[ANN] cryptor 1.0.0: an easy-to-use multi-backend encryption library for Ruby
82 views
Skip to first unread message
Tony Arcieri
Jun 14, 2014, 7:26:49 PM6/14/14
to rbn...@googlegroups.com, ruby-talk ML
Cryptor is a multi-backend high-level encryption library for Ruby, partly inspired by tools like GPG and Google Keyczar:
https://github.com/cryptosphere/cryptor
Much like an audiophile soundsystem, Cryptor doesn't have a whole lot of knobs. Instead, all of the tough decisions have been made for you in advance by experts, providing a safe API that's simple and easy-to-use. Cryptor utilizes what's known as "authenticated encryption" exclusively, and supports two backends:
- RbNaCl: a Ruby binding to libsodium, a portable version of the state-of-the-art NaCl encryption library
- ActiveSupport::MessageEncryptor: a bespoke authenticated encryption scheme using AES-CBC and HMAC built on Ruby's OpenSSL extension
Here's an example of using Cryptor with the recommended "xsalsa20poly1305" cipher supplied by RbNaCl:
require 'cryptor'
require 'cryptor/symmetric_encryption/ciphers/message_encryptor'
secret_key = Cryptor::SymmetricEncryption.random_key(:xsalsa20poly1305)
cryptor = Cryptor::SymmetricEncryption.new(secret_key)
ciphertext = cryptor.encrypt(plaintext)
decrypted = cryptor.decrypt(ciphertext)
--
Tony Arcieri
https://github.com/cryptosphere/cryptor
Much like an audiophile soundsystem, Cryptor doesn't have a whole lot of knobs. Instead, all of the tough decisions have been made for you in advance by experts, providing a safe API that's simple and easy-to-use. Cryptor utilizes what's known as "authenticated encryption" exclusively, and supports two backends:
- RbNaCl: a Ruby binding to libsodium, a portable version of the state-of-the-art NaCl encryption library
- ActiveSupport::MessageEncryptor: a bespoke authenticated encryption scheme using AES-CBC and HMAC built on Ruby's OpenSSL extension
Here's an example of using Cryptor with the recommended "xsalsa20poly1305" cipher supplied by RbNaCl:
require 'cryptor'
require 'cryptor/symmetric_encryption/ciphers/message_encryptor'
secret_key = Cryptor::SymmetricEncryption.random_key(:xsalsa20poly1305)
cryptor = Cryptor::SymmetricEncryption.new(secret_key)
ciphertext = cryptor.encrypt(plaintext)
decrypted = cryptor.decrypt(ciphertext)
That's it!
Cryptor also supports key rotation, allowing multiple decryption keys to be active at the same time, but ensuring all new ciphertexts are produced by the newest, "active" key. This means that if keys are ever compromised, or you'd like to have a policy of rotating keys, you can easily update existing ciphertexts to be encrypted under a new key.
Cryptor uses the experimental ORDO message format for representing ciphertexts:
Future versions of Cryptor may support additional message formats like OpenPGP and JWE.
Cryptor only supports symmetric encryption at this time. Future versions may support asymmetric encryption using RbNaCl's "Box" encryption primitive (a.k.a. curve25519xsalsa20poly1305)
Enjoy!
--
Tony Arcieri
Reply all
Reply to author
Forward
0 new messages