решаемые это без необходимости порождать процесс совместной работе с OpenSSL:
Update: Смотрите другие мои ответ использовать GPG вместо
@@OPENSSL_MAGIC = "Salted__"
@@DEFAULT_CIPHER = "aes-256-cbc"
@@DEFAULT_MD = OpenSSL::Digest::SHA256
# Note: OpenSSL "enc" uses a non-standard file format with a custom key
# derivation function and a fixed iteration count of 1, which some consider
# less secure than alternatives such as OpenPGP/GnuPG
#
# Resulting bytes when written to #{FILE} may be decrypted from the command
# line with `openssl enc -d -#{cipher} -md #{md} -in #{FILE}`
#
# Example:
# openssl enc -d -aes-256-cbc -md sha256 -in file.encrypted
def encrypt_for_openssl(
password,
data,
cipher = @@DEFAULT_CIPHER,
md = @@DEFAULT_MD.new
)
salt = SecureRandom.random_bytes(8)
cipher = OpenSSL::Cipher::Cipher.new(cipher)
cipher.encrypt
cipher.pkcs5_keyivgen(password, salt, 1, md)
encrypted_data = cipher.update(data) + cipher.final
@@OPENSSL_MAGIC + salt + encrypted_data
end
# Data may be written from the command line with
# `openssl enc -#{cipher} -md #{md} -in #{INFILE} -out #{OUTFILE}`
# and the resulting bytes may be read by this function.
#
# Example:
# openssl enc -aes-256-cbc -md sha256 -in file.txt -out file.txt.encrypted
def decrypt_from_openssl(
password,
data,
cipher = @@DEFAULT_CIPHER,
md = @@DEFAULT_MD.new
)
input_magic = data.slice!(0, 8)
input_salt = data.slice!(0, 8)
cipher = OpenSSL::Cipher::Cipher.new(cipher)
cipher.decrypt
cipher.pkcs5_keyivgen(password, input_salt, 1, md)
c.update(data) + c.final
end
Это основано на forge.js security library, в частности example to match openssl's enc tool и using an iteration count of 1.
GPG использует формат OpenPGP, описанный в http://tools.ietf.org/html/rfc4880 – Kevin