mdp/gibberish mdp/gibberish

  • Stars
    star
    375
  • Rank 114,096 (Top 3 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 13 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mdp/gibberish
github

mdp

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple Ruby encryption module

Gibberish - A ruby encryption library

Travis

Note: It's 2017 and if you're looking for a modern and actively maintained Ruby encryption library you should do yourself a favor and check out RbNaCl. Gibberish was started in 2011 when encryption on Ruby was not a trivial matter, however thanks to projects like NaCl and LibSodium that's no longer the case.

NOTICE: Breaking Changes in 2.0

Checkout the Changelog for a full list of changes in 2.0

Goals

  • AES encryption should have sensible defaults
  • AES should be interoperable with SJCL for browser based decryption/encryption
  • Simple API for HMAC/Digests
  • Targets more recent versions of Ruby(>=2.0) with better OpenSSL support

Requirements

Ruby 2.0 or later, compiled with OpenSSL support

Installation

gem install gibberish

AES

AES encryption with sensible defaults:

  • 100,000 iterations of PBKDF2 password hardening
  • GCM mode with authentication
  • Ability to include authenticated data
  • Compatible with SJCL, meaning all ciphertext is decryptable in JS via SJCL

Encrypting

cipher = Gibberish::AES.new('p4ssw0rd')
cipher.encrypt("some secret text")
# => Outputs a JSON string containing everything that needs to be saved for future decryption
# Example:
# '{"v":1,"adata":"","ks":256,"ct":"ay2varjSFUMUmtvZeh9755GVyCkWHG0/BglJLQ==","ts":96,"mode":"gcm",
# "cipher":"aes","iter":100000,"iv":"K4ZShCQGL3UZr78y","salt":"diDUzbc9Euo="}'

Decrypting

cipher = Gibberish::AES.new('p4ssw0rd')
cipher.decrypt('{"v":1,"adata":"","ks":256,"ct":"ay2varjSFUMUmtvZeh9755GVyCkWHG0/BglJLQ==","ts":96,"mode":"gcm","cipher":"aes","iter":100000,"iv":"K4ZShCQGL3UZr78y","salt":"diDUzbc9Euo="}')
# => "some secret text"

Interoperability with SJCL (JavaScript - Browser/Node.js)

AES ciphertext from Gibberish is compatible with SJCL, a JavaScript library which works in the browser and Node.js

See the full docs for information on SJCL interoperability.

Gibberish 1.x Encryption (CBC)

Prior to Gibberish 2.0, the default encryption mode was CBC. You can still access this by calling it explicitly:

cipher = Gibberish::AES::CBC.new('p4ssw0rd')
cipher.encrypt("Some secret text")

HMAC

Gibberish::HMAC256("password", "data")
# => "cccf6f0334130a7010d62332c75b53e7d8cea715e52692b06e9cd41b05644be3"

See the full docs

Digests

Gibberish::MD5("somedata")
#=> aefaf7502d52994c3b01957636a3cdd2

Gibberish::SHA1("somedata")
#=> efaa311ae448a7374c122061bfed952d940e9e37

Gibberish::SHA224("somedata")
#=> a39b86d838273f5ff4879c26f85e3cb333bb44d73b24f275bad1a6c6

Gibberish::SHA256("somedata")
#=> 87d149cb424c0387656f211d2589fb5b1e16229921309e98588419ccca8a7362

Gibberish::SHA384("somedata")
#=> b6800736973cc061e3efb66a34f8bda8fa946804c6cc4f26a6b9b3950211078801709d0d82707c569a07c8f63c804c87

Gibberish::SHA512("somedata")
#=> a053441b6de662599ecb14c580d6637dcb856a66b2a40a952d39df772e47e98ea22f9e105b31463c5cf2472feae7649464fe89d99ceb6b0bc398a6926926f416

See the full docs

Run the tests

git clone https://github.com/mdp/gibberish.git
cd gibberish
make

Benchmarking AES with PBKDF2

make benchmark
# Change the PBKDF2 iterations
ITER=10000 make benchmark

More Repositories

1

rotp

Ruby One Time Password library
Ruby
1,525
star
2

gibberish-aes

A fully OpenSSL compliant javascript library for AES encryption.
JavaScript
471
star
3

qrterminal

QR Codes in your terminal
Go
446
star
4

JsPoker

Texas Hold'em as played by bots written in JS
JavaScript
192
star
5

PlaneBoard

Read your tweets on the go via DNS TXT records
Go
82
star
6

MachinePoker

Gambling.js
CoffeeScript
74
star
7

middlefiddle

Fiddle in the middle with HTTP/HTTPS traffic using Node.js
JavaScript
58
star
8

divining_rod

A mobile phone web request profiler
Ruby
48
star
9

AtlantaWaterMeter

Read the Neptune R900 (Atlanta's) smart water meters with a raspberry pi and an RTL-SDR
Shell
41
star
10

bluemonday-js

The bluemonday sanitizer compiled to JavaScript
JavaScript
38
star
11

GistEvernoteImport

Import your gists to Evernote for searching
Ruby
32
star
12

GSMTracker

Use an unactivated prepaid Android phone to track it's own location.
Java
30
star
13

honeypot.go

SSH Honeypot written in Go
Go
27
star
14

u2fdemo

U2F Demo and Debugger
JavaScript
26
star
15

morse.mdp.im

Morse code app and podcast focused on head copy
TypeScript
26
star
16

hoyle

A javascript poker hand evaluator
CoffeeScript
24
star
17

iMessageChatDecompile

A decompilation of iMessage Chat from Huluwa
23
star
18

SlidePrint

Print and Capture any DocSend deck or document
TypeScript
21
star
19

runnel

A really simple Ruby ssh tunnel manager
Ruby
21
star
20

monochromeoled

Golang Library for working with SSD1306 OLEDs
Go
18
star
21

binions

A javascript Texas Holdem tournament engine
CoffeeScript
17
star
22

gibberish-libsodium

An example of using Libsodium in the browser for simple secret key based encryption
JavaScript
16
star
23

gloss

Super simple HTTPS reverse proxy written in Go
Go
14
star
24

u2fcli

Command line tool for using U2F tokens
Go
13
star
25

cist

Curl to Gist
JavaScript
12
star
26

dotp

Decentralized One Time Passwords
JavaScript
12
star
27

sodiumbox

Libsodium's crypto_box_sealed in pure golang
Go
10
star
28

hoganjs-brunch

A brunch compiler for Mustache template, using Hogan.js
JavaScript
9
star
29

node-at-yahoo

Shameless ploy to recruit via npm
JavaScript
8
star
30

plentyofstats

Ruby
7
star
31

gotraceroute

A very half-ass version of traceroute in Go
Go
6
star
32

pitboss

Run dubious code in node!
CoffeeScript
6
star
33

smallfont

Small monospaced pixel font (8x8) and rasterizer for LED/LCD projects
Go
6
star
34

Economist-Kindle

No longer actively maintained. Use Michael Kaiser's project below
Ruby
6
star
35

dns_leak_client

Leak information via DNS queries. Perfect for communicating with servers from behind a firewall/pay portal/restricted network
Java
6
star
36

quickadmin

A merb slice to quickly add admin only access via OpenID
Ruby
4
star
37

gibberish-aes-ruby

A fork of Alex Boussinet's Ruby AES library modified to support OpenSSL AES
Ruby
4
star
38

delo

Utility for writing to an OLED on Raspberry Pi
Go
4
star
39

sjcl_rb

The SJCL project in Ruby for compatibility
Ruby
4
star
40

NCoinbase

NodeJS library to interface with Coinbase via OAuth 2.0
JavaScript
3
star
41

docker-pdf-tools

My hacky but useful PDF tools
Shell
3
star
42

dnstime

Get the current time from a dns query
Go
3
star
43

json-zips

Zip codes in JSON and mirrored on Google Code for easy querying.
Ruby
3
star
44

ESP32_DNS_Tracker

Rust
3
star
45

BaseCJK

BaseCJK encoding in Javascript
JavaScript
3
star
46

openobserve_github_action_logs

Send Github Action logs to an OpenObserve instance
TypeScript
2
star
47

dns_leak_server

The counter party to dns_leak
JavaScript
2
star
48

will_it_dial

A paranoid phone number validator
Ruby
2
star
49

go-statx

Simple CLI and library for StatX API
Go
2
star
50

simple_admin

A simple Open ID auth plugin for userless apps
Ruby
2
star
51

privacy_policy

My Privacy Policy for apps I make.
2
star
52

CellIdToGeo

Convert GSMTracker logs to Lat Long coordinates and display it on a map
JavaScript
2
star
53

prisma_hyperdx

A quick sample of tracing in Prisma with OpenTelemetry and sending it to HyperDX
TypeScript
2
star
54

optimus_prime

A lazy sunday hack - crack RSA keys in JS
JavaScript
1
star
55

pingtags_dmca

Copyright 2018 Mark Percival - All rights reserved
JavaScript
1
star
56

docker-shallot

Run shallot in docker
1
star
57

ephemeral_twitter

Ephemeral Twitter
Ruby
1
star
58

four_bites_aes

A cipher for encoding 4 byte integers - i.e. Obfuscate your MySQL record id's
Ruby
1
star
59

UiPathTextAndFileEncryptionFlaw

The technical details and information related to a severe flaw in the handling of encryption in a popular UiPath plugin
C#
1
star
60

webpacker-docker

An example application for Rails 5.2 + Webpacker 3.4.3 on Docker/Docker Compose
Ruby
1
star
61

BitcoinArtAttack

JavaScript
1
star
62

twitter_getter

A simple ruby gem for accessing the Twitter API
Ruby
1
star
63

dAuth

The dAuth App
JavaScript
1
star
64

pulley

Send pull requests to github via the command line - Gem now maintained by HQMQ at https://github.com/hqmq/pulley
Ruby
1
star
65

emailparse

Command line email parser - Personal use: bash scripts involving inbound email from SES
Go
1
star
66

rsc

RSC mirror of the QR code from code.google.com
Go
1
star
67

baroku

Demo for Codepath Nodejs Class
JavaScript
1
star
68

dotfiles

My dotfiles
Shell
1
star
69

docker-awscli

AWS and Elastic Beanstalk CLI in Docker
1
star
70

pls

Parse PLS files (Typically MP3 stream playlists)
CoffeeScript
1
star