543
571
mOSSL = rb_define_module("OpenSSL"); /* let rdoc know about mOSSL */
574
/* Document-class: OpenSSL::Cipher
576
* Provides symmetric algorithms for encryption and decryption. The
577
* algorithms that are available depend on the particular version
578
* of OpenSSL that is installed.
580
* === Listing all supported algorithms
582
* A list of supported algorithms can be obtained by
584
* puts OpenSSL::Cipher.ciphers
586
* === Instantiating a Cipher
588
* There are several ways to create a Cipher instance. Generally, a
589
* Cipher algorithm is categorized by its name, the key length in bits
590
* and the cipher mode to be used. The most generic way to create a
591
* Cipher is the following
593
* cipher = OpenSSL::Cipher.new('<name>-<key length>-<mode>')
595
* That is, a string consisting of the hyphenated concatenation of the
596
* individual components name, key length and mode. Either all uppercase
597
* or all lowercase strings may be used, for example:
599
* cipher = OpenSSL::Cipher.new('AES-128-CBC')
601
* For each algorithm supported, there is a class defined under the
602
* Cipher class that goes by the name of the cipher, e.g. to obtain an
603
* instance of AES, you could also use
605
* # these are equivalent
606
* cipher = OpenSSL::Cipher::AES.new(128, :CBC)
607
* cipher = OpenSSL::Cipher::AES.new(128, 'CBC')
608
* cipher = OpenSSL::Cipher::AES.new('128-CBC')
610
* Finally, due to its wide-spread use, there are also extra classes
611
* defined for the different key sizes of AES
613
* cipher = OpenSSL::Cipher::AES128.new(:CBC)
614
* cipher = OpenSSL::Cipher::AES192.new(:CBC)
615
* cipher = OpenSSL::Cipher::AES256.new(:CBC)
617
* === Choosing either encryption or decryption mode
619
* Encryption and decryption are often very similar operations for
620
* symmetric algorithms, this is reflected by not having to choose
621
* different classes for either operation, both can be done using the
622
* same class. Still, after obtaining a Cipher instance, we need to
623
* tell the instance what it is that we intend to do with it, so we
624
* need to call either
632
* on the Cipher instance. This should be the first call after creating
633
* the instance, otherwise configuration that has already been set could
634
* get lost in the process.
638
* Symmetric encryption requires a key that is the same for the encrypting
639
* and for the decrypting party and after initial key establishment should
640
* be kept as private information. There are a lot of ways to create
641
* insecure keys, the most notable is to simply take a password as the key
642
* without processing the password further. A simple and secure way to
643
* create a key for a particular Cipher is
645
* cipher = OpenSSL::AES256.new(:CFB)
647
* key = cipher.random_key # also sets the generated key on the Cipher
649
* If you absolutely need to use passwords as encryption keys, you
650
* should use Password-Based Key Derivation Function 2 (PBKDF2) by
651
* generating the key with the help of the functionality provided by
652
* OpenSSL::PKCS5.pbkdf2_hmac_sha1 or OpenSSL::PKCS5.pbkdf2_hmac.
654
* Although there is Cipher#pkcs5_keyivgen, its use is deprecated and
655
* it should only be used in legacy applications because it does not use
656
* the newer PKCS#5 v2 algorithms.
660
* The cipher modes CBC, CFB, OFB and CTR all need an "initialization
661
* vector", or short, IV. ECB mode is the only mode that does not require
662
* an IV, but there is almost no legitimate use case for this mode
663
* because of the fact that it does not sufficiently hide plaintext
664
* patterns. Therefore
666
* <b>You should never use ECB mode unless you are absolutely sure that
667
* you absolutely need it</b>
669
* Because of this, you will end up with a mode that explicitly requires
670
* an IV in any case. Note that for backwards compatibility reasons,
671
* setting an IV is not explicitly mandated by the Cipher API. If not
672
* set, OpenSSL itself defaults to an all-zeroes IV ("\\0", not the
673
* character). Although the IV can be seen as public information, i.e.
674
* it may be transmitted in public once generated, it should still stay
675
* unpredictable to prevent certain kinds of attacks. Therefore, ideally
677
* <b>Always create a secure random IV for every encryption of your
680
* A new, random IV should be created for every encryption of data. Think
681
* of the IV as a nonce (number used once) - it's public but random and
682
* unpredictable. A secure random IV can be created as follows
686
* key = cipher.random_key
687
* iv = cipher.random_iv # also sets the generated IV on the Cipher
689
* Although the key is generally a random value, too, it is a bad choice
690
* as an IV. There are elaborate ways how an attacker can take advantage
691
* of such an IV. As a general rule of thumb, exposing the key directly
692
* or indirectly should be avoided at all cost and exceptions only be
693
* made with good reason.
695
* === Calling Cipher#final
697
* ECB (which should not be used) and CBC are both block-based modes.
698
* This means that unlike for the other streaming-based modes, they
699
* operate on fixed-size blocks of data, and therefore they require a
700
* "finalization" step to produce or correctly decrypt the last block of
701
* data by appropriately handling some form of padding. Therefore it is
702
* essential to add the output of OpenSSL::Cipher#final to your
703
* encryption/decryption buffer or you will end up with decryption errors
706
* Although this is not really necessary for streaming-mode ciphers, it is
707
* still recommended to apply the same pattern of adding the output of
708
* Cipher#final there as well - it also enables you to switch between
709
* modes more easily in the future.
711
* === Encrypting and decrypting some data
713
* data = "Very, very confidential data"
715
* cipher = OpenSSL::Cipher::AES.new(128, :CBC)
717
* key = cipher.random_key
718
* iv = cipher.random_iv
720
* encrypted = cipher.update(data) + cipher.final
722
* decipher = OpenSSL::Cipher::AES.new(128, :CBC)
727
* plain = decipher.update(encrypted) + decipher.final
729
* puts data == plain #=> true
545
732
cCipher = rb_define_class_under(mOSSL, "Cipher", rb_cObject);
546
733
eCipherError = rb_define_class_under(cCipher, "CipherError", eOSSLError);