Class: SafeDb::ToolBelt::Blowfish

Inherits:

Object

• Object
• SafeDb::ToolBelt::Blowfish

Defined in:

lib/utils/ciphers/blowfish.rb

Overview

Blowfish is a symmetric encryption cipher which inherits extends the Cipher base class in order to implement plug and play symmetric encryption.

Blowfish is still uncrackable - however its successor (TwoFish) has been reinforced to counter the growth of super-computer brute force resources.

Constant Summary

BLOWFISH_CIPHER_ID =

The blowfish cipher id constant is used to initialize an OpenSSL::Cipher class instance.

"BF-ECB"

BLOWFISH_BLOCK_LEN =

Blowfish constrains the length of incoming plain text forcing it to be a multiple of eight (8).

8

Class Method Summary

• .decryptor(cipher_text, decryption_key) ⇒ String

  Decrypt the cipher text parameter using the symmetric decryption key specified in the second parameter.

• .encryptor(plain_text, encryption_key) ⇒ String

  Encrypt the (plain) text parameter using the symmetric encryption key specified in the second parameter and return the base64 encoded representation of the cipher text.

Class Method Details

.decryptor(cipher_text, decryption_key) ⇒ String

Decrypt the cipher text parameter using the symmetric decryption key specified in the second parameter. The cipher text is expected to have already been decoded if necessary.

Its okay to use a bespoke encryptor - just ensure you encode the result and override the padding constant.

Blowfish is a block cipher meaning it needs both the key and the plain text inputted to conform to a divisible block length.

Don’t worry about this block length requirement as this decrption method takes care of the reversing the activities carried out by selfself.encryptor.

Parameters:

• cipher_text (String) —

  This incoming cipher text should already be encoded but it will chomped and stripped upon receipt followed by decryption using the Blowfish algorithm.

• decryption_key (String) —

  Send the same key that was used during the encryption phase. The encryption phase passed the key through the Digest::SHA256.digest digest so here the decryption does the exact same thing.

  The digest processing guarantees a symmetric key whose length conforms to the multiple of eight block length requirement.

Returns:

• (String) —

  After decoding and decryption the plain text string will still be padded, but not with spaces. The unlikely to occur padding string constant used is the Cipher::TEXT_PADDER.

  If the plaintext ended with spaces these would be preserved. After padder removal any trailing spaces will be preserved in the returned plain text.

# File 'lib/utils/ciphers/blowfish.rb', line 109

def self.decryptor cipher_text, decryption_key

  digested_key = Digest::SHA256.digest decryption_key

  decrypt_tool = OpenSSL::Cipher.new(BLOWFISH_CIPHER_ID).decrypt
  decrypt_tool.key = digested_key

  padded_plaintxt = decrypt_tool.update(cipher_text) << decrypt_tool.final
  pad_begin_index = padded_plaintxt.index CryptIO::TEXT_PADDER
  return padded_plaintxt if pad_begin_index.nil?
  return padded_plaintxt[ 0 .. (pad_begin_index-1) ]

end

.encryptor(plain_text, encryption_key) ⇒ String

Encrypt the (plain) text parameter using the symmetric encryption key specified in the second parameter and return the base64 encoded representation of the cipher text.

Blowfish is a block cipher meaning it needs both the key and the plain text inputted to conform to a divisible block length.

Don’t worry about this block length requirement as this encrption method takes care of it and its sister method selfself.decryptor will also perform the correct reversal activities to give you back the original plain text.

Base64.urlsafe_encode64 facilitates the ciphertext encoding returning text that is safe to write to a file.

Parameters:

• plain_text (String) —

  This parameter should be the non-nil text to encrypt using Blowfish. Before encryption the text will be padded using a text string from the Cipher::TEXT_PADDER constant until it results in a string with the required block length.

• encryption_key (String) —

  send a long strong unencoded key which does not have to be a multiple of eight even though the algorithm demands it. Before the encryption this key will be passed through a digest using behaviour from Digest::SHA256.digest

  This behaviour returns a key whose length is a multiple of eight.

Returns:

• (String) —

  base64 representation of blowfish crypted ciphertext

Raises:

• (OpenSSL::Cipher::CipherError) —

  An (encryption) key length too short error is raised for short keys.

# File 'lib/utils/ciphers/blowfish.rb', line 58

def self.encryptor plain_text, encryption_key

  shortkey_msg = "The #{encryption_key.length} character encryption key is too short."
  raise ArgumentError, shortkey_msg unless encryption_key.length > 8
  log.info(x) { "os blowfish request to encrypt plain text with provided key." }

  block_txt = plain_text
  block_txt += CryptIO::TEXT_PADDER until block_txt.bytesize % BLOWFISH_BLOCK_LEN == 0
  raw_stretched_key = Digest::SHA256.digest(encryption_key)

  blowfish_encryptor = OpenSSL::Cipher.new(BLOWFISH_CIPHER_ID).encrypt
  blowfish_encryptor.key = raw_stretched_key
  return blowfish_encryptor.update(block_txt) << blowfish_encryptor.final

end