
require 'openssl'

#VeriSign root
root = OpenSSL::X509::Certificate.new <<-EOF
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV

emboss

I looked into http://grothoff.org/christian/esed.pdf when I found that
they produce a RIPEMD-160 hash to generate a key from 128 bits and take
the rest for the IV. 

You could use a similar approach to generate key and IV where the IV is 
independent (somewhat) of the key by using a non-salted key derivation 
function that is normally used in Diffie-Hellman-like Key Exchange 
protocols. They are used to generate arbitrary-length output from an 
initial fixed-size output. (see the KDFs in http://www.di-mgt.com.au/cryptoKDFs.html) 
The salt is not needed in our case, since the underlying data (the 

emboss

Krypt Asn.1 decoding performance for Rubinius, JRuby and CRuby

****** Rubinius ******

[martin@localhost krypt]$ rbx -X19 -v
rubinius 2.0.0dev (1.9.3 b976944f yyyy-mm-dd JI) [x86_64-unknown-linux-gnu]
[martin@localhost krypt]$ rbx -X19 -Ilib -I../krypt-core/lib bm/bm_asn1.rb
                                                    user     system      total        real
Krypt::Asn1.decode String(n=1000)                 0.002000   0.000000   0.002000 (  0.002414)
OpenSSL::Asn1.decode String(n=1000)               0.254962   0.006999   0.261961 (  0.508823)

emboss

Hiroshi Nakamura has been with Ruby from the very
beginning, when it was still unknown outside of Japan.
He's the only one who is a core member on two Ruby
implementations (afaik), CRuby and JRuby, and he's
also a significant contributor to very important
gems/extensions: OpenSSL, jruby-ossl and httpclient
were authored by him, Webrick is maintained by him
and he has contributed to numerous others. He's also
one of the driving forces behind
https://bugs.ruby-lang.org/projects/ruby/wiki/StdlibGem

emboss

Ruby 1.9.3-pXXX is released.

This release include a security fixes of the Ruby OpenSSL extension.
And many bugs are fixed in this release.

* Fixed: LLVM/clang support [Bug #5076]
* Fixed: GCC 4.7 support [Bug #5851]


* Fixed: Allow "0/n splitting" as a prevention for the TLS BEAST attack [Bug #5353]