Re: [jruby-user] JRuby support for EzCrypto

Hi, Charlie,

Too bad Ola is not working on JRuby-OpenSSL anymore.  Unfortunately, these 
issues cited are not likely to be the only issues.  I tried a few simple ops in 
EzCrypto, and nothing worked.  So I ran one unit test suite of EzCrypto and 
pick a few issues from test failures and put them here.

I am under heavy time pressure to get a site working with direct credit card 
payment (hence the authorize net connection issues with HTTPS and the 
encryption issues for PCI compliance) due to holiday shopping season.  I will 
let you know if I can take a shot at JRuby-OpenSSL a few weeks from now.

Cheers,
Chiaming Hsu


----- Original Message ----
From: Charles Oliver Nutter <charles.nutter@xxxxxxx>
To: user@xxxxxxxxxxxxxxxxxx
Sent: Saturday, November 24, 2007 3:18:41 AM
Subject: Re: [jruby-user] JRuby support for EzCrypto


Chiaming Hsu wrote:
> EzCrypto / Active Crypto is a Ruby gem providing cryptographic
 operations on top of OpenSSL.  I have been trying recently to use it in a
 Rails application which I deployed on Tomcat through JRuby / Goldspike.
  There seems to be quite a bit of differences between the behavior of C
 OpenSSL and JRuby-OpenSSL that EzCrypto has tons of problems working
 within JRuby.  Some specific examples are:
> 
> **  lack of method 'umask' in File:Class (to tighten permissions on
 key files)
> **  possible unsupported cipher algorithm (aes128/ECB/PKCS5Padding)
> **  different expected invocation arguments (for example, required
 Initialization Vector in a certain cipher in Java while the same is not
 required in C OpenSSL)
> 
> 
> Is this observation on par with what others are experiencing?  
> 
> Does anyone has recommendations on a good way to do cryptography that
 would work on both JRuby and CRuby transparently?  (my development are
 done on CRuby but deployed to JRuby on production...)

Well here's the bad news...JRuby-OpenSSL is a complicated beast, and 
last time I asked him Ola wasn't interested in maintaining it anymore. 
So it needs a new owner. I'm sure he'd be willing to help someone get
 up 
to speed on it, especially if there were a real-world use that was 
failing, but otherwise I don't expect you'll see a lot of work getting 
done to fix bugs.

Are those the only issues you ran into? Of them, only two are OpenSSL 
issues, with the 'umask' issue being something we would fix in JRuby. 
The second issue could be mitigated with extra BouncyCastle libraries. 
The third issue could be an easy one to fix...just get the invocation 
arguments matching.

- Charlie

---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email





---------------------------------------------------------------------
To unsubscribe from this list please visit:

    http://xircles.codehaus.org/manage_email