Class: SafeDb::ToolBelt::Aes256
- Inherits:
-
Object
- Object
- SafeDb::ToolBelt::Aes256
- Defined in:
- lib/utils/ciphers/aes-256.rb
Overview
Aes256 is a symmetric encryption cipher which inherits extends the Cipher base class in order to implement plug and play symmetric encryption.
Aes256 Symmetric Encrypt/Decrypt
To facilitate decryption - this cipher produces a key/value pair dictionary which will be stored along with the ciphertext itself. The dictionary includes
-
symmetric.cipher - the algorithm used to encrypt and decrypt
-
encryption.key - hex encoded key for encrypting and decrypting
-
initialize.vector - the initialization vector known as a IV (four)
Aes256 Implemented Methods
This cipher brings the cryptographic mathematics and implementation algorithms for the 256Bit Advanced Encryption Standard. No serious practical (nor theoretical) challenge has ever been mounted against this algorithm (or this implementation).
This class implements the below methods
-
do_symmetric_encryption(plain_text) - resulting in ciphertext
-
do_symmetric_decryption(ciphertext, encryption_dictionary) » plaintext
and it also sets the @dictionary hash (map) of pertinent key/value pairs including the encryption algorithm and encryption key.
That’s It. Cipher children can rely on the Cipher parent to do the nitty gritty of file-handling plus managing stores and paths.
Class Method Summary collapse
-
.do_decrypt(d_properties, cipher_text) ⇒ String
Use the AES 256 bit block cipher together with the encryption key, initialization vector (iv) and other data found within the decryption properties dictionary to symmetrically decrypt the cipher text.
-
.do_encrypt(e_properties, plain_text) ⇒ String
Use the AES 256 bit block cipher and a robust strong random key plus initialization vector (IV) to symmetrically encrypt the plain text.
Class Method Details
.do_decrypt(d_properties, cipher_text) ⇒ String
Use the AES 256 bit block cipher together with the encryption key, initialization vector (iv) and other data found within the decryption properties dictionary to symmetrically decrypt the cipher text.
This encrypt event in selfself.do_encrypt populated the property dictionary that was presumably serialized, stored, retrieved then deserialized and (at last) presented in the first parameter.
Cryptographic Properties
A crypt properties dictionary is the output from every encryption event and input to every decryption event. The most common properties include
-
the symmetric key used for the encryption and decryption
-
the iv (initialization vector) that adds another dimension of strength
-
authorization data that thwarts switch attacks by tying context to content
-
the cipher algorithm, its implementation and its encryption strength
-
the digest of the original message for validation purposes
115 116 117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/utils/ciphers/aes-256.rb', line 115 def self.do_decrypt d_properties, cipher_text decode_cipher = OpenSSL::Cipher::AES256.new(:CBC) decode_cipher.decrypt decode_cipher.key = Base64.urlsafe_decode64( d_properties[CryptIO::DICT_CRYPT_KEY] ) decode_cipher.iv = Base64.urlsafe_decode64( d_properties[CryptIO::DICT_CRYPT_IV] ) plain_text = decode_cipher.update( cipher_text ) + decode_cipher.final assert_digest_equivalence( d_properties[CryptIO::DICT_TEXT_DIGEST], plain_text ) return plain_text end |
.do_encrypt(e_properties, plain_text) ⇒ String
Use the AES 256 bit block cipher and a robust strong random key plus initialization vector (IV) to symmetrically encrypt the plain text.
Cryptographic Properties
This encrypt event populates key/value pairs to the hash (dictionary) instance given in the parameter.
A crypt properties dictionary acts as output from every encryption event and input to every decryption event. The most common properties include
-
the symmetric key used for the encryption and decryption
-
the iv (initialization vector) that adds another dimension of strength
-
authorization data that thwarts switch attacks by tying context to content
-
the cipher algorithm, its implementation and its encryption strength
-
the digest of the original message for validation purposes
65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/utils/ciphers/aes-256.rb', line 65 def self.do_encrypt e_properties, plain_text crypt_cipher = OpenSSL::Cipher::AES256.new(:CBC) crypt_cipher.encrypt plain_text_digest = Digest::SHA256.digest plain_text e_properties[CryptIO::DICT_CIPHER_NAME] = crypt_cipher.class.name e_properties[CryptIO::DICT_CRYPT_KEY] = Base64.urlsafe_encode64 crypt_cipher.random_key e_properties[CryptIO::DICT_CRYPT_IV] = Base64.urlsafe_encode64 crypt_cipher.random_iv e_properties[CryptIO::DICT_TEXT_DIGEST] = Base64.urlsafe_encode64 plain_text_digest return crypt_cipher.update( plain_text ) + crypt_cipher.final end |