Class: PKCS7::Cryptographer

Inherits:

Object

• Object
• PKCS7::Cryptographer

Includes:

Initializers

Defined in:

lib/pkcs7/cryptographer.rb,
lib/pkcs7/cryptographer/entity.rb,
lib/pkcs7/cryptographer/version.rb,
lib/pkcs7/cryptographer/initializers.rb

Overview

Cryptographer is an small utility that allows to encrypt and decrypt messages using PKCS7. PKCS7 is used to store signed and encrypted data. It uses aes-256-cbc as chipher in the encryption process. If you want to read more information about the involved data structures and theory around this, please visit:

• ruby-doc.org/stdlib-3.0.0/libdoc/openssl/rdoc/OpenSSL.html

• tools.ietf.org/html/rfc5652

Defined Under Namespace

Modules: Initializers Classes: Entity

Constant Summary

CYPHER_ALGORITHM =

CONSTANS

---

"aes-256-cbc"

VERSION =

"1.1.1"

Instance Method Summary

• #decrypt_and_verify(data:, key:, certificate:, public_certificate:, ca_store:) ⇒ String

  @description: Take some PKCS7 encrypted data, this method decrypt the data using the information given and verify the signature to ensure only is read by the intented audience.

• #sign_and_encrypt(data:, key:, certificate:, public_certificate:) ⇒ String

  @description: Take some string data, this method encrypts and sign the data using the information given.

• #sign_certificate(csr:, key:, certificate:, valid_until: Time.current + 10.years) ⇒ Object

Instance Method Details

#decrypt_and_verify(data:, key:, certificate:, public_certificate:, ca_store:) ⇒ String

@description: Take some PKCS7 encrypted data, this method decrypt the data using the information given and verify the signature to ensure only is read by the intented audience.

Parameters:

• data (String|OpenSSL::PKCS7)
• key (String|OpenSSL::PKey::RSA)
• certificate (String|OpenSSL::X509::Certificate)
• public_certificate (String|OpenSSL::X509::Certificate)
• ca_store (OpenSSL::X509::Store)

Returns:

• (String) —

  decrypted data

# File 'lib/pkcs7/cryptographer.rb', line 63

def decrypt_and_verify(
  data:,
  key:,
  certificate:,
  public_certificate:,
  ca_store:
)
  key = rsa_key(key)
  certificate = x509_certificate(certificate)
  public_certificate = x509_certificate(public_certificate)
  encrypted_data = pkcs7(data)
  decrypted_data = encrypted_data.decrypt(key, certificate)

  signed_data = OpenSSL::PKCS7.new(decrypted_data)
  verified = verified_signature?(signed_data, public_certificate, ca_store)

  return false unless verified

  signed_data.data
end

#sign_and_encrypt(data:, key:, certificate:, public_certificate:) ⇒ String

@description: Take some string data, this method encrypts and sign the data using the information given.

Parameters:

• data (String)
• key (String|OpenSSL::PKey::RSA)
• certificate (String|OpenSSL::X509::Certificate)
• public_certificate (String|OpenSSL::X509::Certificate)

Returns:

• (String) —

  encrypted data

# File 'lib/pkcs7/cryptographer.rb', line 37

def sign_and_encrypt(
  data:,
  key:,
  certificate:,
  public_certificate:
)
  key = rsa_key(key)
  certificate = x509_certificate(certificate)
  public_certificate = x509_certificate(public_certificate)
  signed_data = OpenSSL::PKCS7.sign(certificate, key, data)
  encrypted_data = encrypt(public_certificate, signed_data)

  encrypted_data.to_pem
end

#sign_certificate(csr:, key:, certificate:, valid_until: Time.current + 10.years) ⇒ Object

# File 'lib/pkcs7/cryptographer.rb', line 84

def sign_certificate(
  csr:,
  key:,
  certificate:,
  valid_until: Time.current + 10.years
)
  valid_until.to_time.utc
  check_csr(csr)

  sign_csr(csr, key, certificate, valid_until)
end