Gem: File Decryptor

Finding a leaked master.key is game over—but you need to prove impact. A portable decryptor script lets you extract AWS keys, DB passwords, and API tokens from the encrypted file in seconds.

# AES-256-CBC with IV from file
openssl enc -d -aes-256-cbc -in encrypted.gem -out decrypted.gem \
  -K <hex_key> -iv <hex_iv> -nopad

Add -pbkdf2 if key is derived from a password. gem file decryptor

A decryption script (let’s call it decrypt_gem_secrets.rb) mimics Rails’ internal decryption flow. It doesn’t need the rails gem installed—just openssl and base64. Here’s the conceptual logic: Finding a leaked master

Suppose you have an encrypted gem file called example.gem that you want to decrypt using the Gem File Decryptor tool. You can use the following command: Add -pbkdf2 if key is derived from a password

gem_file_decryptor decrypt -i example.gem -o decrypted_example.gem -k my_decryption_key

This command will decrypt the example.gem file using the provided decryption key and write the decrypted contents to a new file called decrypted_example.gem.

salt = data[0...32] ciphertext_with_tag = data[32..-1]

Avoid exposing keys, partial plaintext, or sensitive header fields in error messages or logs.