Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CryptoRuby 101

Zoran Majstorovic
April 28, 2015
Programming
1
260

CryptoRuby 101

basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension

Zoran Majstorovic

April 28, 2015
Tweet

More Decks by Zoran Majstorovic

See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
230
Modeling a Solid Database
zmajstor
0
110
Ruby HTTP Clients
zmajstor
0
110

Other Decks in Programming

See All in Programming
生産性アップのためのAI個人活用
kunoyasu
0
650
RCPと宣言型ポリシーについてのお話し
kokitamura
2
150
PHPによる"非"構造化プログラミング入門 -本当に熱いスパゲティコードを求めて- #phperkaigi
o0h
PRO
0
1.1k
小さく段階的リリースすることで深夜メンテを回避する
mkmk884
2
130
Develop Faster With FrankenPHP
dunglas
2
2.6k
OpenTelemetryを活用したObservability入門 / Introduction to Observability with OpenTelemetry
seike460
PRO
0
340
今から始めるCursor / Windsurf / Cline
kengo_hayano
0
110
令和トラベルにおけるコンテンツ生成AIアプリケーション開発の実践
ippo012
1
260
Going Structural with Named Tuples
bishabosha
0
170
ローコードサービスの進化のためのモノレポ移行
taro28
1
330
複雑なフォームと複雑な状態管理にどう向き合うか / #newt_techtalk vol. 15
izumin5210
4
3.3k
Modern Angular: Renovation for Your Applications @angularDays 2025 Munich
manfredsteyer
PRO
0
140

Featured

See All Featured
Art, The Web, and Tiny UX
lynnandtonic
298
20k
How STYLIGHT went responsive
nonsquared
99
5.4k
Facilitating Awesome Meetings
lara
53
6.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.6k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
22
2.6k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Scaling GitHub
holman
459
140k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Building an army of robots
kneath
304
45k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
177
52k
Building Applications with DynamoDB
mza
94
6.3k

Transcript

  1. CryptoRuby 101 by [email protected] from A Professional Mobile Device Management

    Company

  2. CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring

    Ruby Standard Library Extension (OpenSSL) what to expect from today's

  3. (en|de)crypt symmetric encrypt with secret key decrypt with secret key

    asymmetric ecrypt with public key decrypt with private key

  4. • an open-source library, written in C • implements basic

    cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org

  5. require 'openssl' • Ruby Standard Library Extension:
 /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html

  6. symmetric-key cryptography 
 a cipher (or cypher) is an algorithm

    for 
 encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption

  7. CBC = Chiper Block Chaining CBC mode encryption

  8. CBC = Chiper Block Chaining CBC mode encryption

  9. source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption

  10. OpenSSL::Cipher Code Snippet

  11. msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =

    cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true

  12. ActiveSupport::MessageEncryptor 
 a simple way to encrypt values which get

    stored somewhere you don't trust

  13. ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100

    • default cipher algorythm is 'AES-256-CBC'

  14. ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar

    = parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb

  15. ActiveSupport::MessageEncryptor Code Snippet

  16. cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie

    = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  17. cookie = "user_id:1" salt = SecureRandom.random_bytes(64)
 pass = 'password'
 key

    = ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  18. Re-cap • explore OpenSSL namespace
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple

    OpenSSL::Cipher
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html 
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html

  19. Gems • ActiveSupport • SymmetricEncryption
 provides encryption of data for

    Ruby and Rails:
 https://github.com/reidmorrison/symmetric-encryption • Strongbox
 provides Public Key Encryption for ActiveRecord:
 https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption

  20. cryptofails.com “Be skeptical of everything you read and hear about

    crypto”