Skip to content

Instantly share code, notes, and snippets.

@knugie

knugie/decrypt.rb

Forked from equivalent/gist:b492f6779e99ee9defb2
Last active March 26, 2022 07:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save knugie/3f5467dcd984d70753a77fd4dde87313 to your computer and use it in GitHub Desktop.
Save knugie/3f5467dcd984d70753a77fd4dde87313 to your computer and use it in GitHub Desktop.
Download ZIP
WIP: Ruby AES Encryption using AES-256-CBC
Raw
decrypt.rb
require 'openssl'
# We use the AES 256 bit cipher-block chaining symetric encryption.
# AES 256 is virtually impenetrable using brute-force methods.
# However, CBC introduces a data integrity vulnerability (stream cipher attacks).
# We should use HMAC or GCM to mitigate the issue.
alg = 'aes-256-cbc'
cipher = OpenSSL::Cipher::Cipher.new(alg)
cipher.decrypt
################
# Public Input #
################
message64 = <<MESSAGE64
gHdbK53IhoYSSdIDuV7IsQ==
6epkHstK7bsoAblU22bg3uVBw2v9Qi7tFCb0KdAUfd7c2bbmEdVQ52wF/61H
W5M+Lsq3QWNEzDajd5Yox4KajQc97YRu4p5Dha2sdAfk/b1c3c8zupk3igmQ
L3wTj4QRC6xagX9YuTBBGmhFmhb+55QYe+CoihKAQYQfAg3vatHwoeXUBWtx
7dvZVbMXWmJm
MESSAGE64
##########
# SECRET #
##########
password = 'Pa$$w0rd!'
################################
# Extract iv and cipher text
if message
iv = message[0..15]
cipher = message[16..-1]
elsif message64
iv64 = message64.scan(/\A[^\n]*\n/)[0]
iv = iv64.unpack('m')[0]
cipher64 = message64[iv64.length..-1]
cipher = cipher64.unpack('m')[0]
end
key = Digest::SHA256.new.update(password).digest
cipher.key = key
cipher.iv = iv
plain_text = cipher.update(cipher) + cipher.final
#################
# Secret Output #
#################
puts plain
Raw
encrypt.rb
require 'openssl'
#####################################
# Encryption Algorithm and Security #
#####################################
# We use the AES 256 bit cipher-block chaining (CBC) symetric encryption.
# AES 256 is virtually impenetrable using brute-force methods. Thus, providing
# a high level of data confidentiality.
# However, CBC introduces a data integrity vulnerability (stream cipher attacks).
# To mitigate data integrity vulnerabilities, use HMAC or GCM, e.g. LINK
alg = 'aes-256-cbc' # list available ciphers: OpenSSL::Cipher.ciphers
cipher = OpenSSL::Cipher::Cipher.new(alg)
cipher.encrypt
################
# Secret Input #
################
plain_text = 'All the non-obvious zeros of the zeta function are complex numbers with real part 1/2.'
password = 'Pa$$w0rd!' # Please choose a strong password! Hackers don't break in – they log in ;-)
################
# Public Input #
################
# For security as part of the encryption algorithm, we create a random
# initialization vector. An initialization vector (iv) is used to prevent
# a sequence of text that is identical to a previous sequence from producing
# the same exact ciphertext when encrypted. It does not need to be kept secret.
iv = cipher.random_iv
################################################################################
# We use SHA256 as a key derivation function to get a 256 bit key from the initial password
key = Digest::SHA256.new.update(password).digest
raise 'Iv must have length 16' unless iv.length == 16
raise 'Set key' unless key
raise 'Key must have length 32' unless key.size == 32
# Now we do the actual setup of the cipher
cipher.key = key
cipher.iv = iv
cipher_text = cipher.update(plain) + cipher.final
message = iv + cipher_text
hex_message = (message).unpack('H*')[0]
#################
# Public Output #
#################
puts hex_message
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment