import rubykaigi2006

Author: nahi

rubykaigi2006/1_basic/11_encryption/111_aes+ecb/Rakefile

@@ -0,0 +1,9 @@
+require 'rake/clean'
+
+CLEAN.include('*.bin')
+
+task :default => 'seckey.bin'
+
+file 'seckey.bin' do
+  load 'generatekey.rb'
+end

rubykaigi2006/1_basic/11_encryption/111_aes+ecb/decrypt.rb

@@ -0,0 +1,14 @@
+require 'openssl'
+
+# load SECRET key
+key = File.read("seckey.bin")
+
+# create AES engine
+cipher = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
+
+# initialize
+cipher.decrypt
+cipher.key = key
+
+# decryption
+print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/111_aes+ecb/encrypt.rb

@@ -0,0 +1,15 @@
+require 'openssl'
+
+# load SECRET key
+key = File.read("seckey.bin")
+
+# create AES engine
+# 128/192/256 must match key length (bits)
+cipher = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
+
+# initialize
+cipher.encrypt
+cipher.key = key
+
+# encryption
+print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/111_aes+ecb/generatekey.rb

@@ -0,0 +1,9 @@
+require 'openssl'
+
+puts 'create 128 bit random key for AES'
+key = OpenSSL::Random.random_bytes(128/8)
+
+File.open("seckey.bin", "wb") do |file|
+  file << key
+end
+puts 'wrote seckey.bin'

rubykaigi2006/1_basic/11_encryption/112_aes+cbc/Rakefile

@@ -0,0 +1,9 @@
+require 'rake/clean'
+
+CLEAN.include('*.bin')
+
+task :default => 'seckey.bin'
+
+file 'seckey.bin' do
+  load 'generatekey.rb'
+end

rubykaigi2006/1_basic/11_encryption/112_aes+cbc/decrypt.rb

@@ -0,0 +1,18 @@
+require 'openssl'
+
+# load SECRET key
+key = File.read("seckey.bin")
+
+# create AES engine
+cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+
+# load iv from the begining of cipher
+iv = ARGF.read(16)
+
+# initialize
+cipher.decrypt
+cipher.key = key
+cipher.iv = iv
+
+# decryption
+print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/112_aes+cbc/encrypt.rb

@@ -0,0 +1,24 @@
+require 'openssl'
+
+# load SECRET key
+key = File.read("seckey.bin")
+
+# create AES engine
+# 128/192/256 must match key length (bits)
+cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+
+# create IV(initial vector)
+# 16 bytes == 128 bits is a block length
+# AES is a 128 bit block cipher
+iv = OpenSSL::Random.random_bytes(16)
+
+# initialize
+cipher.encrypt
+cipher.key = key
+cipher.iv = iv
+
+# iv is needed for decryption
+print iv
+
+# encryption
+print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/112_aes+cbc/generatekey.rb

@@ -0,0 +1,9 @@
+require 'openssl'
+
+puts 'create 256 bit random key for AES'
+key = OpenSSL::Random.random_bytes(256/8)
+
+File.open("seckey.bin", "wb") do |file|
+  file << key
+end
+puts 'wrote seckey.bin'

rubykaigi2006/1_basic/11_encryption/113_aespassword/Rakefile

@@ -0,0 +1,13 @@
+require 'rake/clean'
+
+CLEAN.include('*.bin')
+CLEAN.include('password.txt')
+
+task :default => 'password.txt'
+
+file 'password.txt' do
+  puts 'type password'
+  File.open('password.txt', 'wb') do |file|
+    file << STDIN.gets
+  end
+end

rubykaigi2006/1_basic/11_encryption/113_aespassword/decrypt.rb

@@ -0,0 +1,15 @@
+require 'openssl'
+
+# load password
+password = File.read("password.txt")
+
+# create AES engine
+cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+
+# initialize
+cipher.decrypt
+# calc key and IV from password
+cipher.pkcs5_keyivgen(password)
+
+# decryption
+print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/113_aespassword/encrypt.rb

@@ -0,0 +1,15 @@
+require 'openssl'
+
+# load password
+password = File.read("password.txt")
+
+# create AES engine
+cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+
+# initialize
+cipher.encrypt
+# calc key and IV from password
+cipher.pkcs5_keyivgen(password)
+
+# encryption
+print cipher.update(ARGF.read) + cipher.final

rubykaigi2006/1_basic/11_encryption/114_plainrsa/encrypt.rb

@@ -0,0 +1,38 @@
+require 'openssl'
+
+# it's just a proof of concept
+
+# RSA public key calculation
+# c = m ^ e (mod n)
+def rsa_public(input, n, e)
+  input_bn = OpenSSL::BN.new(input.to_s)
+  n_bn = OpenSSL::BN.new(n.to_s)
+  e_bn = OpenSSL::BN.new(e.to_s)
+  (input_bn.mod_exp(e_bn, n_bn)).to_i
+end
+
+# RSA private key calculation
+# s = m ^ d (mod n)
+def rsa_private(input, n, d)
+  input_bn = OpenSSL::BN.new(input.to_s)
+  n_bn = OpenSSL::BN.new(n.to_s)
+  d_bn = OpenSSL::BN.new(d.to_s)
+  (input_bn.mod_exp(d_bn, n_bn)).to_i
+end
+
+# test key
+e = 3
+d = 7
+n = 33
+
+# encryption and decryption sample
+plain = 13
+p ['plain', plain]
+
+# sender knows n and e (PUBLIC key)
+cipher = rsa_public(plain, n, e)
+p ['cipher', cipher]
+
+# receiver knows n and d (PRIVATE key)
+decrypted = rsa_private(cipher, n, d)
+p ['decrypted', decrypted]

rubykaigi2006/1_basic/11_encryption/115_rsa/Rakefile

@@ -0,0 +1,14 @@
+require 'rake/clean'
+
+CLEAN.include('*.bin')
+CLEAN.include('*.pem')
+
+task :default => ['privkey.pem', 'pubkey.pem']
+
+file 'pubkey.pem' do
+  load 'generatekey.rb'
+end
+
+file 'privkey.pem' do
+  load 'generatekey.rb'
+end

rubykaigi2006/1_basic/11_encryption/115_rsa/decrypt.rb

@@ -0,0 +1,8 @@
+require 'openssl'
+
+# load PRIVATE key
+privkey =
+  OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
+
+# decryption
+print privkey.private_decrypt(ARGF.read)

rubykaigi2006/1_basic/11_encryption/115_rsa/encrypt.rb

@@ -0,0 +1,9 @@
+require 'openssl'
+
+# load PUBLIC key
+pubkey =
+  OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
+
+# encryption
+# CAUTION: ARGF must be shorter than key size!
+print pubkey.public_encrypt(ARGF.read)

rubykaigi2006/1_basic/11_encryption/115_rsa/generatekey.rb

@@ -0,0 +1,16 @@
+require 'openssl'
+
+STDOUT.sync = true
+puts 'creating 2048 bits RSA keypair...'
+key = OpenSSL::PKey::RSA.new(2048) { print "." }
+puts 'done'
+
+File.open("privkey.pem", "w") do |file|
+  file << key.to_pem
+end
+puts 'wrote privkey.pem'
+
+File.open("pubkey.pem", "w") do |file|
+  file << key.public_key.to_pem
+end
+puts 'wrote pubkey.pem'

rubykaigi2006/1_basic/11_encryption/116_rsa+aes/Rakefile

@@ -0,0 +1 @@
+../115_rsa/Rakefile

rubykaigi2006/1_basic/11_encryption/116_rsa+aes/decrypt.rb

@@ -0,0 +1,18 @@
+require 'openssl'
+
+# load encrypted password and encrypted text
+cipherpassword, ciphertext =
+  Marshal.load(ARGF), Marshal.load(ARGF)
+
+# decrypt password with RSA
+privkey =
+  OpenSSL::PKey::RSA.new(File.read("privkey.pem"))
+password = privkey.private_decrypt(cipherpassword)
+
+# decrypt password with AES
+cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+cipher.decrypt
+cipher.pkcs5_keyivgen(password)
+
+# dump
+print cipher.update(ciphertext) + cipher.final

rubykaigi2006/1_basic/11_encryption/116_rsa+aes/encrypt.rb

@@ -0,0 +1,20 @@
+require 'openssl'
+
+# create password for AES
+password = OpenSSL::Random.random_bytes(16)
+
+# encrypt source with AES
+cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+cipher.encrypt
+cipher.pkcs5_keyivgen(password)
+ciphertext =
+  cipher.update(ARGF.read) + cipher.final
+
+# encrypt password with RSA
+pubkey =
+  OpenSSL::PKey::RSA.new(File.read("pubkey.pem"))
+cipherpassword = pubkey.public_encrypt(password)
+
+# dump
+print Marshal.dump(cipherpassword) +
+  Marshal.dump(ciphertext)

rubykaigi2006/1_basic/11_encryption/116_rsa+aes/generatekey.rb

@@ -0,0 +1 @@
+../115_rsa/generatekey.rb

rubykaigi2006/1_basic/11_encryption/117_rsakeyprotect/Rakefile

@@ -0,0 +1 @@
+../116_rsa+aes/Rakefile

rubykaigi2006/1_basic/11_encryption/117_rsakeyprotect/decrypt.rb

@@ -0,0 +1 @@
+../116_rsa+aes/decrypt.rb

rubykaigi2006/1_basic/11_encryption/117_rsakeyprotect/encrypt.rb

@@ -0,0 +1 @@
+../116_rsa+aes/encrypt.rb

rubykaigi2006/1_basic/11_encryption/117_rsakeyprotect/generatekey.rb

@@ -0,0 +1,30 @@
+require 'openssl'
+
+STDOUT.sync = true
+puts 'creating 2048 bits RSA keypair...'
+key = OpenSSL::PKey::RSA.new(2048) { print "." }
+puts 'done'
+
+File.open("privkey.pem", "w") do |file|
+  # protect key with a password
+  protectedkey = key.export(OpenSSL::Cipher::Cipher.new("AES-256-CBC"))
+
+  # for protecting with a given password
+  #   protectedkey = key.export(
+  #     OpenSSL::Cipher::Cipher.new("AES-256-CBC"),
+  #     "my password")
+
+  # for custom password callback:
+  #   require 'password_callback'
+  #   protectedkey = key.export(
+  #     OpenSSL::Cipher::Cipher.new("AES-256-CBC"),
+  #     &PasswordCallback)
+
+  file << protectedkey
+end
+puts 'wrote privkey.pem with password protection'
+
+File.open("pubkey.pem", "w") do |file|
+  file << key.public_key.to_pem
+end
+puts 'wrote pubkey.pem'

rubykaigi2006/1_basic/11_encryption/117_rsakeyprotect/password_callback.rb

@@ -0,0 +1,17 @@
+PasswordCallback = lambda { |for_encryption|
+  print "Enter password: "
+  pass = $stdin.gets.chop!
+  if pass.length < 4
+    $stderr.puts "password must be longer than 4 bytes"
+    raise
+  end
+  if for_encryption
+    print "Verify password: "
+    pass2 = $stdin.gets.chop!
+    if pass != pass2
+      $stderr.puts "password does not match"
+      raise
+    end
+  end
+  pass
+}

rubykaigi2006/1_basic/12_authentication/121_hmac/Rakefile

@@ -0,0 +1,14 @@
+require 'rake/clean'
+
+CLEAN.include('*.bin')
+CLEAN.include('*/*.bin')
+CLEAN.include('*/*.txt')
+
+task :default => 'seckey.bin' do
+  cp 'seckey.bin', 'alice_sign'
+  cp 'seckey.bin', 'bob_verify'
+end
+
+file 'seckey.bin' do
+  load 'generatekey.rb'
+end

rubykaigi2006/1_basic/12_authentication/121_hmac/alice_sign/sign.rb

@@ -0,0 +1,24 @@
+require 'openssl'
+
+# load text to be signed
+plain = ARGF.read
+
+# load SECRET key
+key = File.read("seckey.bin")
+
+# sign
+# CAUTION: digester must be an instance of
+#   ::OpenSSL::Digest::* not ::Digest::* even if
+#   openssl is loaded.
+digester = OpenSSL::Digest::SHA1.new
+sig = OpenSSL::HMAC.digest(digester, key, plain)
+
+File.open("plain.txt", "wb") do |file|
+  file << plain
+end
+puts 'wrote text to plain.txt'
+
+File.open("plain.sig.bin", "wb") do |file|
+  file << sig
+end
+puts 'wrote sign to plain.sig.bin'