From: "MartinBosslet (Martin Bosslet)" Date: 2012-11-14T11:07:01+09:00 Subject: [ruby-core:49326] [ruby-trunk - Feature #6980] OpenSSL support for AEAD additional authenticated data and tags Issue #6980 has been updated by MartinBosslet (Martin Bosslet). This would definitely be on my list for 2.0. Sorry for not having been more responsive. I talked with nahi at RubyConf about the tickets that are still open at the moment. I will ask if it is possible to extend the feature freeze for some of the items, there might be a chance. I, too, would like to see this make it into 2.0! ---------------------------------------- Feature #6980: OpenSSL support for AEAD additional authenticated data and tags https://bugs.ruby-lang.org/issues/6980#change-32884 Author: stouset (Stephen Touset) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: 2.0.0 =begin I've added support to OpenSSL::Cipher to support AEAD modes of operation. AEAD modes allow for plaintext additional authentication data to be combined with a ciphertext to generate a "tag" (e.g., a MAC). This tag can then be verified during decryption to ensure the secret key, nonce (IV), additional authentication data, ciphertext, and tag have not been changed or manipulated. Usage can be inferred through documentation and tests. cipher = OpenSSL::Cipher.new('aes-256-gcm') cipher.encrypt cipher.key = 'key' cipher.iv = 'iv' cipher.aad = 'aad' ct = cipher.update('plain') tag = cipher.gcm_tag cipher.reset cipher.decrypt cipher.key = 'key' cipher.iv = 'iv' cipher.gcm_tag = 'tag' cipher.aad = 'aad' cipher.update(ct) + cipher.verify + cipher.final # => 'plain' cipher.reset cipher.decrypt cipher.key = 'key' cipher.iv = 'iv' cipher.gcm_tag = 'tag' cipher.aad = 'aad' cipher.update(ct[0..-2] << ct[-1].succ) + cipher.verify + cipherfinal # => OpenSSL::Cipher::CipherError =end -- http://bugs.ruby-lang.org/