module SecurizeString::CipherMethods::ClassMethods
Adds class methods for OpenSSL::Cipher support, including AES encryption, via inclusion of SecurizeString::CipherMethods
into a class.
Public Instance Methods
A convenience method for generating a random key and init vector for AES encryption.
Defaults to a key length of 256.
# File lib/securize_string/cipher_methods.rb, line 54 def aes_keygen(key_len=256) return cipher_keygen("aes-#{key_len.to_i}-cbc") end
A convenience method for generating a key and init vector from a passphrase for AES encryption.
Defaults to a key length of 256.
# File lib/securize_string/cipher_methods.rb, line 62 def aes_passphrase_keygen(key_len, passphrase, salt, iterations=2048) return cipher_passphrase_keygen("aes-#{key_len.to_i}-cbc", passphrase, salt, iterations) end
A convenience method for generating random cipher keys and initialization vectors.
# File lib/securize_string/cipher_methods.rb, line 25 def cipher_keygen(cipher_name) cipher = OpenSSL::Cipher.new(cipher_name) cipher.encrypt return [cipher.random_key, cipher.random_iv].map {|s| self.new(s)} end
A convenience method for generating a cipher key from a passphrase using PKCS5 v2 standards. The key and the salt may be any string.
This also derives a predictable initialization vector from the given passphrase in a manor consistent with RFC2898, though it is better to generate a random IV with each encryption of the same data if possible.
Note that the OpenSSL::Cipher#pkcs5_keyivgen method is not PKCS5 v2 compliant, and therefore will not be implemented.
# File lib/securize_string/cipher_methods.rb, line 40 def cipher_passphrase_keygen(cipher_name, passphrase, salt, iterations=2048) # The first pits of a PBKDF2 are the same wether I build the key and IV # at once, but when an IV is built in the RFC2898 standards, they do it # this way. cipher = OpenSSL::Cipher.new(cipher_name.to_s) cipher.encrypt key_and_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(passphrase.to_s, salt.to_s, iterations.to_i, cipher.key_len+cipher.iv_len) return [key_and_iv[0,cipher.key_len], key_and_iv[cipher.key_len, cipher.iv_len]].map {|s| self.new(s)} end
Returns a list of supported ciphers. These can be passed directly into the cipher methods.
# File lib/securize_string/cipher_methods.rb, line 19 def supported_ciphers return OpenSSL::Cipher.ciphers end