Last active
September 25, 2015 04:49
-
-
Save donnoman/e8300503cd59b327a7cb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'openssl' | |
require 'securerandom' | |
require 'byebug' | |
# http://docs.ruby-lang.org/en/2.1.0/OpenSSL/Cipher.html#class-OpenSSL::Cipher-label-Authenticated+Encryption+and+Associated+Data+-28AEAD-29 | |
# http://security.stackexchange.com/questions/17044/when-using-aes-and-cbc-is-it-necessary-to-keep-the-iv-secret | |
ENV['ENCRYPTED_ATTRIBUTES_KEY']=SecureRandom.hex(40) #This isn't a real key used anywhere but it's representative | |
ENV['ENCRYPTED_ATTRIBUTES_ALGORITHM']='aes-256-gcm' | |
puts "Key" | |
puts ENV['ENCRYPTED_ATTRIBUTES_KEY'] | |
puts "Algorithm" | |
puts ENV['ENCRYPTED_ATTRIBUTES_ALGORITHM'] | |
puts "Data" | |
puts data = "139-929-0603" #this is gibberish data | |
# # this is bigger, gibberish data | |
# puts data = %Q{ | |
# Interface kilohertz normalizing, inversion log sampling adaptive internet kilohertz pc pulse remote bypass. For computer led, connectivity fragmentation bus, arrray. Partitioned patch patch n-tier solution, prototype fragmentation services dithering. Dithering bridgeware processor plasma indeterminate capacitance element digital, element disk bridgeware transponder recognition recognition controller. Potentiometer generator transmission interface data phaselock capacitance ethernet distributed reducer. Recognition bypass logistically deviation fragmentation device. | |
# | |
# Kilohertz developer metafile resistor cache converter reducer kilohertz processor coordinated n-tier data kilohertz n-tier. Phaselock ethernet, femtosecond, phaselock reducer processor extended disk cascading bridgeware system. Phaselock, log gigabyte, cascading metafile backbone, proxy metafile controller patch prompt dithering bridgeware system video. Recursive software read-only logistically echo, partitioned. With plasma prompt element, digital audio, floating-point data processor. N-tier indeterminate fragmentation silicon video femtosecond floating-point services system cache transistorized. Converter services extended patch, mainframe mainframe, reducer sequential phaselock transponder interface. | |
# } | |
cipher = OpenSSL::Cipher.new(ENV['ENCRYPTED_ATTRIBUTES_ALGORITHM']) | |
cipher.encrypt | |
cipher.key = ENV['ENCRYPTED_ATTRIBUTES_KEY'] | |
iv = cipher.random_iv | |
cipher.auth_data = "" | |
encrypted = cipher.update(data) + cipher.final | |
tag = cipher.auth_tag | |
stored_value = [iv,tag,encrypted] | |
puts "Stored" | |
puts stored_value.inspect | |
puts "Marshaled" | |
puts marshaled_value = Marshal.dump(stored_value).unpack('H*').first | |
puts "Marshaled length" | |
puts marshaled_value.length | |
# the value is now in whatever storage you intend. | |
unmarshaled_value = Marshal.load( [marshaled_value].pack('H*') ) | |
puts "Unmarshaled" | |
puts unmarshaled_value.inspect | |
decipher = OpenSSL::Cipher.new(ENV['ENCRYPTED_ATTRIBUTES_ALGORITHM']) | |
decipher.decrypt | |
decipher.key = ENV['ENCRYPTED_ATTRIBUTES_KEY'] | |
decipher.iv = unmarshaled_value[0] | |
decipher.auth_tag = unmarshaled_value[1] | |
decipher.auth_data = "" | |
puts "Plain" | |
puts plain = (decipher.update(unmarshaled_value[2]) + decipher.final) | |
puts "Matches?" | |
puts data == plain |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment