OpenSSL::Cipher::CipherError: Github CI ではサポートされていません
概要
高速対称アルゴリズムを使用して短い文字列を暗号化しようとしています(セキュリティは重要ではありません)。必要なのは短い暗号化された文字列だけです。
def encrypt(msg)
KEY = "346x4".freeze
ALGORITHM = "rc2-40-cbc".freeze
cipher = OpenSSL::Cipher.new(ALGORITHM)
cipher.encrypt
cipher.key = KEY
crypt = cipher.update(msg.to_s) + cipher.final
crypt_string = Base64.encode64(crypt)
crypt_string.rstrip
end
これは開発では機能しますが、Github CI では次のエラーで失敗します。
OpenSSL::Cipher::CipherError: unsupported
(Github CI上で) を実行しました:
OpenSSL::Cipher.ciphers
サポートされているアルゴリズムのリストを取得しました。
["aes-128-cbc","aes-128-cbc-hmac-sha1","aes-128-cbc-hmac-sha256","aes-128-ccm","aes-128-cfb","aes-128-cfb1","aes-128-cfb8","aes-128-ctr","aes-128-ecb","aes-128-gcm","aes-128-ocb","aes-128-ofb","aes-128-xts","aes-192-cbc","aes-192-ccm","aes-192-cfb","aes-192-cfb1","aes-192-cfb8","aes-192-ctr","aes-192-ecb","aes-192-gcm","aes-192-ocb","aes-192-ofb","aes-256-cbc","aes-256-cbc-hmac-sha1","aes-256-cbc-hmac-sha256","aes-256-ccm","aes-256-cfb","aes-256-cfb1","aes-256-cfb8","aes-256-ctr","aes-256-ecb","aes-256-gcm","aes-256-ocb","aes-256-ofb","aes-256-xts","aes128","aes128-wrap","aes192","aes192-wrap","aes256","aes256-wrap","aria-128-cbc","aria-128-ccm","aria-128-cfb","aria-128-cfb1","aria-128-cfb8","aria-128-ctr","aria-128-ecb","aria-128-gcm","aria-128-ofb","aria-192-cbc","aria-192-ccm","aria-192-cfb","aria-192-cfb1","aria-192-cfb8","aria-192-ctr","aria-192-ecb","aria-192-gcm","aria-192-ofb","aria-256-cbc","aria-256-ccm","aria-256-cfb","aria-256-cfb1","aria-256-cfb8","aria-256-ctr","aria-256-ecb","aria-256-gcm","aria-256-ofb","aria128","aria192","aria256","bf","bf-cbc","bf-cfb","bf-ecb","bf-ofb","blowfish","camellia-128-cbc","camellia-128-cfb","camellia-128-cfb1","camellia-128-cfb8","camellia-128-ctr","camellia-128-ecb","camellia-128-ofb","camellia-192-cbc","camellia-192-cfb","camellia-192-cfb1","camellia-192-cfb8","camellia-192-ctr","camellia-192-ecb","camellia-192-ofb","camellia-256-cbc","camellia-256-cfb","camellia-256-cfb1","camellia-256-cfb8","camellia-256-ctr","camellia-256-ecb","camellia-256-ofb","camellia128","camellia192","camellia256","cast","cast-cbc","cast5-cbc","cast5-cfb","cast5-ecb","cast5-ofb","chacha20","chacha20-poly1305","des","des-cbc","des-cfb","des-cfb1","des-cfb8","des-ecb","des-ede","des-ede-cbc","des-ede-cfb","des-ede-ecb","des-ede-ofb","des-ede3","des-ede3-cbc","des-ede3-cfb","des-ede3-cfb1","des-ede3-cfb8","des-ede3-ecb","des-ede3-ofb","des-ofb","des3","des3-wrap","desx","desx-cbc","id-aes128-CCM","id-aes128-GCM","id-aes128-wrap","id-aes128-wrap-pad","id-aes192-CCM","id-aes192-GCM","id-aes192-wrap","id-aes192-wrap-pad","id-aes256-CCM","id-aes256-GCM","id-aes256-wrap","id-aes256-wrap-pad","id-smime-alg-CMS3DESwrap","rc2","rc2-128","rc2-40","rc2-40-cbc","rc2-64","rc2-64-cbc","rc2-cbc","rc2-cfb","rc2-ecb","rc2-ofb","rc4","rc4-40","rc4-hmac-md5","seed","seed-cbc","seed-cfb","seed-ecb","seed-ofb","sm4","sm4-cbc","sm4-cfb","sm4-ctr","sm4-ecb","sm4-ofb"]
リストには rc2-40-cbc が含まれます。なぜ例外がスローされるのでしょうか?
解決策
最新バージョンの Ubuntu には、廃止されたアルゴリズムを含むレガシー プロバイダーがあります。 40 ビット キーを使用する RC2 は時代遅れであると考えられています。米国にはそのような弱いキーを必要とする輸出規制がなくなり、10 年以上も規制されていなかったためです。結果として、より安全でより高速なアルゴリズムが利用できるため、これらのアルゴリズムはほとんど使用されません。
OpenSSL 3.0 を備えた Ruby 3.3 では、レガシー プロバイダーをロードしてこのアルゴリズムを使用できます。
ruby -r openssl -e 'OpenSSL::Provider.load("legacy")'
それ以外の場合は、システムの OpenSSL 構成ファイルを変更する必要があります。
いずれの場合も、CBC 暗号化ごとに一意で予測不可能な IV が必要ですが、それを持っていないとセキュリティがまったく得られないことに注意してください。これにより、データの長さが少なくとも 64 ビット追加されます。一般に、ECB を除くすべてのモードでは、何らかの IV が必要であり、これを含める必要があり、一意である必要があります。
目的が単純に短い文字列を反転不可能な文字列に変換することであり、復号化する必要がなく、重複の可能性に対処できる場合は、単に SHA-256 などのハッシュ関数を使用して目的の値に切り捨てることを選択できます。長さ。 SHA-256 は最新のマシンのハードウェアで利用でき、非常に高速です。