Project

aesx

0.0
The project is in a healthy, maintained state
aesxuidzip/aesxHomepageDocumentationSource CodeBug TrackerWiki
Provides almost the same interface as the AES gem, but with modern ciphers and compression. The default cipher is AES-256-GCM. See the README for details.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
334
Stars
1
Forks
0
Watchers
1
 Releases
Current version
0.1.4
Total releases
3
First release
2025-02-28
Latest release
2025-03-03
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-03-01
Reverse Dependencies
0

 Dependencies

Development

lz4-ruby
>= 0
snappy
>= 0
zstd-ruby
>= 0

Runtime

openssl
>= 2.0
 Project Readme

AESX

A lightweight encryption library that provides an extended version of the popular AES gem interface with modern ciphers. The default cipher is AES-256-GCM. Other than the output formats being slightly extended to accommodate GCM authentication tags and compression indicators, this is a drop-in replacement for the AES gem. The API of that gem is fully implemented. AESX adds a binary format which is more efficiently stored than base64, and compression.

Security-wise, GCM ciphers provide tampering prevention and data integrity automatically. When using AESX, a regular password-style key of any length can be provided and a cryptographically secure encryption key will be generated using a key derivation function.

Installation

Add this line to your application's Gemfile:

gem 'aesx'

And then execute:

$ bundle install

Or install it yourself:

$ gem install aesx

Usage

Basic Encryption and Decryption

require 'aesx'

# Encrypt with a key
key = AESX.key
encrypted = AESX.encrypt("Secret message", key)

# Decrypt
decrypted = AESX.decrypt(encrypted, key)

Using Different Ciphers

# List available ciphers
puts AESX.cipher_list

# Use a specific cipher
key = AESX.key(cipher: 'CHACHA20-POLY1305')
encrypted = AESX.encrypt("Secret message", key, cipher: 'CHACHA20-POLY1305')
decrypted = AESX.decrypt(encrypted, key, cipher: 'CHACHA20-POLY1305')

Compression

# Compression is enabled by default
encrypted = AESX.encrypt("Large content to encrypt", key)

# Disable compression
encrypted = AESX.encrypt("Data to encrypt", key, compression: false)

# Specify a compression algorithm
encrypted = AESX.encrypt("Large content to encrypt", key, compression: :zstd)
encrypted = AESX.encrypt("Large content to encrypt", key, compression: :snappy)
encrypted = AESX.encrypt("Large content to encrypt", key, compression: :lz4)

Compression Information

# Check what compression algorithms are available (what gems loaded)
AESX.available_compression  # => [:zstd, :snappy, :lz4]

# Check the default compression algorithm
AESX.default_compression    # => :zstd

Available compression algorithms:

  • :zstd - High compression ratio with good speed (default if available)
  • :snappy - Fast compression with moderate ratio
  • :lz4 - Very fast compression with lower ratio

AESX attempts to load zstd, then snappy, then lz4. The first one that loads successfully is the default. If none of them load, compression is disabled. Install gems to have compression available:

Compression Ruby gem JRuby gem
:zstd zstd-ruby zstandard-ruby
:snappy snappy jruby-snappy
:lz4 lz4-ruby jruby-lz4

Output Formats

AESX supports multiple output formats:

# Base64 encoded string (default)
encrypted = AESX.encrypt("Secret message", key, format: :base_64)

# Raw binary output
encrypted = AESX.encrypt("Secret message", key, format: :binary)

# Array of components [iv, ciphertext, auth_tag, compression_algorithm]
encrypted = AESX.encrypt("Secret message", key, format: :plain)

Advanced Usage

You don’t have to supply the cipher with every operation. You can instead create an object configured for a particular cipher, and then reuse that object for multiple operations.

# Create an AESX object for multiple operations
cipher = AESX::AESX.new(key, {
  cipher: 'AES-192-GCM',
  padding: true,
  compression: :snappy,
  auth_data: "additional authentication data" # for GCM mode
})

encrypted1 = cipher.encrypt("Message 1")
encrypted2 = cipher.encrypt("Message 2")

Supported Ciphers

  • AES-128/192/256-GCM
  • AES-128/192/256-CTR
  • ARIA-128/192/256-CTR1
  • SM4-CTR2
  • SM4-GCM2
  • CHACHA20-POLY1305

The actual list depends on your OpenSSL version. Use AESX.cipher_list to see available ciphers.

Cross-Platform Compatibility

The compression information is stored as part of the encrypted data, so files encrypted on one system can be decrypted on another, even if different compression libraries are available. If the required compression algorithm is not available during decryption, a clear error message will be displayed. Compression can also be completely disabled.

Notes on Security

  • GCM and CHACHA20-POLY1305 provide authenticated encryption, meaning they detect tampering with the encrypted data
  • When using CTR mode, no authentication is provided
  • You can use AESX to provide a secure random key (generated with AESX.key)
  • CRITICAL SECURITY WARNING: Never store the encryption key with the encrypted data
    • Storing key and encrypted data together compromises all encryption
    • Manage keys separately using secure key management practices
  • When providing your own key via a password, key derivation uses PBKDF2 with a deterministic salt derived from the input
    • Ensures consistent key stretching across systems
    • Requires OpenSSL >= 1.0.0
    • The same input/password will always produce the same derived key

License

This library is available as open source under the terms of the MIT License.

Footnotes

  1. ARIA is a block cipher developed by South Korean cryptographers and is widely used in South Korea, particularly in government and financial systems. ↩

  2. SM4 is the Chinese national standard block cipher algorithm and is commonly used within China in government and regulated industries. ↩ ↩2