{"id":19300789,"url":"https://github.com/takuya/ruby-encryption","last_synced_at":"2026-05-17T10:32:08.688Z","repository":{"id":261004697,"uuid":"870478347","full_name":"takuya/ruby-encryption","owner":"takuya","description":"openssl command equivelent encrypt / decrypt by ruby","archived":false,"fork":false,"pushed_at":"2025-02-17T11:12:57.000Z","size":62,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-17T12:24:33.278Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/takuya.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-10T05:52:14.000Z","updated_at":"2025-02-17T11:13:01.000Z","dependencies_parsed_at":"2024-11-04T07:17:09.017Z","dependency_job_id":"77ff6d1b-708c-4ca9-8722-9858fb2d7a61","html_url":"https://github.com/takuya/ruby-encryption","commit_stats":null,"previous_names":["takuya/ruby-encryption"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuya%2Fruby-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuya%2Fruby-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuya%2Fruby-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/takuya%2Fruby-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/takuya","download_url":"https://codeload.github.com/takuya/ruby-encryption/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240402620,"owners_count":19795774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T23:15:49.882Z","updated_at":"2026-05-17T10:32:03.653Z","avatar_url":"https://github.com/takuya.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\n## openssl enc equivalent in ruby\n\nThis repository has sample function encryption ( decrypt / ecrypt ) equivalent of `openssl enc` command output.\n\n## functions.\n```ruby\n\nrequire 'openssl/utils'\n\nOpenSSLEncryption.encrypt_by_ruby    # pure ruby (openssl lib )\nOpenSSLEncryption.decrypt_by_ruby    # pure ruby (openssl lib )\n\nOpenSSLEncryption.encrypt_by_openssl # command wrapper \nOpenSSLEncryption.decrypt_by_openssl # command wrapper \n\n\n```\n\nSalted, base64 sample \n\nencrypt by openssl ( SALTED, base64 , no specified RAND ) \n```shell\ni=$(( 1000 * 1000 ))\nfile_in=my.plain.txt\nfile_out=my.enc.base64.salted.enc.bin\npassphrase=\"my_strong_password\"\n\n## encryption \nopenssl enc -e -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${file_in}\" -out \"${file_out}\" \\\n  -k \"${passphrase}\"\\\n  -base64 \\\n  ;\n```\ndecrypt above file by ruby \n```ruby\nrequire 'openssl/utils'\n\npass=\"my_strong_password\"\nenc_file='my.enc.base64.salted.enc.bin'\nout_file='my.out.txt'\niter_cnt= 1000 * 1000\n\nOpenSSLEncryption.decrypt_by_ruby(\n  passphrase: pass, \n  file_enc: enc_file, file_out: out_file, iterations: iter_cnt,\n  base64:true\n)\n```\n\n### how to use \n\ninstalling by rubygems\n```shell\nURL=https://github.com/takuya/ruby-encryption.git\necho \"gem 'takuya-ruby-encryption', git: '$URL'\" \u003e\u003e Gemfile\nbundle install \n```\nencryption\n```ruby\nrequire 'openssl/utils'\n\n\nfile = 'my.txt'\nenc_file = 'my.enc'\nout_file = 'my.out'\npass = 'your_password_here'\nsalt_str = `openssl rand -hex 8`.strip\nsalt = [salt_str].pack('H*') # HEX dump\niter_cnt = 1000 * 1000\nopen(file, 'w') { |f| f.puts \"sample.\\n\"*20 }\n\n## encryption with salted__ , base64 . ### sample #05\nOpenSSLEncryption.encrypt_by_ruby(\n  passphrase: pass,\n  file_in: file,\n  file_out: enc_file,\n  iterations: iter_cnt,\n  salt: salt,\n  salted: true,\n  base64: true\n)\n## decrypt by openssl command.\n`openssl enc -d -aes-256-cbc \\\n  -pbkdf2 -iter #{iter_cnt} \\\n  -base64 \\\n  -in #{enc_file} \\\n  -out #{out_file} \\\n  -k #{pass}`\n\n## results\nputs open(out_file).read\n```\n\n## Samples, openssl enc\n\nleft side is encryption , right side is decryption.\n```shell\n## \nopenssl enc -e -S $RAND -pbkdf2 -iter $i -base64  -in - -out -  | \\\nopenssl enc -d -S $RAND -pbkdf2 -iter $i -base64  -in - -out - \n```\n\n| sample | encrypt:\u003cbr/\u003e-S opt | enc:base64 | output |    __Salted\u003cbr\u003estring     | decrypt:\u003cbr/\u003e -S opt | dec:base64 |\n|:------:|--------------------:|-----------:|:------:|:-------------------------:|---------------------:|-----------:|\n|   01   |                none |       none | binary |            YES            |                 none |       none |\n|   02   |            -S $RAND |       none | binary |            NO             |             -S $RAND |       none |\n|   03   |                none |    -base64 | BASE64 |            YES            |                 none |    -base64 |\n|   04   |            -S $RAND |    -base64 | BASE64 |            NO             |             -S $RAND |    -base64 |\n|   05   |            -S $RAND |    -base64 | BASE64 | YES\u003cbr\u003e**(manually add)** |                 none |    -base64 |\n|   06   |            -S $RAND |       none | binary | YES\u003cbr\u003e**(manually add)** |                 none |       none |\n\n`$RAND` is random 8bytes. `RAND=$(openssl rand -hex 8  )`\n\n`__Salted` prefixed in encrypted file, openssl can decrypt without`  -S `, because $RAND is included $RAND as \"Salted__$RAND\" , but same `-iter cnt` will be needed.\n\n**manually** means, adding `SALTED__` by command , not by `openssl enc`, such as echo cat command, for example `(echo -n \"Salted__\"; echo -n \"${rand}\" | xxd -r -p; cat ${file_tmp} ) | base64 -w 64 \u003e \"${file_out}\"`\n\n`iter` is to prevent brute force attack. iter count should be increased over than 1sec to calculating , for attacker time consuming.(ex 1000*1000)\n\n\n\n## 01 . shell command `openssl enc`, simple encryption.\n\n```shell\n## params\ni=$(( 1000* 1000 ))\nfile_in=/etc/resolv.conf\nfile_out=/tmp/file.enc\npassphrase=\"my_strong_password\"\n\n\n## encryption\nopenssl enc -e -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${file_in}\" -out \"${file_out}\" \\\n  -k \"${passphrase}\"\n\n## decryption\nenc_file=${file_out}\noutput='-'\nopenssl enc -d -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${enc_file}\" -out \"${output}\" \\\n  -k \"${passphrase}\"\n\n```\n\n## 02.shell command `openssl enc` , simple encryption with SALT specified.\n\n```shell\n## params\ni=$(( 1000* 1000 ))\nfile_in=/etc/resolv.conf\nfile_out=/tmp/file.enc\npassphrase=\"my_strong_password\"\nrand=$(openssl rand -hex 8  ) ## with 8 bytes \n\n## encryption\nopenssl enc -e -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" -S \"${rand}\" \\\n  -in \"${file_in}\" -out \"${file_out}\" \\\n  -k \"${passphrase}\"\n  \n## decryption\nenc_file=${file_out}\noutput='-'\nopenssl enc -d -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -S \"${rand}\" \\\n  -in \"${enc_file}\" -out \"${output}\" \\\n  -k \"${passphrase}\"\n```\n\n## 03.shell command base64 and salted by `openssl enc ` and BASE 64.\n\n```shell\n## params\ni=$(( 1000* 1000 ))\nfile_in=/etc/resolv.conf\nfile_out=/tmp/file.enc\nrand=$(openssl rand -hex 8  )\npassphrase=\"my_strong_password\"\n\n## encryption \nopenssl enc -e -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${file_in}\" -out \"${file_out}\" \\\n  -k \"${passphrase}\"\\\n  -base64 \\\n  ;\n## decryption\nenc_file=${file_out}\noutput='-'\nopenssl enc -d -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${enc_file}\" -out \"${output}\" \\\n  -k \"${passphrase}\" \\\n  -base64 \\\n  ;\n```\n\n## 04. shell command encrypt / decrypt BASE64.\n\n```shell\n## params\ni=$(( 1000* 1000 ))\nfile_in=/etc/resolv.conf\nfile_out=/tmp/file.enc\nrand=$(openssl rand -hex 8  )\npassphrase=\"my_strong_password\"\n\n## encryption no salted.\nopenssl enc -e -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${file_in}\" -out \"${file_out}\" \\\n  -k \"${passphrase}\"\\\n  -S \"${rand}\" \\\n  -base64 \\\n;  \n## decrypt\nenc_file=${file_out}\noutput='-'\nopenssl enc -d -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in ${enc_file} -out ${output} \\\n  -k \"${passphrase}\" \\\n  -S \"${rand}\" \\\n  -base64 \\\n;\n```\n\n## 05.shell command manually add \"Salted__\" and BASE 64 .\n\nmanually salted.\n\n```shell\n## params\ni=$(( 1000* 1000 ))\nfile_in=/etc/resolv.conf\nfile_out=/tmp/file.enc\nrand=$(openssl rand -hex 8  )\npassphrase=\"my_strong_password\"\n\n## encryption ( with -S -base64 ) will not output \"Salted__\"\nfile_tmp=$(mktemp -u)\n  openssl enc -e -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in \"${file_in}\" -out \"${file_tmp}\" \\\n  -k \"${passphrase}\"\\\n  -S \"${rand}\" \\\n  ;\n(echo -n \"Salted__\"; echo -n \"${rand}\" | xxd -r -p; cat ${file_tmp} ) | base64 -w 64 \u003e \"${file_out}\" \n\n## decrypt \nenc_file=${file_out}\noutput='-'\nopenssl enc -d -aes-256-cbc \\\n  -pbkdf2 -iter \"${i}\" \\\n  -in ${enc_file} -out ${output} \\\n  -k \"${passphrase}\" \\\n  -base64 \\\n  ;\n```\n\n## ruby sample \n```ruby\nrequire_relative '../lib/openssl/utils' # this repository.\n\nfile = 'my.txt'\nenc_file = 'my.enc'\nout_file = 'my.out'\npass = 'your_password_here'\nsalt_str = `openssl rand -hex 8`.strip\nsalt = [salt_str].pack('H*') # HEX dump\niter_cnt = 1000 * 10\n\n## encryption with salted__ , base64 . #05\nOpenSSLEncryption.encrypt_by_ruby(passphrase: pass, file_in: file, file_out: enc_file, iterations: iter_cnt, salt: salt, salted: false,base64: true)\n## decryption by openssl command (wrapper)\nOpenSSLEncryption.decrypt_by_openssl(passphrase: pass, file_in: enc_file, file_out: out_file, iterations: iter_cnt, salt_str: salt_str,base64: true)\n```\n\n## notice \n\nopenssl command cannot accept salt as 'binary'. Command line `SALT` must be `HEX` string.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftakuya%2Fruby-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftakuya%2Fruby-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftakuya%2Fruby-encryption/lists"}