WIP: Ruby AES Encryption using AES-256-CBC

decrypt.rb

require 'openssl'

# We use the AES 256 bit cipher-block chaining symetric encryption.
# AES 256 is virtually impenetrable using brute-force methods.
# However, CBC introduces a data integrity vulnerability (stream cipher attacks).
# We should use HMAC or GCM to mitigate the issue.
alg = 'aes-256-cbc'
cipher = OpenSSL::Cipher::Cipher.new(alg)
cipher.decrypt

################
# Public Input #
################
message64 = <<MESSAGE64
gHdbK53IhoYSSdIDuV7IsQ==
6epkHstK7bsoAblU22bg3uVBw2v9Qi7tFCb0KdAUfd7c2bbmEdVQ52wF/61H
W5M+Lsq3QWNEzDajd5Yox4KajQc97YRu4p5Dha2sdAfk/b1c3c8zupk3igmQ
L3wTj4QRC6xagX9YuTBBGmhFmhb+55QYe+CoihKAQYQfAg3vatHwoeXUBWtx
7dvZVbMXWmJm
MESSAGE64

##########
# SECRET #
##########
password = 'Pa$$w0rd!'

################################
# Extract iv and cipher text
if message
  iv = message[0..15]
  cipher = message[16..-1]
elsif message64
  iv64 = message64.scan(/\A[^\n]*\n/)[0]
  iv = iv64.unpack('m')[0]
  cipher64 = message64[iv64.length..-1]
  cipher = cipher64.unpack('m')[0]
end


key = Digest::SHA256.new.update(password).digest

cipher.key = key
cipher.iv = iv
plain_text = cipher.update(cipher) + cipher.final

#################
# Secret Output #
#################
puts plain

encrypt.rb

require 'openssl'

#####################################
# Encryption Algorithm and Security #
#####################################
# We use the AES 256 bit cipher-block chaining (CBC) symetric encryption.
# AES 256 is virtually impenetrable using brute-force methods. Thus, providing
# a high level of data confidentiality.
# However, CBC introduces a data integrity vulnerability (stream cipher attacks).
# To mitigate data integrity vulnerabilities, use HMAC or GCM, e.g. LINK
alg = 'aes-256-cbc'  # list available ciphers: OpenSSL::Cipher.ciphers
cipher = OpenSSL::Cipher::Cipher.new(alg)
cipher.encrypt

################
# Secret Input #
################
plain_text = 'All the non-obvious zeros of the zeta function are complex numbers with real part 1/2.'
password = 'Pa$$w0rd!'  # Please choose a strong password! Hackers don't break in – they log in ;-)


################
# Public Input #
################
# For security as part of the encryption algorithm, we create a random
# initialization vector. An initialization vector (iv) is used to prevent
# a sequence of text that is identical to a previous sequence from producing
# the same exact ciphertext when encrypted. It does not need to be kept secret.
iv = cipher.random_iv


################################################################################
# We use SHA256 as a key derivation function to get a 256 bit key from the initial password
key = Digest::SHA256.new.update(password).digest


raise 'Iv must have length 16' unless iv.length == 16

raise 'Set key' unless key
raise 'Key must have length 32' unless key.size == 32

# Now we do the actual setup of the cipher
cipher.key = key
cipher.iv = iv


cipher_text = cipher.update(plain) + cipher.final

message = iv + cipher_text
hex_message = (message).unpack('H*')[0]

#################
# Public Output #
#################
puts hex_message