YALTools::Crypt module provides encryption and decryption methods.
This module methods uses the common key file named sec_conf_file.
The sec_conf_file is the json format like as the following;
![[+]](../images/find.png "show/hide quicksearch"){kind=small}
{"sec_text":"xxxx_secret_keys_xxxx"}
The sec_conf_file.txt can be generated by a text editor. This is just an example for your convenience.
pass = YALTools::Crypt::gen_password YALTools::Crypt::save_crypt_password(pass, "sec_conf_file.txt")
plain_text = "plain_text"
text,salt = YALTools::Crypt::encrypt_text("sec_conf_file.txt", plain_text)
plain_text = YALTools::Crypt::decrypt_text("sec_conf_file.txt", salt, text)
The “salt” is the special eight-octet string which is required for encryption. If the same salt is used for encryption, the encrypted string will be the same.
To verify the encrypted string, you can set the default salt text. However, in production use, to use the automatic generated string is recommended.
In the decrypt_text method, the ENV[“YALTSALT”] is used as the salt text when the given salt is empty.
The salt string will be pack() or unpack() by template, “H*”. It means that the +salt.bytesize()+ should be 16.
returns the decrypted string.
If the “YALTSALT” envrionment variable is set, the ENV[“YALTSALT”] overwrites the salt variable.
# File yalt/crypt.rb, line 97
97: def decrypt_text(sec_conf_file, salt, text)
98: pass = load_crypt_password(sec_conf_file)
99: salt = salt.to_s if salt.respond_to?("to_s")
100: salt = ENV["YALTSALT"] if [salt].pack("H*").length != 8 and ENV.has_key?("YALTSALT")
101: salt = "" if salt == nil
102: n_salt = [salt].pack("H*")
103: n_text = [text].pack("H*")
104: enc = OpenSSL::Cipher.new('aes-256-cbc')
105: enc.decrypt
106: enc.pkcs5_keyivgen(pass.to_s, n_salt.to_s, 2048)
107: return enc.update(n_text) + enc.final
108: end
returns [encrypted_text, salt].
# File yalt/crypt.rb, line 81
81: def encrypt_text(sec_conf_file, plain_text, salt="")
82: pass = load_crypt_password(sec_conf_file)
83: salt = [salt.to_s].pack("H*") if salt.respond_to?("to_s")
84: salt = OpenSSL::Random.random_bytes(8) if salt.empty? or salt.length != 8
85: enc = OpenSSL::Cipher.new('aes-256-cbc')
86: enc.encrypt
87: enc.pkcs5_keyivgen(pass.to_s, salt.to_s, 2048)
88: e_text = enc.update(plain_text) + enc.final
89: return e_text.unpack("H*").join, salt.unpack("H*").join
90: end
returns a random string using the Digest::SHA2::hexdigest method. It aims to generate a default common key.
# File yalt/crypt.rb, line 55
55: def gen_password
56: raw_pass = ""
57: if FileTest.exist?('/dev/urandom')
58: open('/dev/urandom') do |f|
59: raw_pass += f.read(256).to_s
60: end
61: end
62: raw_pass += DateTime.now.inspect.to_s + (DateTime.now.strftime("%Q").to_i * rand).to_s
63: ## e.x.) raw_pass #=> "#<DateTime: 2011-01-26T13:31:18+09:00 (1697302210231950661/691200000000,3/8,2299161)>"
64: pass = Digest::SHA2::hexdigest(raw_pass)
65: return pass
66: end
writes the pass into the sec_conf_file by json format.
# File yalt/crypt.rb, line 70
70: def save_crypt_password(pass, sec_conf_file, perms=0600)
71: h = {}
72: h['sec_text'] = pass
73: open(sec_conf_file, "w", perms) do |f|
74: f.puts(h.to_json)
75: f.flush
76: end
77: end
returns the decrypted string.
If the “YALTSALT” envrionment variable is set, the ENV[“YALTSALT”] overwrites the salt variable.
# File yalt/crypt.rb, line 97
97: def decrypt_text(sec_conf_file, salt, text)
98: pass = load_crypt_password(sec_conf_file)
99: salt = salt.to_s if salt.respond_to?("to_s")
100: salt = ENV["YALTSALT"] if [salt].pack("H*").length != 8 and ENV.has_key?("YALTSALT")
101: salt = "" if salt == nil
102: n_salt = [salt].pack("H*")
103: n_text = [text].pack("H*")
104: enc = OpenSSL::Cipher.new('aes-256-cbc')
105: enc.decrypt
106: enc.pkcs5_keyivgen(pass.to_s, n_salt.to_s, 2048)
107: return enc.update(n_text) + enc.final
108: end
returns [encrypted_text, salt].
# File yalt/crypt.rb, line 81
81: def encrypt_text(sec_conf_file, plain_text, salt="")
82: pass = load_crypt_password(sec_conf_file)
83: salt = [salt.to_s].pack("H*") if salt.respond_to?("to_s")
84: salt = OpenSSL::Random.random_bytes(8) if salt.empty? or salt.length != 8
85: enc = OpenSSL::Cipher.new('aes-256-cbc')
86: enc.encrypt
87: enc.pkcs5_keyivgen(pass.to_s, salt.to_s, 2048)
88: e_text = enc.update(plain_text) + enc.final
89: return e_text.unpack("H*").join, salt.unpack("H*").join
90: end
returns a random string using the Digest::SHA2::hexdigest method. It aims to generate a default common key.
# File yalt/crypt.rb, line 55
55: def gen_password
56: raw_pass = ""
57: if FileTest.exist?('/dev/urandom')
58: open('/dev/urandom') do |f|
59: raw_pass += f.read(256).to_s
60: end
61: end
62: raw_pass += DateTime.now.inspect.to_s + (DateTime.now.strftime("%Q").to_i * rand).to_s
63: ## e.x.) raw_pass #=> "#<DateTime: 2011-01-26T13:31:18+09:00 (1697302210231950661/691200000000,3/8,2299161)>"
64: pass = Digest::SHA2::hexdigest(raw_pass)
65: return pass
66: end
It is for internal use only.
# File yalt/crypt.rb, line 114
114: def load_crypt_password(sec_conf_file)
115: JSON.parse(open(sec_conf_file, "r").read)['sec_text']
116: end
writes the pass into the sec_conf_file by json format.
# File yalt/crypt.rb, line 70
70: def save_crypt_password(pass, sec_conf_file, perms=0600)
71: h = {}
72: h['sec_text'] = pass
73: open(sec_conf_file, "w", perms) do |f|
74: f.puts(h.to_json)
75: f.flush
76: end
77: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.