Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CryptoRuby 101

Zoran Majstorovic
April 28, 2015
Programming
1
230

CryptoRuby 101

basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension

Zoran Majstorovic

April 28, 2015
Tweet

More Decks by Zoran Majstorovic

See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
220
Modeling a Solid Database
zmajstor
0
100
Ruby HTTP Clients
zmajstor
0
95

Other Decks in Programming

See All in Programming
nekko cloudにおけるProxmox VE利用事例
irumaru
3
430
「Chatwork」Android版アプリを 支える単体テストの現在
okuzawats
0
180
テスト自動化失敗から再挑戦しチームにオーナーシップを委譲した話/STAC2024 macho
ma_cho29
1
1.3k
今年一番支援させていただいたのは認証系サービスでした
satoshi256kbyte
1
250
Haze - Real time background blurring
chrisbanes
1
510
PHPとAPI Platformで作る本格的なWeb APIアプリケーション(入門編) / phpcon 2024 Intro to API Platform
ttskch
0
180
ソフトウェアの振る舞いに着目し 複雑な要件の開発に立ち向かう
rickyban
0
890
【re:Growth 2024】 Aurora DSQL をちゃんと話します!
maroon1st
0
770
あれやってみてー駆動から成長を加速させる / areyattemite-driven
nashiusagi
1
200
テストケースの名前はどうつけるべきか?
orgachem
PRO
0
130
今年のアップデートで振り返るCDKセキュリティのシフトレフト/2024-cdk-security-shift-left
tomoki10
0
200
tidymodelsによるtidyな生存時間解析 / Japan.R2024
dropout009
1
770

Featured

See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Building Your Own Lightsaber
phodgson
103
6.1k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Testing 201, or: Great Expectations
jmmastey
40
7.1k
Documentation Writing (for coders)
carmenintech
66
4.5k
RailsConf 2023
tenderlove
29
940
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
95
17k
Scaling GitHub
holman
458
140k
Visualization
eitanlees
146
15k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Designing for humans not robots
tammielis
250
25k

Transcript

  1. CryptoRuby 101 by [email protected] from A Professional Mobile Device Management

    Company

  2. CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring

    Ruby Standard Library Extension (OpenSSL) what to expect from today's

  3. (en|de)crypt symmetric encrypt with secret key decrypt with secret key

    asymmetric ecrypt with public key decrypt with private key

  4. • an open-source library, written in C • implements basic

    cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org

  5. require 'openssl' • Ruby Standard Library Extension:
 /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html

  6. symmetric-key cryptography 
 a cipher (or cypher) is an algorithm

    for 
 encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption

  7. CBC = Chiper Block Chaining CBC mode encryption

  8. CBC = Chiper Block Chaining CBC mode encryption

  9. source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption

  10. OpenSSL::Cipher Code Snippet

  11. msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =

    cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true

  12. ActiveSupport::MessageEncryptor 
 a simple way to encrypt values which get

    stored somewhere you don't trust

  13. ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100

    • default cipher algorythm is 'AES-256-CBC'

  14. ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar

    = parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb

  15. ActiveSupport::MessageEncryptor Code Snippet

  16. cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie

    = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  17. cookie = "user_id:1" salt = SecureRandom.random_bytes(64)
 pass = 'password'
 key

    = ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  18. Re-cap • explore OpenSSL namespace
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple

    OpenSSL::Cipher
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html 
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html

  19. Gems • ActiveSupport • SymmetricEncryption
 provides encryption of data for

    Ruby and Rails:
 https://github.com/reidmorrison/symmetric-encryption • Strongbox
 provides Public Key Encryption for ActiveRecord:
 https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption

  20. cryptofails.com “Be skeptical of everything you read and hear about

    crypto”