Class: Arachni::Support::Crypto::RSA_AES_CBC

Inherits:
Object
  • Object
show all
Defined in:
lib/arachni/support/crypto/rsa_aes_cbc.rb

Overview

Simple hybrid crypto class using RSA for public key encryption and AES with CBC for bulk data encryption/decryption.

RSA is used to encrypt the AES primitives which are used to encrypt the plaintext.

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Instance Method Summary collapse

Constructor Details

#initialize(public_pem, private_pem = nil) ⇒ RSA_AES_CBC

If only encryption is required the private key parameter can be omitted.

Parameters:

  • public_pem (String)

    Location of the Public key in PEM format.

  • private_pem (String) (defaults to: nil)

    Location of the Private key in PEM format.



29
30
31
32
# File 'lib/arachni/support/crypto/rsa_aes_cbc.rb', line 29

def initialize( public_pem, private_pem = nil )
    @public_pem  = public_pem
    @private_pem = private_pem
end

Instance Method Details

#decrypt(data) ⇒ String

Decrypts data.

Parameters:

Returns:



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/arachni/support/crypto/rsa_aes_cbc.rb', line 72

def decrypt( data )
    rsa = OpenSSL::PKey::RSA.new( File.read( @private_pem ) )

    # decrypt with 256 bit AES with CBC
    aes = OpenSSL::Cipher::Cipher.new( 'aes-256-cbc' )
    aes.decrypt

    # unencode and unserialize to get the primitives and ciphertext
    primitives = YAML::load( Base64.decode64( data ) )

    aes.key = rsa.private_decrypt( primitives['key'] )
    aes.iv  = rsa.private_decrypt( primitives['iv'] )

    plaintext = aes.update( primitives['ciphertext'] )
    plaintext << aes.final

    plaintext
end

#encrypt(data) ⇒ String

Encrypts data and returns a Base64 representation of the ciphertext and AES CBC primitives encrypted using the public key.

Parameters:

Returns:

  • (String)

    Base64 representation of the ciphertext and AES CBC primitives encrypted using the public key.



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/arachni/support/crypto/rsa_aes_cbc.rb', line 42

def encrypt( data )
    rsa = OpenSSL::PKey::RSA.new( File.read( @public_pem ) )

    # encrypt with 256 bit AES with CBC
    aes = OpenSSL::Cipher::Cipher.new( 'aes-256-cbc' )
    aes.encrypt

    # use random key and IV
    aes.key = key = aes.random_key
    aes.iv  = iv  = aes.random_iv

    # this will hold all primitives and ciphertext
    primitives = {}

    primitives['ciphertext'] = aes.update( data )
    primitives['ciphertext'] << aes.final

    primitives['key'] = rsa.public_encrypt( key )
    primitives['iv']  = rsa.public_encrypt( iv )

    # serialize everything and base64 encode it
    Base64.encode64( primitives.to_yaml )
end