Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CryptoRuby 101
Search
Zoran Majstorovic
April 28, 2015
Programming
1
290
CryptoRuby 101
basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension
Zoran Majstorovic
April 28, 2015
Tweet
Share
More Decks by Zoran Majstorovic
See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
240
Modeling a Solid Database
zmajstor
0
110
Ruby HTTP Clients
zmajstor
0
110
Other Decks in Programming
See All in Programming
Goで作る、開発・CI環境
sin392
0
260
Hack Claude Code with Claude Code
choplin
7
2.5k
スタートアップの急成長を支えるプラットフォームエンジニアリングと組織戦略
sutochin26
1
7.3k
脱Riverpod?fqueryで考える、TanStack Queryライクなアーキテクチャの可能性
ostk0069
0
500
React は次の10年を生き残れるか:3つのトレンドから考える
oukayuka
7
2.4k
「テストは愚直&&網羅的に書くほどよい」という誤解 / Test Smarter, Not Harder
munetoshi
0
200
Azure AI Foundryではじめてのマルチエージェントワークフロー
seosoft
0
200
Git Sync を超える!OSS で実現する CDK Pull 型デプロイ / Deploying CDK with PipeCD in Pull-style
tkikuc
4
350
はじめてのWeb API体験 ー 飲食店検索アプリを作ろうー
akinko_0915
0
140
MDN Web Docs に日本語翻訳でコントリビュートしたくなる
ohmori_yusuke
1
130
可変変数との向き合い方 $$変数名が踊り出す$$ / php conference Variable variables
gunji
0
180
Flutterで備える!Accessibility Nutrition Labels完全ガイド
yuukiw00w
0
170
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
990
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
Side Projects
sachag
455
42k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.7k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Unsuck your backbone
ammeep
671
58k
It's Worth the Effort
3n
185
28k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
47
9.6k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
How to Ace a Technical Interview
jacobian
278
23k
A designer walks into a library…
pauljervisheath
207
24k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Transcript
CryptoRuby 101 by
[email protected]
from A Professional Mobile Device Management
Company
CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring
Ruby Standard Library Extension (OpenSSL) what to expect from today's
(en|de)crypt symmetric encrypt with secret key decrypt with secret key
asymmetric ecrypt with public key decrypt with private key
• an open-source library, written in C • implements basic
cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org
require 'openssl' • Ruby Standard Library Extension: /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html
symmetric-key cryptography a cipher (or cypher) is an algorithm
for encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption
CBC = Chiper Block Chaining CBC mode encryption
CBC = Chiper Block Chaining CBC mode encryption
source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption
OpenSSL::Cipher Code Snippet
msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =
cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true
ActiveSupport::MessageEncryptor a simple way to encrypt values which get
stored somewhere you don't trust
ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100
• default cipher algorythm is 'AES-256-CBC'
ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar
= parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb
ActiveSupport::MessageEncryptor Code Snippet
cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie
= chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
cookie = "user_id:1" salt = SecureRandom.random_bytes(64) pass = 'password' key
= ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
Re-cap • explore OpenSSL namespace http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple
OpenSSL::Cipher http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html
Gems • ActiveSupport • SymmetricEncryption provides encryption of data for
Ruby and Rails: https://github.com/reidmorrison/symmetric-encryption • Strongbox provides Public Key Encryption for ActiveRecord: https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption
cryptofails.com “Be skeptical of everything you read and hear about
crypto”