Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CryptoRuby 101
Search
Zoran Majstorovic
April 28, 2015
Programming
350
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
CryptoRuby 101
basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension
Zoran Majstorovic
April 28, 2015
More Decks by Zoran Majstorovic
See All by Zoran Majstorovic
Swift for Rubyists
zmajstor
0
16
Microservices with RabbitMQ
zmajstor
1
270
Modeling a Solid Database
zmajstor
0
140
Ruby HTTP Clients
zmajstor
0
120
Other Decks in Programming
See All in Programming
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
220
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
400
LLMによるContent Moderationの本番運用の裏側と品質担保への挑戦
suikabar
3
740
JavaDoc 再入門
nagise
1
410
ふつうのFeature Flag実践入門
irof
8
4.2k
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
2
720
TypeScript+Orvalで実現する型安全かつ堅牢でスケーラブルなマルチチャネル通知基盤 / TSKaigi Night talks ~after conference~
d0riven
0
360
Make SRE Operations Easier with Azure SRE Agent
kkamegawa
0
7.8k
なぜ型を書くのか? TSKaigi2026で改めて考える #tskaigi_smarthr
kajitack
0
140
Agentic UI
manfredsteyer
PRO
0
190
気づいたらRubyで100作品 ー クリエイティブコーディングが生活の一部になるまで / 100 Ruby Sketches Later: How Creative Coding Became Part of My Life
chobishiba
3
610
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
190
Featured
See All Featured
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
610
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.5k
Site-Speed That Sticks
csswizardry
13
1.2k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
1.1k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
150
The SEO Collaboration Effect
kristinabergwall1
1
490
Fireside Chat
paigeccino
42
4k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
430
Evolving SEO for Evolving Search Engines
ryanjones
0
220
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
250
Transcript
CryptoRuby 101 by
[email protected]
from A Professional Mobile Device Management
Company
CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring
Ruby Standard Library Extension (OpenSSL) what to expect from today's
(en|de)crypt symmetric encrypt with secret key decrypt with secret key
asymmetric ecrypt with public key decrypt with private key
• an open-source library, written in C • implements basic
cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org
require 'openssl' • Ruby Standard Library Extension: /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html
symmetric-key cryptography a cipher (or cypher) is an algorithm
for encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption
CBC = Chiper Block Chaining CBC mode encryption
CBC = Chiper Block Chaining CBC mode encryption
source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption
OpenSSL::Cipher Code Snippet
msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =
cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true
ActiveSupport::MessageEncryptor a simple way to encrypt values which get
stored somewhere you don't trust
ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100
• default cipher algorythm is 'AES-256-CBC'
ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar
= parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb
ActiveSupport::MessageEncryptor Code Snippet
cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie
= chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
cookie = "user_id:1" salt = SecureRandom.random_bytes(64) pass = 'password' key
= ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
Re-cap • explore OpenSSL namespace http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple
OpenSSL::Cipher http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html
Gems • ActiveSupport • SymmetricEncryption provides encryption of data for
Ruby and Rails: https://github.com/reidmorrison/symmetric-encryption • Strongbox provides Public Key Encryption for ActiveRecord: https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption
cryptofails.com “Be skeptical of everything you read and hear about
crypto”