Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CryptoRuby 101

Zoran Majstorovic
April 28, 2015
Programming
1
240

CryptoRuby 101

basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension

Zoran Majstorovic

April 28, 2015
Tweet

More Decks by Zoran Majstorovic

See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
220
Modeling a Solid Database
zmajstor
0
100
Ruby HTTP Clients
zmajstor
0
99

Other Decks in Programming

See All in Programming
ATDDで素早く安定した デリバリを実現しよう!
tonnsama
1
1.9k
KMP와 kotlinx.rpc로 서버와 클라이언트 동기화
kwakeuijin
0
300
AHC041解説
terryu16
0
400
オニオンアーキテクチャを使って、 Unityと.NETでコードを共有する
soi013
0
370
PHPで学ぶプログラミングの教訓 / Lessons in Programming Learned through PHP
nrslib
4
1.1k
見えないメモリを観測する: PHP 8.4 `pg_result_memory_size()` とSQL結果のメモリ管理
kentaroutakeda
0
940
Запуск 1С:УХ в крупном энтерпрайзе: мечта и реальность ПМа
lamodatech
0
950
DMMオンラインサロンアプリのSwift化
hayatan
0
190
PicoRubyと暮らす、シェアハウスハック
ryosk7
0
220
PHPとAPI Platformで作る本格的なWeb APIアプリケーション(入門編) / phpcon 2024 Intro to API Platform
ttskch
0
390
どうして手を動かすよりもチーム内のコードレビューを優先するべきなのか
okashoi
3
870
月刊 競技プログラミングをお仕事に役立てるには
terryu16
1
1.2k

Featured

See All Featured
Making the Leap to Tech Lead
cromwellryan
133
9k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
26
1.9k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
A designer walks into a library…
pauljervisheath
205
24k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
GitHub's CSS Performance
jonrohan
1030
460k
Done Done
chrislema
182
16k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
Visualization
eitanlees
146
15k
Designing Experiences People Love
moore
139
23k

Transcript

  1. CryptoRuby 101 by [email protected] from A Professional Mobile Device Management

    Company

  2. CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring

    Ruby Standard Library Extension (OpenSSL) what to expect from today's

  3. (en|de)crypt symmetric encrypt with secret key decrypt with secret key

    asymmetric ecrypt with public key decrypt with private key

  4. • an open-source library, written in C • implements basic

    cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org

  5. require 'openssl' • Ruby Standard Library Extension:
 /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html

  6. symmetric-key cryptography 
 a cipher (or cypher) is an algorithm

    for 
 encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption

  7. CBC = Chiper Block Chaining CBC mode encryption

  8. CBC = Chiper Block Chaining CBC mode encryption

  9. source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption

  10. OpenSSL::Cipher Code Snippet

  11. msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =

    cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true

  12. ActiveSupport::MessageEncryptor 
 a simple way to encrypt values which get

    stored somewhere you don't trust

  13. ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100

    • default cipher algorythm is 'AES-256-CBC'

  14. ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar

    = parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb

  15. ActiveSupport::MessageEncryptor Code Snippet

  16. cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie

    = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  17. cookie = "user_id:1" salt = SecureRandom.random_bytes(64)
 pass = 'password'
 key

    = ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  18. Re-cap • explore OpenSSL namespace
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple

    OpenSSL::Cipher
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html 
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html

  19. Gems • ActiveSupport • SymmetricEncryption
 provides encryption of data for

    Ruby and Rails:
 https://github.com/reidmorrison/symmetric-encryption • Strongbox
 provides Public Key Encryption for ActiveRecord:
 https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption

  20. cryptofails.com “Be skeptical of everything you read and hear about

    crypto”