Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Cryptography for Rails Developers
Search
Christopher Rigor
November 04, 2014
Programming
0
96
Cryptography for Rails Developers
Given at Rails Israel 2014
Christopher Rigor
November 04, 2014
Tweet
Share
More Decks by Christopher Rigor
See All by Christopher Rigor
Deep Dive Into Docker Containers For Rails Developers
crigor
1
120
Cryptography for Rails Developers - RubyConfIndia
crigor
0
1.8k
Cryptography for Rails Developers - TropicalRB
crigor
0
190
Other Decks in Programming
See All in Programming
複雑な仕様に立ち向かうアーキテクチャ
myohei
0
170
Monixと常駐プログラムの勘どころ / Scalaわいわい勉強会 #4
stoneream
0
270
Keeping it Ruby: Why Your Product Needs a Ruby SDK - RubyWorld 2024
envek
0
180
42 best practices for Symfony, a decade later
tucksaun
1
180
Mermaid x AST x 生成AI = コードとドキュメントの完全同期への道
shibuyamizuho
0
160
CSC305 Lecture 26
javiergs
PRO
0
140
htmxって知っていますか?次世代のHTML
hiro_ghap1
0
330
talk-with-local-llm-with-web-streams-api
kbaba1001
0
180
今年のアップデートで振り返るCDKセキュリティのシフトレフト/2024-cdk-security-shift-left
tomoki10
0
200
命名をリントする
chiroruxx
1
400
採用事例の少ないSvelteを選んだ理由と それを正解にするためにやっていること
oekazuma
2
1k
Refactor your code - refactor yourself
xosofox
1
260
Featured
See All Featured
Thoughts on Productivity
jonyablonski
67
4.4k
Rails Girls Zürich Keynote
gr2m
94
13k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.3k
Imperfection Machines: The Place of Print at Facebook
scottboms
266
13k
Writing Fast Ruby
sferik
628
61k
Agile that works and the tools we love
rasmusluckow
328
21k
GraphQLとの向き合い方2022年版
quramy
44
13k
Transcript
Cryptography for Rails Developers
Christopher Rigor @crigor
None
None
An open ball is open
1. Public-key Cryptography
2. SSL / TLS
3. Tips for Rails Applications
None
Symmetric-key Cryptography
One key to encrypt and decrypt
"hello"
ciphertext
Public-key Cryptography
public key to encrypt private key to decrypt
privatekeycheck.com
Why on earth would you post it here? Now it's
surely not.
RSA
3 numbers e, n, and d
e = public key n = public key d =
private key
end
"en"crypt "d"ecrypt
e = 17 n = 3233 d = 2753
None
42 ** e % n
42 ** e % n 42 ** 17 % 3233
2557
2557
"d"ecrypt
2557 ** d % n
2557 ** d % n 2557 ** 2753 % 3233
42
n = product of 2 prime numbers
e = usually 65537
None
e = 65537
d = computed from e, prime1 and prime2
e = public n = public d = private prime
numbers = private
None
-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAwJ5g2RhxbKWq3PeS5EUIwemy1sYffQwn reUzryNwoB9/hqt0 NPAtq2vQftuko39VKw1hrpnk08bXWPqsN38HR9421q +nd0dgY1sG8EljSeG3dGvP 4rZ1EgUbac4WDAKvA+fhiebg4QS2bAaB9IEL +3rjQRhNsvaYgI2K3AHePbFVq0ut
6Ey0WwN4m/yf8JYerJWPlHLyU8W4xtyHExuX/IK4g6Uf8Z9Av +WiK8mfHaw7Kge/ EO1UAGWOrd7RLx3A2WjOU7d0KtrshU1r64Xl4m1/ JbHQYBGkzYS0Mm7hhI5mnN/t 8h1hW2TksiVHrZ8rjOoYOrlkZOpVUwf7s2LYVQIDAQABAoIBA
publicExponent: 65537 (0x10001)
modulus: 00:c0:9e:60:d9:18:71:6c:a5:aa:dc:f7:92:e 08:c1:e9:b2:d6:c6:1f:7d:0c:27:ad:e5:33:a 70:a0:1f:7f:86:ab:74:34:f0:2d:ab:6b:d0:7 a4:a3:7f:55:2b:0d:61:ae:99:e4:d3:c6:d7:5 ac:37:7f:07:47:de:36:d6:af:a7:77:47:60:6 06:f0:49:63:49:e1:b7:74:6b:cf:e2:b6:75:1 1b:69:ce:16:0c:02:af:03:e7:e1:89:e6:e0:e b6:6c:06:81:f4:81:0b:fb:7a:e3:41:18:4d:b 98:80:8d:8a:dc:01:de:3d:b1:55:ab:4b:ad:e
b4:5b:03:78:9b:fc:9f:f0:96:1e:ac:95:8f:9 f2:53:c5:b8:c6:dc:87:13:1b:97:fc:82:b8:8 1f:f1:9f:40:bf:e5:a2:2b:c9:9f:1d:ac:3b:2 bf:10:ed:54:00:65:8e:ad:de:d1:2f:1d:c0:d
2431585381023245243664330467172106030832010383116 4469677832495734668099074396651844271258357540051 3767266433204751301161494548152938586277693179979 9890466216086685504686094092324062775361449344083 8874077885512524472300856401934110431460528205155 8296721167524104278478378503629406922274058522565 4049522376109500926733651743749347006963603460324 4750405711451831483661181796223823470036752363791 8444923562030168749604532593343488635664366782360 4357641224346337617299750469531547237002599501779
0644182536453093727509649248024164911346045419437 5737979721222481332470495918510303683249090717606
privateExponent: 33:ed:7e:a6:88:54:6b:b9:ed:ea:4c:44:29:8 e2:64:22:76:8c:4b:08:e7:31:fb:4b:83:37:8 68:d8:95:04:b5:4c:4a:c9:45:46:a5:76:3b:f d1:b1:0e:40:e1:06:a8:8f:8c:85:1b:62:0a:f 5e:bc:bc:35:bf:ce:80:ea:31:f7:92:22:86:2 24:4f:64:99:12:64:e6:d9:f9:dd:60:db:06:d a3:50:8f:d9:05:10:31:b9:5d:b0:53:b1:e4:7 c6:12:ab:0e:43:8b:fb:6c:11:c0:06:d1:4b:a 53:10:d5:92:a2:5e:4b:ba:fe:e0:90:a6:17:4
d3:1d:8e:f7:e6:64:a6:85:34:0e:87:b0:3b:b 90:2a:b4:62:08:f3:fd:42:d8:73:e2:2d:54:1 5c:9c:6f:16:7f:d2:1f:8e:51:c5:14:12:91:b 7e:34:14:e0:db:79:ee:05:45:22:de:3b:99:5
6555266568796053674269708820055353365692655972794 2055673580501799001476180850518758042722837636392 8351933006067037854787568194571939353701616354713 5887324275725095670658393033428680152446112426762 6108489567913588106964238660508089034140197495871 5227500433009731051490912217850124586529451451345 8923502958802219960425895673146838867589769393986 0556673632421808148038002771480134566168093718746 0473165736741978268341806296994087055044759829337 3573899404839955835464081022920152659481994084458
0520520598913413928409545239844803823479590208225 3984444016315990695698402100055840447044896509668
42 ** e % n
7403918762823839092797670141313950212528994606053 3799517843086878229299923652258151711100231746381 6181786944539511010243166014190260358058104908205 7304340698199082430151945214069936900404923317185 5875418936265830788037850186423336723791573716176 6591077359161448282606674296267688726733192810543 3908133856731992683370184186601764915219096941742 8143523889081093181350050901295990484830674004492 0001520753653244602808387141190318409556217244506 4939370112341529423864414627775025027597348907780
1135695002049594281938966058393001384364228739328 6572785551769536889192869044823881149520366525399
c ** d % n c = ciphertext d =
private key n = modulus
warning: in a**b, b may be too big => NaN
python
# ruby 42 ** e % n # python pow(42,
e, n)
7403918762823839092797670141313950212528994606053 3799517843086878229299923652258151711100231746381 6181786944539511010243166014190260358058104908205 7304340698199082430151945214069936900404923317185 5875418936265830788037850186423336723791573716176 6591077359161448282606674296267688726733192810543 3908133856731992683370184186601764915219096941742 8143523889081093181350050901295990484830674004492 0001520753653244602808387141190318409556217244506 4939370112341529423864414627775025027597348907780
1135695002049594281938966058393001384364228739328 6572785551769536889192869044823881149520366525399
pow (c, d, n)
42
require "openssl" c.to_bn.mod_exp(d,n)
RECAP
SSL / TLS
HTTPS
None
None
1995 - SSLv2 1996 - SSLv3 1999 - TLSv1 2006
- TLSv1_1 2008 - TLSv1_2
None
1. Server sends the public key 2. Browser encrypts shared
key
DES RC4 AES
BEAST
BEAST (SSLv3, TLSv1) (DES, AES)
POODLE (SSLv3) (DES, AES)
Heartbleed
TLS 1.2, AES-GCM
1. Server sends the public key (RSA) 2. Browser encrypts
shared key (RSA) 3. Browser encrypts data (AES-GCM)
1. Server sends the public key (RSA) 2. Browser encrypts
shared key (RSA ECDHE) 3. Browser encrypts data (AES-GCM)
PERFECT FORWARD SECRECY
TLS 1.2, AES-GCM, ECDHE
Rails
do not use SSLv3
do not set ssl_version to TLSv1
set it to SSLv23
OpenSSL::SSL::OP_NO_SSLv3
2.1.4 2.0.0-p594 1.9.3-p550
VERIFY_PEER
ActiveSupport::MessageEncryptor
key = Rails.configuration.secretkeybase crypt = ActiveSupport::MessageEncryptor.new(key) encrypteddata = crypt.encryptand_sign("my confidental
data")
salt = SecureRandom.randombytes(64) key = ActiveSupport::KeyGenerator.new('password').generatekey(salt )
RbNacl
key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes ) box = RbNaCl::SimpleBox.fromsecretkey(key) box.encrypt("my confidental data")
RECAP
Thank you
[email protected]
@crigor
Resources https://www.flickr.com/photos/delgrossodotcom/3211643440 https://www.flickr.com/photos/ twosevenoneonenineeightthreesevenatenzerosix/6655759625 https://www.flickr.com/photos/nox_noctis_silentium/ 6315616870 https://www.flickr.com/photos/orqwith/2059728917 https://www.flickr.com/photos/37467370@N08/7606239970 https://www.flickr.com/photos/ul_marga/755378645 https://www.flickr.com/photos/richard-g/3549285383
https://www.flickr.com/photos/brenda-starr/3509344100 https://www.flickr.com/photos/ 120600995@N07/14028600474 https://www.flickr.com/photos/13519089@N03/1380483002 https://www.flickr.com/photos/danielproulx/3426805996 https://www.flickr.com/photos/chrisinplymouth/4262775481 https://www.flickr.com/photos/chrisinplymouth/4117583864 https://www.flickr.com/photos/danielfoster/14758510078 https://www.flickr.com/photos/gamikun/2564208746 https://www.flickr.com/photos/nathaninsandiego/9339787996
https://www.flickr.com/photos/dashupagla/2519031536 https://www.flickr.com/photos/imagesbywestfall/435