![Oracle Drags Its Feet in the JavaScript Trademark Dispute](https://cdn.sanity.io/images/cgdhsj6q/production/919c3b22c24f93884c548d60cbb338e819ff2435-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
A safe Ruby encryption library, designed to support features like multiple active encryption keys and key rotation.
Cryptor utilizes authenticated encryption, which ensures the confidentiality, integrity, and authenticity of data while still providing a simple API.
Cryptor supports two backends:
Cryptor uses the experimental ORDO v0 message format for serializing encrypted messages. Future versions may support additional message formats like OpenPGP or JWE.
Need help with Cryptor? Join the RbNaCl Google Group. We're also on IRC at #cryptosphere on irc.freenode.net
Add this line to your application's Gemfile:
gem 'cryptor'
And then execute:
$ bundle
Or install it yourself as:
$ gem install cryptor
To begin with, you must select a backend:
RbNaCl is a Ruby FFI binding to libsodium, a portable state-of-the-art cryptography library.
To use Cryptor with RbNaCl, add the following to your Gemfile:
gem 'rbnacl-libsodium'
And in your Ruby program, require the following:
require 'cryptor'
require 'cryptor/symmetric_encryption/ciphers/xsalsa20poly1305'
Cryptor can use ActiveSupport 4.0+'s MessageEncryptor
class to encrypt
messages. This scheme uses AES-256 in CBC mode for encryption and HMAC-SHA1
to provide ciphertext integrity.
This option is only recommended if you have some compliance issues which mandate the use of NIST ciphers or if you have problems installing the rbnacl-libsodium gem or libsodium library for some reason.
To use Cryptor with ActiveSupport::MessageEncryptor, require the following from a Rails 4.0+ app or other app with ActiveSupport 4.0+ bundled:
require 'cryptor'
require 'cryptor/symmetric_encryption/ciphers/message_encryptor'
To encrypt data with Cryptor, you must first make a secret key to encrypt it under. Use the following for RbNaCl:
# Make a RbNaCl secret key
secret_key = Cryptor::SymmetricEncryption.random_key(:xsalsa20poly1305)
or the following for ActiveSupport::MessageEncryptor:
# Make an ActiveSupport secret key
secret_key = Cryptor::SymmetricEncryption.random_key(:message_encryptor)
Inspecting a secret key looks like this:
#<Cryptor::SecretKey:0x81438830 cipher=xsalsa20poly1305 fingerprint=ni:///sha-256;Wy8hx4...>
You can't actually see the secret key itself by calling #inspect
or #to_s
.
This is to prevent accidentally logging the secret key. Instead you can only
see the key's fingerprint, which is given as a RFC 6920 hash URI of the secret
key's ORDO secret URI.
To obtain the secret URI, use the #to_secret_uri
method, which returns a string:
>> secret_key.to_secret_uri
=> "secret.key:///xsalsa20poly1305;0saB1tfgKWDh_bX0oAquLWgAq-6yjG1u04mP-CtQG-4"
This string can be saved somewhere secret and safe then later loaded and passed into
Cryptor::SymmetricEncryption.new
:
cryptor = Cryptor::SymmetricEncryption.new("secret.key:///xsalsa20poly1305;0saB...")
After this, you can encrypt with the #encrypt
method:
ciphertext = cryptor.encrypt(plaintext)
and decrypt with the #decrypt
method:
decrypted = cryptor.decrypt(ciphertext)
Cryptor is designed to support key rotation, allowing new ciphertexts to be produced under an "active" key, but with old keys configured so older ciphertexts can still be decrypted (and also rotated to the new key).
To rotate keys, first make a new key, but configure Cryptor with the old key too using the "keyring" option:
old_key = ...
new_key = Cryptor::SymmetricEncryption.random_key(:xsalsa20poly1305)
cryptor = Cryptor::SymmetricEncryption.new(new_key, keyring: [old_key])
Cryptor can support arbitrarily many old keys on its keyring. Any messages which have been encrypted under the old keys can still be decrypted, but newly encrypted messages will always use the new "active" key.
To rotate messages from one key to another, use the #rotate
method:
old_message = ...
new_message = cryptor.rotate(old_message)
This is useful if a key is ever compromised, and also good security hygene in general.
Cryptor also supports the #rotate!
method, which works just like #rotate
,
but raises Cryptor::AlreadyRotatedError
if asked to rotate a message that's
already up-to-date.
Copyright (c) 2014 Tony Arcieri. Distributed under the MIT License. See LICENSE.txt for further details.
FAQs
Unknown package
We found that cryptor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.