Forum: Ruby ruby openssl

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Raghu 2. (Guest)
on 2009-03-26 11:05

Whats the ruby equivalent code for the following decryption code which
written in java.

1.7  Decrypt Token
    To be completed.
1.7.1  Sample Java Code

import java.util.HashMap;
import java.util.Map;

import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;

public class TokenDecrypter {
  public static final String UTF8_ENC = "UTF-8";
  public byte [] hmacKey = null;
  public byte [] cipherKey = null;

  // derive the hmac Key and the CipherKey with initialization using the
Cert Id

  public TokenDecrypter (String certId) throws NoSuchAlgorithmException

    MessageDigest md = MessageDigest.getInstance("SHA1");
    byte [] masterKey = certId.getBytes();
    byte [] baseHmac = new byte[masterKey.length +1];
    baseHmac[0] = 1; //Use 1 for first bit in the key
    System.arraycopy(masterKey, 0, baseHmac, 1, masterKey.length);
    hmacKey = md.digest();

    byte [] baseCipher = new byte[masterKey.length +1];
    baseCipher[0] = 0; //Use 0 for first bit in the key
    System.arraycopy(masterKey, 0, baseCipher, 1, masterKey.length);
    byte [] hash = md.digest();

    cipherKey = new byte[16]; //16byte = 128 bit encryption is used
        System.arraycopy(hash, 0, cipherKey, 0,16);

  public String decrypt(String cipherTxt)  throws
GeneralSecurityException, UnsupportedEncodingException {

    Mac hmacObj = Mac.getInstance("HMACSHA1");

    // first Base64 Decode
    byte[] bin = Base64.decodeBase64(cipherTxt.getBytes());

    //seperate  the hmac from the cipher
    byte [] hmacReceived = new byte[20];
    System.arraycopy(bin, bin.length-20, hmacReceived, 0, 20);

    //seperate  the cipher from the hmac
    byte [] cipherBytes = new byte[bin.length-20];
    System.arraycopy(bin, 0, cipherBytes, 0, cipherBytes.length);

    // Hmac Verification Part
      Key hmacKey = new SecretKeySpec(this.hmacKey, "HMACSHA1");
      byte actual[] = hmacObj.doFinal();

      if (actual.length != hmacReceived.length)
        throw new GeneralSecurityException("Integrity of the message
could not be verified");

      for (int i=0; i < actual.length; i++) {
          if (actual[i] != hmacReceived[i]) {
            throw new GeneralSecurityException("HMAC verification

      // Perform AES Decryption

      byte iv[] = new byte[16]; //CIPHER_BLOCK_SIZE
      System.arraycopy(cipherBytes, 0, iv, 0, iv.length);
      SecretKeySpec   key = new SecretKeySpec(this.cipherKey, "AES");
            Cipher  cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
      IvParameterSpec ivSpec = new IvParameterSpec(iv);
      cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
      byte[] decrypted = cipher.doFinal(cipherBytes, 16 ,
cipherBytes.length-16); //discount the 16 byte IV

    return new String(decrypted, UTF8_ENC).toString();

  public Map<String, String> unwrap(String cypherText)   throws
GeneralSecurityException, UnsupportedEncodingException {
    String decryptedText = decrypt(cypherText);
    Map<String, String> keyValuePairs = getKeyValuePairs(decryptedText);
    return keyValuePairs;

  public Map<String, String> getKeyValuePairs(String decryptedText)
throws UnsupportedEncodingException {
    Map<String, String> keyValuePairs = new HashMap<String, String>();

    String[] items = decryptedText.split("[&=]");

    for (int i = 0; i < items.length;) {
      String key = URLDecoder.decode(items[i++], UTF8_ENC);
      String value = URLDecoder.decode(items[i++], UTF8_ENC);
      keyValuePairs.put(key, value);

    return keyValuePairs;

  public static void main(String[] str) throws Exception {
    String myCertId = "xxxxxxx";
    TokenDecrypter tokenDecrypter = new TokenDecrypter(myCertId);
    String token = null;//request.getParameter("st"); //Or tokenValue
from EPI request

    Map<String, String> keyValuePairs = tokenDecrypter.unwrap(token);

    String userName = keyValuePairs.get("un");
    String authToken = keyValuePairs.get("at");
    String eiasToken = keyValuePairs.get("es");

Brian C. (Guest)
on 2009-03-27 16:51

Don't post homework (or worse, commercial work) problems, because we
won't do them for you.

The documentation for ruby openssl can be found by typing "ruby openssl"
into Google (it's the first hit)

Example code can be found in the ruby distribution tarball in the
sample/openssl directory, or at
on the web.

The Ruby openssl code is just a very thin wrapper around the openssl
library, so openssl's C API documentation will tell you everything you
need to know.

Then start writing code. Then when you have a specific problem, come
back here. Narrow down the problem until you find a few lines of your
Java code which produce a different result to the Ruby code you have

Adding debugging output to show that the conditions are the same in both
pieces of code *before* this snippet runs, but different *after* it
runs. Then if you can't work out why one behaves differently to the
other, post the two pieces of code here together with the start and end
debugging output.
This topic is locked and can not be replied to.