[英]Ruby equivalent of PHP openssl_seal
Does anyone know if ruby implements something similar to the openssl_seal function from PHP? 有谁知道ruby是否实现了类似于PHP的openssl_seal函数的功能? I'd like to be able to interact with a server running a modified implementation of this answer .
我希望能够与运行此答案的修改实现的服务器进行交互。 The PHP solution is pretty simple and it'd be great if I could find something for Ruby to do the same.
PHP解决方案非常简单,如果我能找到一些让Ruby做到这一点的方法,那就太好了。
Somebody was looking for the same for python a year ago, but didn't find anything. 一年前有人在为python寻找相同的东西,但没有找到任何东西。
The PHP documentation is a bit unclear on what openssl_seal
does exactly, however its source is pretty short (look for PHP_FUNCTION(openssl_seal)
in ext/openssl/openssl.c
, online here at http://svn.php.net/viewvc/php/php-src/trunk/ext/openssl/openssl.c?view=markup ). PHP文档尚不清楚
openssl_seal
确切功能,但是其来源很短(请在ext/openssl/openssl.c
查找PHP_FUNCTION(openssl_seal)
,在线此处http://svn.php.net/viewvc/ php / php-src / trunk / ext / openssl / openssl.c?view = markup )。
It's a wrapper on an EVP_SealIinit()
, EVP_Seal_Update()
, EVP_Seal_Final()
sequence (see http://www.openssl.org/docs/crypto/EVP_SealInit.html ). 它是
EVP_SealIinit()
, EVP_Seal_Update()
, EVP_Seal_Final()
序列的包装(请参见http://www.openssl.org/docs/crypto/EVP_SealInit.html )。 As far as I can see those OpenSSL functions are not exposed by the OpenSSL Ruby module, nor by the openssl
command line tool, so if you really want to pursue this road I guess you are down to two options: 据我所知,OpenSSL Ruby模块或
openssl
命令行工具都未公开这些OpenSSL函数,因此,如果您真的想走这条路,我想您有两种选择:
EVP_Seal does simple wrapping with RSA so you can do it manually with OpenSSL features. EVP_Seal使用RSA进行简单包装,因此您可以使用OpenSSL功能手动进行包装。
Here's a PHP script that does seal with 1 cert: 这是一个使用1个证书密封的PHP脚本:
<?php
$pubkey = openssl_pkey_get_public(file_get_contents('selfcert.pem'));
$message = 'hello,world';
$cipher_text = NULL;
$keys = NULL;
openssl_seal($message, $cipher_text, $keys, array($pubkey));
$file = fopen('wrapped.bin', 'wb');
fwrite($file, $keys[0]);
fclose($file);
$file = fopen('data.bin', 'wb');
fwrite($file, $cipher_text);
fclose($file);
?>
and a Ruby script that unseal it: 和一个解封它的Ruby脚本:
require 'openssl'
wrapped = File.read('wrapped.bin')
cipher_text = File.read('data.bin')
privkey = OpenSSL::PKey::RSA.new(File.read('privkey.pem'))
key = privkey.private_decrypt(wrapped)
cipher = OpenSSL::Cipher.new('rc4')
cipher.decrypt
cipher.key = key
p cipher.update(cipher_text) + cipher.final
You can do 'seal' with Ruby as well but creating secure session key (RC4 key for this example) is rather difficult so you'd better not try to do by yourself. 您也可以使用Ruby进行“密封”,但是创建安全的会话密钥(在此示例中为RC4密钥)相当困难,因此最好不要尝试自己做。
Envelope encryption does two things: 信封加密有两件事:
It'd be nice if this was in Ruby's bindings to OpenSSL, but you can do this yourself. 如果这是在Ruby与OpenSSL的绑定中,那会很好,但是您可以自己执行此操作。 Essentially what you do is:
本质上,您要做的是:
At this point, to decrypt the CT to PT, you need both K1 and the IV. 此时,要将CT解密为PT,需要K1和IV。 We need to transfer K1 in a secure fashion:
我们需要以安全的方式转移K1:
The consumer now needs to reverse the process. 消费者现在需要逆转该过程。 The ultimate goal is to turn the ciphertext (CT) back into plaintext (PT).
最终目标是将密文(CT)转换回纯文本(PT)。 To do that we need to undo the symmetric encryption done using K1.
为此,我们需要撤消使用K1完成的对称加密。
Something like this should do the trick: https://gist.github.com/1899731 这样的事情应该可以解决这个问题: https : //gist.github.com/1899731
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.