Closed dankimio closed 6 years ago
mt-clearhaus
commented
6 years ago FWIW, you could also consider having the decryption in C and make a binding to it :slightly_smiling_face: I am exploring the possibility here: https://github.com/clearhaus/aes256gcm_decrypt
rwdaigle
commented
6 years ago @dankimio Thank you for this!
I've run into an issue that is only resolved if ruby >= 2.4:
irb(main):002:0> cipher = OpenSSL::Cipher.new("aes-256-gcm").decrypt
=> #<OpenSSL::Cipher:0x00007fe8e6813e00>
irb(main):003:0> cipher.iv_len
=> 12
irb(main):004:0> cipher.iv_len=2
NoMethodError: undefined method `iv_len=' for #<OpenSSL::Cipher:0x00007fe8e6813e00>Normally just bumping the ruby requirement from 2.3 to 2.4 would be no big deal, but we're currently locked to 2.3 internally here at Spreedly. Not a blocker, but I'm going to investigate some other options here to see if we can have it both (broader ruby compatibility and no unsupported aead dependency).
Stay tuned 👍
rwdaigle
commented
6 years ago Went ahead and branched based on Ruby version. Current master, v0.4.0 and later, and all future dev will be on Ruby 2.4. v0.3.2 and prior, and the legacy-ruby branch, support Ruby 2.3 and lower.
This pull request drops
aeaddependency by using Ruby'sopensslgem with support foriv_lenfor AEAD ciphers. Therefore, there's no need to fetch the forked version ofaeadand maintainGemfile.lock.However,
opensslgem works only with Ruby 2.3 or later. I suggest that this pull request is merged into a separate branch unless there's no goal to support old Ruby versions (then it can be safely merged into master after testing).