Re: [jruby-user] JRuby support for EzCrypto

Chiaming Hsu wrote:
> EzCrypto / Active Crypto is a Ruby gem providing cryptographic operations on 
> top of OpenSSL.  I have been trying recently to use it in a Rails application 
> which I deployed on Tomcat through JRuby / Goldspike.  There seems to be quite 
> a bit of differences between the behavior of C OpenSSL and JRuby-OpenSSL that 
> EzCrypto has tons of problems working within JRuby.  Some specific examples are:
>
> **  lack of method 'umask' in File:Class (to tighten permissions on key files)
> **  possible unsupported cipher algorithm (aes128/ECB/PKCS5Padding)
> **  different expected invocation arguments (for example, required 
> Initialization Vector in a certain cipher in Java while the same is not 
> required in C OpenSSL)
>
>
> Is this observation on par with what others are experiencing?  
>
> Does anyone has recommendations on a good way to do cryptography that would 
> work on both JRuby and CRuby transparently?  (my development are done on CRuby 
> but deployed to JRuby on production...)

Well here's the bad news...JRuby-OpenSSL is a complicated beast, and 
last time I asked him Ola wasn't interested in maintaining it anymore. 
So it needs a new owner. I'm sure he'd be willing to help someone get up 
to speed on it, especially if there were a real-world use that was 
failing, but otherwise I don't expect you'll see a lot of work getting 
done to fix bugs.

Are those the only issues you ran into? Of them, only two are OpenSSL 
issues, with the 'umask' issue being something we would fix in JRuby. 
The second issue could be mitigated with extra BouncyCastle libraries. 
The third issue could be an easy one to fix...just get the invocation 
arguments matching.

- Charlie

---------------------------------------------------------------------
To unsubscribe from this list please visit:

   http://xircles.codehaus.org/manage_email