I could find a way to choose TLS version by using this code
ctx = OpenSSL::SSL::SSLContext.new() ctx.ssl_version = :TLSv1_2
As you can see I selected this version **TLSv1_2 ** Also I could select ciphers list by using this code
ctx.ciphers = ["AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5"]
My question is how can I select which Signature Hash Algorithms would like to use in my code
Signature Hash Algorithms list
How to choose Signature Hash Algorithms in Ruby
Related
So let's say I have a md5 hash of a five digits long PIN. It is given as string.
The only way is cracking it, means try every combination, hash it and compare it with the hash you want to crack. I'm trying to return the cracked PIN as string. Given the initial hash input is the md5 digest of the PIN (in a string). Here's my code:
require 'digest'
def crack_PIN(hash)
md5 = Digest::MD5.new
permutations = [0,1,2,3,4,5,6,7,8,9].permutation(5).to_a
perm_digest = permutations.map{|element| md5.hexdigest(element.map{|num| "#{num}"}.join)}
x = perm_digest.index(hash)
permutations[x].map{|num| "#{num}"}.join
end
The problem with this code is that it only uses each number once (it can't repeat each number as many times as it wants). I'm trying to figure out what I can do to alter this code that would make it work for any amount of repetition of each number. Thanks :-)
Minimal change:
permutations = '00000'..'99999'
That will get you the full list of all strings in the range. You can then just try running md5.hexdigest on each of them.
Also note: Your method is going to perform the exact same series of calculations every time you run it!! You would improve the performance by caching the calculated result somehow, (i.e. generating a lookup table of PIN --> md5 sum) and just referencing this in your code.
Combining Tom and Cary's suggestions into a simplified version that needs less memory than your example because it does not store all hashes in memory. Furthermore, it returns the PIN as soon as it was found and does not generate all hashes upfront.
require 'digest'
def crack_PIN(hash)
md5 = Digest::MD5.new
('00000'..'99999').find { |pin| md5.hexdigest(pin) == hash }
end
crack_PIN("c4ded2b85cc5be82fa1d2464eba9a7d3")
#=> "45678"
I have two go services, let's call them A and B. B holds an RSA key pair, while A only knows the public key. I want them to know if they agree on some value V.
I want to do this by having B encrypt encrypt V using the public key and have A do a comparison, but all the crytpo/rsa functions take an RNG which adds entropy and makes each hash of V different. That means I can't compare the hashes.
Is there a function in the go standard library that will deterministicly hash V?
Note: I can achieve this by using a fresh RNG seeded with the same value everytime I hash V, but I want to be able to compute this hash from other languages and that would tie me to Go's RNG.
I want to do this by having B encrypt encrypt V using the public key and have A do a comparison…
You're using the wrong primitive.
If you want the owner of a private key to prove that they have some data, have them Sign that data. The recipient can Verify that signature using the public key.
Use the SignPSS and VerifyPSS methods to do this. The signature will not be deterministic, but it doesn't need to be -- the recipient will still be able to verify it.
Take a look at the docs for EncryptOAEP:
The random parameter is used as a source of entropy to ensure that encrypting the same message twice doesn't result in the same ciphertext.
So the random data does not affect the reader's ability to decrypt the message with only the public key. The cipher text bytes will be different each time you encrypt the same value, which is a good thing.
Take a look at the examples on Encrypt/Decrypt OAEP in those docs. It should be sufficient to get you moving the right direction.
I have written a very basic encryption module that I am using to encrypt some values in a .yaml file.
require 'OpenSSL'
require 'Base64'
cipher = OpenSSL::Cipher::AES.new(256, :CBC)
cipher.key = ENV['KEY']
cipher.iv = ENV['IV']
cipher.encrypt
encrypted = cipher.update(ARGV[0]) + cipher.final
p Base64.encode64(encrypted).gsub!(/\n/,'')
If I run the encryptor like so, I get one value
rvm use jruby-9.0.5.0
jruby encryptor.rb 'password'
4cP7jptj5Z14c2KoXdNf+g==
If I run the encryptor like this, I receive a different value
rvm use ruby-2.2.0
ruby encryptor.rb 'password'
y5ZdDfAGRmK1wQy2e4EOIA==
Im relatively new to encryption, so this may be a loaded (or simple) question, but why does my module return two different values depending on what interpreter im using?
EDIT: The key is 32-bytes, and I have changed the IV to be 16-bytes, and the results still differ between interpreters.
EXAMPLE KEYS:
key = 1DR337Z5C5CBD94643L9772F96C546AC
iv = 2BR367Z5R5CFD949
With OpenSSL, when you call cipher.encrypt you reset the key and the iv (or at least change the internal state of the cipher object in some way). There is a Ruby bug about this: https://bugs.ruby-lang.org/issues/8720
The JRuby OpenSSL emulation layer doesn’t seem to have this behaviour, and gives the same result wherever you have the call to cipher.encrypt.
The workaround / fix is to ensure the call to cipher.encrypt occurs before you set the key and iv:
cipher.encrypt
cipher.key = ENV['KEY']
cipher.iv = ENV['IV']
Supply full length values for the key and IV.
In the case of the key you need 256-bits (32-bytes).
In the case of the IV the length needs to be the block size which is (for AES) 16-bytes.
If the inputs are to short there is not standard on how to handle this and each implementation may choose different methods such as null padding or just using whatever bytes immediately follow the supplied values.
I am attempting to decrypt a number encrypted by another program that uses the BouncyCastle library for Java.
In Java, I can set the key like this: key = Hex.decode("5F3B603AFCE22359");
I am trying to figure out how to represent that same step in Ruby.
To get Integer — just str.hex. You may get byte array in several ways:
str.scan(/../).map(&:hex)
[str].pack('H*').unpack('C*')
[str].pack('H*').bytes.to_a
See other options for pack/unpack and examples (by codeweblog).
For a string str:
"".tap {|binary| str.scan(/../) {|hn| binary << hn.to_i(16).chr}}
I have been looking for a portable method to digitally sign arbitrary text which can be placed in a document and distributed while maintaining its verifiable origin. Here is an example:
a = 'some text'
a.sign(<private key>) # => <some signature in ASCII format>
The contents of a can now be distributed freely. If a receiver wants to check the validity of said text they can do the following:
b = 'some text'
b.valid(<public key>, <signature supplied with text>) # => true/false
Is there any library out there that already offers this kind of functionality? Ruby standard library contains SHA hashing code so at lest there is a portable way to perform the hashing but from that point I am struggling to find anything which fits purpose.
Kind Regards,
Roja
What do you mean by "portable"? Is openssl portable enough for you? Here's a nice article by Ola Bini about different scenarios in ruby. Essentially, this is how you'd sign and verify a message:
require 'openssl'
pub_key = OpenSSL::PKey::RSA.new(File.read("public_key.pem"))
priv_key = OpenSSL::PKey::RSA.new(File.read("private_key.pem"))
text = "This is the text I want to send"*200
signature = priv_key.sign(OpenSSL::Digest::SHA1.new,text)
if pub_key.verify(OpenSSL::Digest::SHA1.new, signature, text)
puts "Signature verified"
else
puts "Signature NOT verified"
end