Class: Arachni::Support::Crypto::RSA_AES_CBC

Inherits:

Object

• Object
• Arachni::Support::Crypto::RSA_AES_CBC

Defined in:

lib/arachni/support/crypto/rsa_aes_cbc.rb

Overview

Simple hybrid crypto class using RSA for public key encryption and AES with CBC for bulk data encryption/decryption.

RSA is used to encrypt the AES primitives which are used to encrypt the plaintext.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Instance Method Summary

• #decrypt(data) ⇒ String

  Decrypts data.

• #encrypt(data) ⇒ String

  Encrypts data and returns a Base64 representation of the ciphertext and AES CBC primitives encrypted using the public key.

• #initialize(public_pem, private_pem = nil) ⇒ RSA_AES_CBC constructor

  If only encryption is required the private key parameter can be omitted.

Constructor Details

#initialize(public_pem, private_pem = nil) ⇒ RSA_AES_CBC

If only encryption is required the private key parameter can be omitted.

Parameters:

• public_pem (String) —

  Location of the Public key in PEM format.

• private_pem (String) (defaults to: nil) —

  Location of the Private key in PEM format.

# File 'lib/arachni/support/crypto/rsa_aes_cbc.rb', line 29

def initialize( public_pem, private_pem = nil )
    @public_pem  = public_pem
    @private_pem = private_pem
end

Instance Method Details

#decrypt(data) ⇒ String

Decrypts data.

Parameters:

• data (String)

Returns:

• (String) —

  Plaintext.

# File 'lib/arachni/support/crypto/rsa_aes_cbc.rb', line 72

def decrypt( data )
    rsa = OpenSSL::PKey::RSA.new( File.read( @private_pem ) )

    # decrypt with 256 bit AES with CBC
    aes = OpenSSL::Cipher::Cipher.new( 'aes-256-cbc' )
    aes.decrypt

    # unencode and unserialize to get the primitives and ciphertext
    primitives = YAML::load( Base64.decode64( data ) )

    aes.key = rsa.private_decrypt( primitives['key'] )
    aes.iv  = rsa.private_decrypt( primitives['iv'] )

    plaintext = aes.update( primitives['ciphertext'] )
    plaintext << aes.final

    plaintext
end

#encrypt(data) ⇒ String

Encrypts data and returns a Base64 representation of the ciphertext and AES CBC primitives encrypted using the public key.

Parameters:

• data (String)

Returns:

• (String) —

  Base64 representation of the ciphertext and AES CBC primitives encrypted using the public key.

# File 'lib/arachni/support/crypto/rsa_aes_cbc.rb', line 42

def encrypt( data )
    rsa = OpenSSL::PKey::RSA.new( File.read( @public_pem ) )

    # encrypt with 256 bit AES with CBC
    aes = OpenSSL::Cipher::Cipher.new( 'aes-256-cbc' )
    aes.encrypt

    # use random key and IV
    aes.key = key = aes.random_key
    aes.iv  = iv  = aes.random_iv

    # this will hold all primitives and ciphertext
    primitives = {}

    primitives['ciphertext'] = aes.update( data )
    primitives['ciphertext'] << aes.final

    primitives['key'] = rsa.public_encrypt( key )
    primitives['iv']  = rsa.public_encrypt( iv )

    # serialize everything and base64 encode it
    Base64.encode64( primitives.to_yaml )
end