Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CryptoRuby 101
Search
Zoran Majstorovic
April 28, 2015
Programming
1
290
CryptoRuby 101
basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension
Zoran Majstorovic
April 28, 2015
Tweet
Share
More Decks by Zoran Majstorovic
See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
240
Modeling a Solid Database
zmajstor
0
110
Ruby HTTP Clients
zmajstor
0
110
Other Decks in Programming
See All in Programming
AI Coding Agentのセキュリティリスク:PRの自己承認とメルカリの対策
s3h
0
230
個人軟體時代
ethanhuang13
0
330
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
marcoroth
0
710
go test -json そして testing.T.Attr / Kyoto.go #63
utgwkk
3
310
Kiroで始めるAI-DLC
kaonash
2
620
知っているようで知らない"rails new"の世界 / The World of "rails new" You Think You Know but Don't
luccafort
PRO
1
180
How Android Uses Data Structures Behind The Scenes
l2hyunwoo
0
480
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
550
Flutter with Dart MCP: All You Need - 박제창 2025 I/O Extended Busan
itsmedreamwalker
0
150
速いWebフレームワークを作る
yusukebe
5
1.7k
Zendeskのチケットを Amazon Bedrockで 解析した
ryokosuge
3
310
私の後悔をAWS DMSで解決した話
hiramax
4
210
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
How GitHub (no longer) Works
holman
315
140k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
810
The Invisible Side of Design
smashingmag
301
51k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Facilitating Awesome Meetings
lara
55
6.5k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
580
Transcript
CryptoRuby 101 by
[email protected]
from A Professional Mobile Device Management
Company
CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring
Ruby Standard Library Extension (OpenSSL) what to expect from today's
(en|de)crypt symmetric encrypt with secret key decrypt with secret key
asymmetric ecrypt with public key decrypt with private key
• an open-source library, written in C • implements basic
cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org
require 'openssl' • Ruby Standard Library Extension: /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html
symmetric-key cryptography a cipher (or cypher) is an algorithm
for encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption
CBC = Chiper Block Chaining CBC mode encryption
CBC = Chiper Block Chaining CBC mode encryption
source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption
OpenSSL::Cipher Code Snippet
msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =
cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true
ActiveSupport::MessageEncryptor a simple way to encrypt values which get
stored somewhere you don't trust
ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100
• default cipher algorythm is 'AES-256-CBC'
ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar
= parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb
ActiveSupport::MessageEncryptor Code Snippet
cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie
= chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
cookie = "user_id:1" salt = SecureRandom.random_bytes(64) pass = 'password' key
= ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
Re-cap • explore OpenSSL namespace http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple
OpenSSL::Cipher http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html
Gems • ActiveSupport • SymmetricEncryption provides encryption of data for
Ruby and Rails: https://github.com/reidmorrison/symmetric-encryption • Strongbox provides Public Key Encryption for ActiveRecord: https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption
cryptofails.com “Be skeptical of everything you read and hear about
crypto”