We use EzCrypto because makes it very easy to store a key in a yaml file. We use different keys in development and production for security (its a breeze).
Unfortunately, it doesn’t have a way to store an explicit IV. You would use and explicit IV if you were sharing a key with a 3rd party that didn’t use the same technology as you. I am not exactly sure how Initialization Vectors (IV) work. It has to do with with how a key is used in encrypting and decrypting data.
So, I duck punched EzCrypto using the Evil Twin pattern, even though EzCrypto isn’t a plugin. Here is what the new yaml file looks like:
--- :created: Sun Mar 16 11:26:59 -0400 2008 :algorithm: des3 :key: SOMESECRETVALUE :iv: ASECRETVALUEBASEDONTHEKEY
and the evil twin (that I store in a plugin):
EzCrypto::Key.class_eval do
attr_accessor :iv
def self.load(filename)
require 'yaml'
hash = YAML::load_file(filename)
req = proc { |k| hash[k] or raise "Missing element #{k} in #{filename}" }
key = self.new Base64.decode64(req.call(:key)) , :algorithm => req.call(:algorithm)
key.iv = hash[:iv] if hash[:iv]
return key
end
def iv=(base64_iv)
@iv = Base64.decode64(base64_iv)
end
end
EzCrypto::CipherWrapper.class_eval do
def initialize(key,target,mode,algorithm)
@cipher = OpenSSL::Cipher::Cipher.new(algorithm)
if mode
@cipher.encrypt
else
@cipher.decrypt
end
@cipher.key=key.raw
@cipher.iv = key.iv if key.iv
@cipher.padding=1
@target=target
@finished=false
end
end
A better solution would be create a ruby implementation for Keyzcar [1], since that it solves that problem.
[1] http://www.keyczar.org/