Class MCollective::SSL
In: lib/mcollective/ssl.rb
Parent: Object

A class that assists in encrypting and decrypting data using a combination of RSA and AES

Data will be AES encrypted for speed, the Key used in # the AES stage will be encrypted using RSA 

  ssl = SSL.new(public_key, private_key, passphrase)

  data = File.read("largefile.dat")

  crypted_data = ssl.encrypt_with_private(data)

  pp crypted_data

This will result in a hash of data like: 

  crypted = {:key  => "crd4NHvG....=",
             :data => "XWXlqN+i...=="}

The key and data will all be base 64 encoded already by default you can pass a 2nd parameter as false to encrypt_with_private and counterparts that will prevent the base 64 encoding

You can pass the data hash into ssl.decrypt_with_public which should return your original data

There are matching methods for using a public key to encrypt data to be decrypted using a private key

Methods

aes_decrypt   aes_encrypt   base64_decode   base64_decode   base64_encode   base64_encode   decrypt_with_private   decrypt_with_public   encrypt_with_private   encrypt_with_public   md5   md5   new   read_key   rsa_decrypt_with_private   rsa_decrypt_with_public   rsa_encrypt_with_private   rsa_encrypt_with_public   sign   uuid   verify_signature  

Attributes

private_key_file  [R] 
public_key_file  [R] 
ssl_cipher  [R] 

Public Class methods

uuid(string=nil)

Creates a RFC 4122 version 5 UUID. If string is supplied it will produce repeatable UUIDs for that string else a random 128bit string will be used from OpenSSL::BN

Code used with permission from: 

   https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/uuid.rb

Public Instance methods

aes_decrypt(key, crypt_string)

decrypts a string given key, iv and data

aes_encrypt(plain_string)

encrypts a string, returns a hash of key, iv and data

base64_decode(string)

base 64 decode a string

base64_encode(string)

base 64 encode a string

decrypt_with_private(crypted, base64=true)

Decrypts data, expects a hash as create with crypt_with_public

decrypt_with_public(crypted, base64=true)

Decrypts data, expects a hash as create with crypt_with_private

encrypt_with_private(plain_text, base64=true)

Encrypts supplied data using AES and then encrypts using RSA the key and IV

Return a hash with everything optionally base 64 encoded

encrypt_with_public(plain_text, base64=true)

Encrypts supplied data using AES and then encrypts using RSA the key and IV

Return a hash with everything optionally base 64 encoded

read_key(type, key=nil, passphrase=nil)

Reads either a :public or :private key from disk, uses an optional passphrase to read the private key

rsa_decrypt_with_private(crypt_string)

Use the private key to RSA decrypt data

rsa_decrypt_with_public(crypt_string)

Use the public key to RSA decrypt data

rsa_encrypt_with_private(plain_string)

Use the private key to RSA encrypt data

rsa_encrypt_with_public(plain_string)

Use the public key to RSA encrypt data

sign(string, base64=false)

Signs a string using the private key

verify_signature(signature, string, base64=false)

Using the public key verifies that a string was signed using the private key

[Validate]