8

I'm getting the error:

unsupported cipher algorithm (AES-256-GCM) (RuntimeError)

But I seem to have all the requirements:

Ruby version:

$ ruby --version

ruby 2.1.2p95

OpenSSL does list gcm:

$ openssl enc -help 2>&1 | grep gcm

-aes-128-ecb -aes-128-gcm -aes-128-ofb
-aes-192-ecb -aes-192-gcm -aes-192-ofb
-aes-256-ecb -aes-256-gcm -aes-256-ofb

Ruby interpreter:

$ irb

2.1.2 :001 > require 'openssl'; puts OpenSSL::VERSION

1.1.0

=> nil

2.1.2 :002 > OpenSSL::Cipher.ciphers.include? "aes-128-gcm"

=> true

And yet I'm getting errors running this code:

2.1.2 :001 > require 'openssl'
 => true 
2.1.2 :002 > cipher = OpenSSL::Cipher::AES.new(128, :GCM)
RuntimeError: unsupported cipher algorithm (AES-128-GCM)
    from /home/m/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/openssl/cipher.rb:27:in `initialize'
    from /home/m/.rvm/rubies/ruby-2.1.2/lib/ruby/2.1.0/openssl/cipher.rb:27:in `block (3 levels) in <class:Cipher>'
    from (irb):2:in `new'
    from (irb):2
    from /home/m/.rvm/rubies/ruby-2.1.2/bin/irb:11:in `<main>'

How do I get GCM to work in ruby?

user3813959
  • 83
  • 1
  • 3
  • https://security.stackexchange.com/questions/30344/why-does-openssl-not-include-aes-256-gcm#comment47419_30345, maybe? – Ry- Jul 07 '14 at 20:51
  • @false Yeah, I've read that but the answer was to update OpenSSL or update Ruby to use an updated OpenSSL version that supports GCM. I have both: Ruby reports using OpenSSL 1.1.0 and OpenSSL reports having gcm ciphers. So it doesn't seem that answer applies to this problem. – user3813959 Jul 07 '14 at 20:56
  • 1
    I do too and can reproduce the same bug, but I’m not sure how much what it was linked against and what the library actually is can affect it. (Will it report the wrong version but still not be able to use GCM? I don’t know.) – Ry- Jul 07 '14 at 21:01
  • 1
    Have a look at `OpenSSL::Cipher::AES.ciphers.grep /gcm/i`. It lists 'aes-128-gcm' (all written in lower case). But the error is that it cannot find the cipher being all in upper case. The followign works, though: `OpenSSL::Cipher.new('aes-128-gcm')` – tessi Jul 07 '14 at 21:08
  • 1
    @tessi Thanks, that worked. Still, I wonder why the rubydocs say I can use `AES.new(128, :GCM)` – user3813959 Jul 07 '14 at 21:15

2 Answers2

7

What works for me is

OpenSSL::Cipher.new('aes-128-gcm')

I am not sure why you get an error with your approach.

Edit:

It might be a upper/lower case issue. This might be an actual bug.

The following works:

OpenSSL::Cipher::AES.new(128, :CBC)

because we find "AES-128-CBC" (all upper case) in OpenSSL::Cipher::AES.ciphers. AES.new seems to search its ciphers with upper case characters.

Thus, the following does not work:

OpenSSL::Cipher::AES.new(128, :GCM)

because it is "aes-128-gcm" in the ciphers list.

tessi
  • 12,475
  • 3
  • 34
  • 48
0

For some reason a reinstall of ruby with rbenv install 2.6.3 made the cut for me.

sekmo
  • 1,090
  • 13
  • 22