Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CryptoRuby 101
Search
Zoran Majstorovic
April 28, 2015
Programming
1
290
CryptoRuby 101
basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension
Zoran Majstorovic
April 28, 2015
Tweet
Share
More Decks by Zoran Majstorovic
See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
250
Modeling a Solid Database
zmajstor
0
110
Ruby HTTP Clients
zmajstor
0
110
Other Decks in Programming
See All in Programming
Devoxx BE - Local Development in the AI Era
kdubois
0
130
チームの境界をブチ抜いていけ
tokai235
0
180
『毎日の移動』を支えるGoバックエンド内製開発
yutautsugi
2
250
CSC509 Lecture 05
javiergs
PRO
0
300
XP, Testing and ninja testing ZOZ5
m_seki
3
700
Claude CodeによるAI駆動開発の実践 〜そこから見えてきたこれからのプログラミング〜
iriikeita
0
280
bootcamp2025_バックエンド研修_WebAPIサーバ作成.pdf
geniee_inc
0
110
株式会社 Sun terras カンパニーデック
sunterras
0
330
非同期jobをtransaction内で 呼ぶなよ!絶対に呼ぶなよ!
alstrocrack
0
970
はじめてのDSPy - 言語モデルを『プロンプト』ではなく『プログラミング』するための仕組み
masahiro_nishimi
2
550
デミカツ切り抜きで面倒くさいことはPythonにやらせよう
aokswork3
0
250
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
190
Featured
See All Featured
Producing Creativity
orderedlist
PRO
347
40k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3k
Automating Front-end Workflow
addyosmani
1371
200k
Site-Speed That Sticks
csswizardry
13
910
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.7k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
We Have a Design System, Now What?
morganepeng
53
7.8k
Raft: Consensus for Rubyists
vanstee
140
7.1k
Reflections from 52 weeks, 52 projects
jeffersonlam
353
21k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.5k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.6k
Building Adaptive Systems
keathley
44
2.8k
Transcript
CryptoRuby 101 by
[email protected]
from A Professional Mobile Device Management
Company
CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring
Ruby Standard Library Extension (OpenSSL) what to expect from today's
(en|de)crypt symmetric encrypt with secret key decrypt with secret key
asymmetric ecrypt with public key decrypt with private key
• an open-source library, written in C • implements basic
cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org
require 'openssl' • Ruby Standard Library Extension: /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html
symmetric-key cryptography a cipher (or cypher) is an algorithm
for encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption
CBC = Chiper Block Chaining CBC mode encryption
CBC = Chiper Block Chaining CBC mode encryption
source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption
OpenSSL::Cipher Code Snippet
msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =
cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true
ActiveSupport::MessageEncryptor a simple way to encrypt values which get
stored somewhere you don't trust
ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100
• default cipher algorythm is 'AES-256-CBC'
ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar
= parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb
ActiveSupport::MessageEncryptor Code Snippet
cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie
= chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
cookie = "user_id:1" salt = SecureRandom.random_bytes(64) pass = 'password' key
= ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
Re-cap • explore OpenSSL namespace http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple
OpenSSL::Cipher http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html
Gems • ActiveSupport • SymmetricEncryption provides encryption of data for
Ruby and Rails: https://github.com/reidmorrison/symmetric-encryption • Strongbox provides Public Key Encryption for ActiveRecord: https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption
cryptofails.com “Be skeptical of everything you read and hear about
crypto”