example

irb(main):008:0> str = "√"
=> "√"
irb(main):014:0> str.encoding
=> #<Encoding:UTF-8>

irb(main):009:0> e = AESCrypt.encrypt(str)
=> "ia\xF5k\x8CA\xED\xD5\v\xCB?O\x16\x9C\xA0M"
irb(main):011:0* e.encoding
=> #<Encoding:ASCII-8BIT>

irb(main):012:0> d = AESCrypt.decrypt(e)
=> "\xE2\x88\x9A"

Great idea for a pair of modules, thanks.

In my use case, I'm encoding a message in iOS, sending the encoded version to rails, and then in rails encoding the same message and seeing if the two agree. And oddly, they don't, by three spaces.

Here is the iOS code:

    NSString *text = @"8954302B-3291-42D8-A52F-EF1023F78AA3d115f8c31c33a6a70f60fe0ec0830fac2012-08-19T05:04:01Z";
    NSString *sharedSecret = @"ef7468fe8e05ad22fa0d4a5554205b65";
    NSString *signature = [AESCrypt encrypt:text password:sharedSecret];
    NSLog(@"Signature: %@", signature);

    // Outputs: Signature: I1rougkuUGC/9Tu+uv7e8vpT975ca6rCZueCQTe3pq0aY6XtBcre1Qd6AokZ3d0NAZPqxxGYwPe5aXQHy4Cef4m59fVgglYawKnRwA5e3ZhouQrcWUBixjyU4rUk8/yP

Here is the Rails code:

text = "8954302B-3291-42D8-A52F-EF1023F78AA3d115f8c31c33a6a70f60fe0ec0830fac2012-08-19T05:04:01Z";
shared_secret = "ef7468fe8e05ad22fa0d4a5554205b65"
reference_signature = AESCrypt.encrypt(text, shared_secret)

reference_signature in debugger is: "I1rougkuUGC/9Tu+uv7e8vpT975ca6rCZueCQTe3pq0aY6XtBcre1Qd6AokZ 3d0NAZPqxxGYwPe5aXQHy4Cef4m59fVgglYawKnRwA5e3ZhouQrcWUBixjyU 4rUk8/yP "

Note the spaces in reference_signature: between the Z and 3, the U and the 4, and at the end of the string.

This is rails Rails 3.2.3, ruby 1.9.3p194, iOS 5.1.

NameError - uninitialized constant AESCrypt::Base64:
    /Users/jameswomack/.rbenv/versions/2.0.0-preview2/lib/ruby/gems/2.0.0/gems/aescrypt-1.0.0/lib/aescrypt.rb:38:in `decrypt'

Please retire this gem. It contains multiple, extremely severe security vulnerabilities:

• Fixed all zero IV: #4
• No MAC/unauthenticated encryption: #12

Either of these vulnerabilities can, depending on the circumstances, lead to full plaintext recovery.

I opened #12 nearly 4 months ago. The extremely severe issue in #4 is approaching 4 years old.

This gem is broken, insecure, and unsuitable for use, and yet it is also the top hit for "ruby aes gem". Please retire it and point people at something safer, like ActiveSupport::MessageEncryptor:

http://api.rubyonrails.org/classes/ActiveSupport/MessageEncryptor.html

Hi Gurpartap, Currently I am facing below issue-

-[NSConcreteMutableData SHA256Hash]: unrecognized selector sent to instance

while encrypting the message. Please suggest me any changes.

This gem is using an unauthenticated encryption mode (CBC) which is vulnerable to chosen ciphertext attacks (i.e. it is not IND-CCA secure)

This is a serious issue which can allow active attackers to completely recover message plaintexts. It also allows attackers to make undetectable alterations to the plaintext.

At the very minimum you should add HMAC in an encrypt-then-MAC construction.

bro please help me.. Im using AES online encryption to encrypt the data. after data encrypted, Im try to use your lib to decrypt, but got error "pad block corrupted". very much appreciate if u can help me.