A simple and opinionated AES encrypt / decrypt Ruby gem that just works.

Overview

AESCrypt - Simple AES encryption / decryption for Ruby

AESCrypt is a simple to use, opinionated AES encryption / decryption Ruby gem that just works.

AESCrypt uses the AES-256-CBC cipher and encodes the encrypted data with Base64.

A corresponding gem to easily handle AES encryption / decryption in Objective-C is available at http://github.com/Gurpartap/AESCrypt-ObjC.

Installation

Add this line to your application's Gemfile:

gem 'aescrypt'

And then execute:

$ bundle

Or install it yourself as:

$ gem install aescrypt

Usage

message = "top secret message"
password = "p4ssw0rd"

Encrypting

encrypted_data = AESCrypt.encrypt(message, password)

Decrypting

message = AESCrypt.decrypt(encrypted_data, password)

Advanced usage

Encrypting

encrypted_data = encrypt_data(data, key, iv, cipher_type)

Decrypting

decrypted_data = decrypt_data(encrypted_data, key, iv, cipher_type)

Corresponding usage in Objective-C

The AESCrypt Objective-C class, available at https://github.com/Gurpartap/AESCrypt-ObjC, understands what you're talking about in your Ruby code. The purpose of the Ruby gem and Objective-C class is to have something that works out of the box across the server (Ruby) and client (Objective-C). However, a standard encryption technique is implemented, which ensures that you can handle the data with any AES compatible library available across the web. So, you're not locked-in.

Here's how you would use the AESCrypt Objective-C class:

NSString *message = @"top secret message";
NSString *password = @"p4ssw0rd";

Encrypting

NSString *encryptedData = [AESCrypt encrypt:message password:password];

Decrypting

NSString *message = [AESCrypt decrypt:encryptedData password:password];

See the Objective-C class README at http://github.com/Gurpartap/AESCrypt-ObjC for more details.

License

Copyright (c) 2012 Gurpartap Singh

The encrypt_data and decrypt_data methods are Copyright (c) 2007 Brent Sowers and have been included in the gem with prior permission. Thanks Brent! :)

See LICENSE for license terms.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request
Comments
  • Not able to encrypt/decrypt utf-8 data

    Not able to encrypt/decrypt utf-8 data

    example

    irb(main):008:0> str = "√"
    => "√"
    irb(main):014:0> str.encoding
    => #<Encoding:UTF-8>
    
    irb(main):009:0> e = AESCrypt.encrypt(str)
    => "ia\xF5k\x8CA\xED\xD5\v\xCB?O\x16\x9C\xA0M"
    irb(main):011:0* e.encoding
    => #<Encoding:ASCII-8BIT>
    
    irb(main):012:0> d = AESCrypt.decrypt(e)
    => "\xE2\x88\x9A"
    
    opened by msumit 2
  • Mismatch between client and server encodings?

    Mismatch between client and server encodings?

    Great idea for a pair of modules, thanks.

    In my use case, I'm encoding a message in iOS, sending the encoded version to rails, and then in rails encoding the same message and seeing if the two agree. And oddly, they don't, by three spaces.

    Here is the iOS code:

        NSString *text = @"8954302B-3291-42D8-A52F-EF1023F78AA3d115f8c31c33a6a70f60fe0ec0830fac2012-08-19T05:04:01Z";
        NSString *sharedSecret = @"ef7468fe8e05ad22fa0d4a5554205b65";
        NSString *signature = [AESCrypt encrypt:text password:sharedSecret];
        NSLog(@"Signature: %@", signature);
    
        // Outputs: Signature: I1rougkuUGC/9Tu+uv7e8vpT975ca6rCZueCQTe3pq0aY6XtBcre1Qd6AokZ3d0NAZPqxxGYwPe5aXQHy4Cef4m59fVgglYawKnRwA5e3ZhouQrcWUBixjyU4rUk8/yP
    

    Here is the Rails code:

    text = "8954302B-3291-42D8-A52F-EF1023F78AA3d115f8c31c33a6a70f60fe0ec0830fac2012-08-19T05:04:01Z";
    shared_secret = "ef7468fe8e05ad22fa0d4a5554205b65"
    reference_signature = AESCrypt.encrypt(text, shared_secret)
    
    reference_signature in debugger is: "I1rougkuUGC/9Tu+uv7e8vpT975ca6rCZueCQTe3pq0aY6XtBcre1Qd6AokZ 3d0NAZPqxxGYwPe5aXQHy4Cef4m59fVgglYawKnRwA5e3ZhouQrcWUBixjyU 4rUk8/yP "
    

    Note the spaces in reference_signature: between the Z and 3, the U and the 4, and at the end of the string.

    This is rails Rails 3.2.3, ruby 1.9.3p194, iOS 5.1.

    opened by kcoop 2
  • Gem failing without Base64 import

    Gem failing without Base64 import

    NameError - uninitialized constant AESCrypt::Base64:
        /Users/jameswomack/.rbenv/versions/2.0.0-preview2/lib/ruby/gems/2.0.0/gems/aescrypt-1.0.0/lib/aescrypt.rb:38:in `decrypt'
    
    opened by jameswomack 0
  • Please retire this gem and label it as

    Please retire this gem and label it as "unsafe" in the README

    Please retire this gem. It contains multiple, extremely severe security vulnerabilities:

    • Fixed all zero IV: #4
    • No MAC/unauthenticated encryption: #12

    Either of these vulnerabilities can, depending on the circumstances, lead to full plaintext recovery.

    I opened #12 nearly 4 months ago. The extremely severe issue in #4 is approaching 4 years old.

    This gem is broken, insecure, and unsuitable for use, and yet it is also the top hit for "ruby aes gem". Please retire it and point people at something safer, like ActiveSupport::MessageEncryptor:

    http://api.rubyonrails.org/classes/ActiveSupport/MessageEncryptor.html

    opened by tarcieri 1
  • Crash -[NSConcreteMutableData SHA256Hash]: unrecognized selector

    Crash -[NSConcreteMutableData SHA256Hash]: unrecognized selector

    Hi Gurpartap, Currently I am facing below issue-

    -[NSConcreteMutableData SHA256Hash]: unrecognized selector sent to instance

    while encrypting the message. Please suggest me any changes.

    opened by AshwinDamji 1
  • Unauthenticated encryption is vulnerable to chosen ciphertext attacks, bitflipping attacks

    Unauthenticated encryption is vulnerable to chosen ciphertext attacks, bitflipping attacks

    This gem is using an unauthenticated encryption mode (CBC) which is vulnerable to chosen ciphertext attacks (i.e. it is not IND-CCA secure)

    This is a serious issue which can allow active attackers to completely recover message plaintexts. It also allows attackers to make undetectable alterations to the plaintext.

    At the very minimum you should add HMAC in an encrypt-then-MAC construction.

    opened by tarcieri 6
  • pad block corrupted

    pad block corrupted

    screen shot 2015-12-08 at 6 58 34 pm

    bro please help me.. Im using AES online encryption to encrypt the data. after data encrypted, Im try to use your lib to decrypt, but got error "pad block corrupted". very much appreciate if u can help me.

    opened by fatahzull 0
Owner
Gurpartap Singh
ਗੁਰ ਪੀਰਾਂ ਕੀ ਚਾਕਰੀ ਮਹਾਂ ਕਰੜੀ ਸੁਖ ਸਾਰੁ॥
Gurpartap Singh
AndroidHybridCrypto is simple customizable Android implementation of hybrid cryptography (AES+RSA+Hash) recommended by OWASP.

AndroidHybridCrypto HybridCrypto is simple customizable Android implementation of hybrid cryptography (AES+RSA+Hash) recommended by OWASP. Usage Step

UTNGY Pisal 2 Sep 6, 2022
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

Jonah 5 Oct 18, 2022
A simple library that can help you detect if you app is modded or tampered with

Android Tamper Detector A simple library that can help you detect if you app is modded or tampered with. This adds a security level that makes it diff

Mukesh Solanki 130 Nov 14, 2022
simple implementation KTLint with lib JLLeitschuh/ktlint-gradle

Simple DETEKT implementation others KTLint KTLint-gradle DeteKT Spotless gradle-code-quality-tools-plugin Tutorials medium Config detekt config.yml Gr

John Alves 0 Jun 10, 2022
A simple text encryption/decryption password based GUI+CLI tool

ZeText: Zero disk exposition texts This is a simple text encryption/decryption password based GUI+CLI tool, allowing to enter, edit and decrypt files

sergeych 0 Dec 21, 2021
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 29, 2022
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Caleb Fenton 4.1k Dec 25, 2022
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023
A program to flip every private, protected and package-private access flag to public in an Android dex file!

DexExposed A program to flip every private, protected and package-private access flag to public in an Android dex file! Building Simply run gradle mak

John Doe 2 Aug 29, 2021
A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

null 92 Dec 15, 2022
CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

Luca Piccolboni 139 Dec 12, 2022
A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

null 231 Dec 29, 2022
Burp extension to create target specific and tailored wordlist from burp history.

Burp extension to create target specific and tailored wordlist from burp history.

Dexter0us 173 Jan 2, 2023
Secure your REST APIs with Spring Security, Resource and Authorization Server from zero to JWT

Secure REST APIs with Spring ./mvnw RTFM YouTube: Spring Security Patterns YouTube: Spring Security 5.5 From Taxi to Takeoff Official Apache Maven doc

Maksim Kostromin 1 Dec 5, 2021
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

null 52 Dec 30, 2022