Ruby - unsupported cipher algorithm (AES-256-GCM)

8
votes

I'm getting the error:

unsupported cipher algorithm (AES-256-GCM) (RuntimeError)

But I seem to have all the requirements:

Ruby version:

$ ruby --version

ruby 2.1.2p95

OpenSSL does list gcm:

$ openssl enc -help 2>&1 | grep gcm

-aes-128-ecb -aes-128-gcm -aes-128-ofb
-aes-192-ecb -aes-192-gcm -aes-192-ofb
-aes-256-ecb -aes-256-gcm -aes-256-ofb

Ruby interpreter:

$ irb

2.1.2 :001 > require 'openssl'; puts OpenSSL::VERSION

1.1.0

=> nil

2.1.2 :002 > OpenSSL::Cipher.ciphers.include? "aes-128-gcm"

=> true

And yet I'm getting errors running this code:

2.1.2 :001 > require 'openssl'
 => true 
2.1.2 :002 > cipher = OpenSSL::Cipher::AES.new(128, :GCM)
RuntimeError: unsupported cipher algorithm (AES-128-GCM)
    from /home/m/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/openssl/cipher.rb:27:in `initialize'
    from /home/m/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/openssl/cipher.rb:27:in `block (3 levels) in <class:Cipher>'
    from (irb):2:in `new'
    from (irb):2
    from /home/m/.rvm/rubies/ruby-2.1.2/bin/irb:11:in `<main>'

How do I get GCM to work in ruby?

2
rubysecurityencryptionopensslaes-gcm
security.stackexchange.com/questions/30344/…, maybe? - Ry-♦
@false Yeah, I've read that but the answer was to update OpenSSL or update Ruby to use an updated OpenSSL version that supports GCM. I have both: Ruby reports using OpenSSL 1.1.0 and OpenSSL reports having gcm ciphers. So it doesn't seem that answer applies to this problem. - user3813959
I do too and can reproduce the same bug, but I’m not sure how much what it was linked against and what the library actually is can affect it. (Will it report the wrong version but still not be able to use GCM? I don’t know.) - Ry-♦
Have a look at OpenSSL::Cipher::AES.ciphers.grep /gcm/i. It lists 'aes-128-gcm' (all written in lower case). But the error is that it cannot find the cipher being all in upper case. The followign works, though: OpenSSL::Cipher.new('aes-128-gcm') - tessi
@tessi Thanks, that worked. Still, I wonder why the rubydocs say I can use AES.new(128, :GCM) - user3813959

2 Answers

7
votes

What works for me is

OpenSSL::Cipher.new('aes-128-gcm')

I am not sure why you get an error with your approach.

Edit:

It might be a upper/lower case issue. This might be an actual bug.

The following works:

OpenSSL::Cipher::AES.new(128, :CBC)

because we find "AES-128-CBC" (all upper case) in OpenSSL::Cipher::AES.ciphers. AES.new seems to search its ciphers with upper case characters.

Thus, the following does not work:

OpenSSL::Cipher::AES.new(128, :GCM)

because it is "aes-128-gcm" in the ciphers list.

0
votes

For some reason a reinstall of ruby with rbenv install 2.6.3 made the cut for me.