Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using Symmetric Cryptography in Ruby

68414aba518bb5898c6ae29d9ae7dd7d?s=47 wrzasa
December 16, 2016
Programming
0
130

Using Symmetric Cryptography in Ruby

Presentation from my talk during RRUG (Rzeszów Ruby User Group, http://rrug.pl) meetup on 16 Dec. 2016.

68414aba518bb5898c6ae29d9ae7dd7d?s=128

wrzasa

December 16, 2016
Tweet

More Decks by wrzasa

See All by wrzasa
From HTTP to Kafka-based Microservices (extended)
68414aba518bb5898c6ae29d9ae7dd7d?s=48 wrzasa
0
69
From HTTP to Kafka-based Microservices
68414aba518bb5898c6ae29d9ae7dd7d?s=48 wrzasa
0
34
[PL] Przewidywanie zmian wydajności aplikacji rozproszonych
68414aba518bb5898c6ae29d9ae7dd7d?s=48 wrzasa
0
90
[PL] EuRuKo 2017 recap
68414aba518bb5898c6ae29d9ae7dd7d?s=48 wrzasa
0
70
Predicting Performance Changes of Distributed Applications
68414aba518bb5898c6ae29d9ae7dd7d?s=48 wrzasa
0
370
Using Asymmetric Cryptography in Ruby
68414aba518bb5898c6ae29d9ae7dd7d?s=48 wrzasa
0
110

Other Decks in Programming

See All in Programming
リアルタイムボイスチェンジャーMMVCとVITSの紹介
A5f618dd37c9f9866423579247cb3fb0?s=48 stealthinu
0
150
Reactは何を提供するLibraryなのか?
2801ae8fb5381bcd119805124a5eeaf2?s=48 taro28
3
540
Licences open source : entre guerre de clochers et radicalité
323bb1cb39e6478e559b6e13d2fdf518?s=48 pylapp
2
510
GDG Seoul IO Extended 2022 - Android Compose
7589a5a8fec022e8af4e46525150a291?s=48 taehwandev
0
330
NEWT.net: Frontend Technology Selection
A2040e0e2f7a6cabf81b54e4a401c0e8?s=48 xpromx
0
270
Terraform Plan/Apply結果の自動通知
92a1e043fcefaed6e1b89182b1cd34a5?s=48 ymmy02
0
280
Let's keep Commodore 64 alive for the next 40 years
85977ebfe59c2ee669f2196930f1a701?s=48 mehowte
1
110
Reactive Java Microservices on Kubernetes with Spring and JHipster
7f408bc67dc9ae3b288ee92d16d3c4c2?s=48 deepu105
1
170
Swift Regex
0b26590a0a8b0f1da140ed5de9b68379?s=48 usamik26
0
200
大規模プロダクトにLinterを導入し運用している話
68b11f940176220aa84f755abb0bea10?s=48 hirokiotsuka
0
240
CakePHPの内部実装 から理解するPSR-7
750703459030ae520b26376f236f6cdd?s=48 boro1234
0
260
Android Compose Component - mapping.
7589a5a8fec022e8af4e46525150a291?s=48 taehwandev
0
140

Featured

See All Featured
Teambox: Starting and Learning
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
123
7.7k
Large-scale JavaScript Application Architecture
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
499
110k
Scaling GitHub
78b475797a14c84799063c7cd073962f?s=48 holman
451
140k
Optimizing for Happiness
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
365
63k
Designing the Hi-DPI Web
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
272
32k
CSS Pre-Processors: Stylus, Less & Sass
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
349
27k
The Web Native Designer (August 2011)
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.9k
Testing 201, or: Great Expectations
A9704266587836f7e784235e5073b93e?s=48 jmmastey
21
5.4k
Debugging Ruby Performance
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
65
10k
Three Pipe Problems
11c84dff30266b907714802088852677?s=48 jasonvnalue
89
8.7k
The Straight Up "How To Draw Better" Workshop
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
225
120k
From Idea to $5000 a Month in 5 Months
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
373
44k

Transcript

  1. Symmetric encryption Hash Passwords as keys Summary Using Symmetric Cryptography

    in Ruby Rzeszów Ruby User Group #3 Wojciech Rząsa wrzasa@prz-rzeszow.pl @wrzasa Katedra Informatyki i Automatyki, Politechnika Rzeszowska http://www.kia.prz.edu.pl/ 16.12.2016 Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 1/26

  2. Symmetric encryption Hash Passwords as keys Summary Wojciech Rząsa, @wrzasa,

    KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 2/26

  3. Symmetric encryption Hash Passwords as keys Summary Plan 1 Symmetric

    encryption Cipher types Cipher modes Characteristics In Ruby 2 Cryptographic hash functions 3 Password based cryptography 4 Summary Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 3/26

  4. Symmetric encryption Hash Passwords as keys Summary Why use cryptography?

    Confidentiality (data privacy) Authenticity (who wrote it?) Integrity (was it changed along the way?) Non-repudiation . . . Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 4/26

  5. Symmetric encryption Hash Passwords as keys Summary Bitwise XOR operation

    Frequently used in cryptography Simple Cheap Easily reversible a b a ⊕ b 1 1 0 0 0 0 1 0 1 0 1 1 a ⊕ b ⊕ a = b (1) a ⊕ b ⊕ b = a (2) Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 5/26

  6. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Symmetric cryptography Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 6/26

  7. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Cipher types Stream cipher Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 7/26

  8. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Cipher types Stream cipher Block cipher Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 7/26

  9. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Cipher modes – Electronic Code Book (ECB) [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation] Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 8/26

  10. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Electronic Code Book (ECB) – example Original [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation] Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP. Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 9/26

  11. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Electronic Code Book (ECB) – example Original ECB encrypted [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation] Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP. Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 9/26

  12. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Electronic Code Book (ECB) – example Original ECB encrypted Securely encrypted [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation] Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP. Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 9/26

  13. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Cipher modes – Cipher Block Chaining (CBC) [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation] Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 10/26

  14. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Cipher modes – Counter (CTR) [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation] Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 11/26

  15. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby Characteristics Shared key Only the key must be kept secret Initialization vector (IV) required Never reuse IV with the same key! Check how to chose IV Consciously! Randomly? Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 12/26

  16. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby In Ruby – stream cipher § 1 require ’openssl ’ 2 3 c = OpenSSL :: Cipher.new ’AES -256 - CTR ’ # CTR makes stream cipher 4 c.encrypt 5 6 #key = "Litwo Ojczyzno moja , ty jesteś jak zdrowie" 7 key = "\x02\x9A\x04h\xED\xC1 |\ xAE\ xABTE9ZknO\x82\xB9\xD9W" + 8 "\xD9\x9A\x03\x80\x9B\xC6 -\ xE1\xE3O -\ x1D" 9 c.key = key 10 #key = c. random_key 11 iv = c.random_iv 12 13 message = "Był na Żmudzi ród możny Billewiczów, od Mendoga 14 się wywodzący , wielce skoligacony i w całym Rosieńskiem nad 15 wszystkie inne szanowany." 16 17 encrypted = c.update message 18 19 puts "ENCRYPTED :\n#{ encrypted}"  ¦ ¥ Symmetric encryption in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 13/26

  17. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby In Ruby – stream cipher § 21 d = OpenSSL :: Cipher.new(’AES -256 - CTR ’) 22 d.decrypt 23 d.iv = iv 24 d.key = key 25 26 decrypted = d.update(encrypted) 27 decrypted. force_encoding (’utf -8’) 28 29 puts "DECRYPTED :\n#{ decrypted}"  ¦ ¥ Symmetric decryption in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 13/26

  18. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby In Ruby – block cipher § 1 require ’openssl ’ 2 3 c = OpenSSL :: Cipher.new ’AES -256 - CBC ’ # a block cipher 4 c.encrypt 5 6 #key = "Litwo Ojczyzno moja , ty jesteś jak zdrowie" 7 key = "\x02\x9A\x04h\xED\xC1 |\ xAE\ xABTE9ZknO\x82\xB9\xD9W" + 8 "\xD9\x9A\x03\x80\x9B\xC6 -\ xE1\xE3O -\ x1D" 9 c.key = key 10 #key = c. random_key 11 iv = c.random_iv 12 13 message = "Był na Żmudzi ród możny Billewiczów, od Mendoga 14 się wywodzący , wielce skoligacony i w całym Rosieńskiem nad 15 wszystkie inne szanowany." 16 17 encrypted = c.update message 18 encrypted += c.final # rest of last ( incomplete ) block  ¦ ¥ Symmetric encryption in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 14/26

  19. Symmetric encryption Hash Passwords as keys Summary Cipher types Cipher

    modes Characteristics In Ruby In Ruby – block cipher § 21 22 d = OpenSSL :: Cipher.new(’AES -256 - CBC ’) 23 d.decrypt 24 d.iv = iv 25 d.key = key 26 27 decrypted = d.update(encrypted) 28 decrypted. force_encoding (’utf -8’) 29 30 puts "DECRYPTED :\n#{ decrypted}"  ¦ ¥ Symmetric decryption in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 14/26

  20. Symmetric encryption Hash Passwords as keys Summary Plan 1 Symmetric

    encryption 2 Cryptographic hash functions 3 Password based cryptography 4 Summary Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 15/26

  21. Symmetric encryption Hash Passwords as keys Summary Cryptographic hash functions

    arbitrary-length message fixed-size result one-way function (hopefully ;-)) e.g. MD5, SHA1, SHA2 (SHA256, SHA384, SHA512) Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 16/26

  22. Symmetric encryption Hash Passwords as keys Summary In Ruby §

    1 require ’openssl ’ 2 3 message = "Był na Żmudzi ród możny Billewiczów, od Mendoga 4 się wywodzący , wielce skoligacony i w całym Rosieńskiem nad 5 wszystkie inne szanowany." 6 7 h = OpenSSL :: Digest.digest(’SHA256 ’, message) 8 puts h.inspect 9 10 puts OpenSSL :: Digest.hexdigest(’SHA256 ’, message)  ¦ ¥ Compute digest in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 17/26

  23. Symmetric encryption Hash Passwords as keys Summary In Ruby §

    1 require ’openssl ’ 2 3 message = "Był na Żmudzi ród możny Billewiczów, od Mendoga 4 się wywodzący , wielce skoligacony i w całym Rosieńskiem nad 5 wszystkie inne szanowany." 6 7 h = OpenSSL :: Digest.digest(’SHA256 ’, message) 8 puts h.inspect 9 10 puts OpenSSL :: Digest.hexdigest(’SHA256 ’, message)  ¦ ¥ Compute digest in Ruby "\xC0p\xB92O\x8F\xF4\x18\xFCn\x89k\x97\x9B\xEF5\"\xEC’|\x8A\x8F\xAE\xC4\xDF\xC6 c070b9324f8ff418fc6e896b979bef3522ec277c8a8faec4dfc658a0efc9881f Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 17/26

  24. Symmetric encryption Hash Passwords as keys Summary In Ruby §

    1 require ’openssl ’ 2 3 digest = OpenSSL :: Digest.new(’SHA256 ’) 4 5 5. times do 6 digest.update gets 7 end 8 9 puts digest.hexdigest  ¦ ¥ Compute digest in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 17/26

  25. Symmetric encryption Hash Passwords as keys Summary In Ruby §

    1 require ’openssl ’ 2 3 digest = OpenSSL :: Digest.new(’SHA256 ’) 4 5 5. times do 6 digest.update gets 7 end 8 9 puts digest.hexdigest  ¦ ¥ Compute digest in Ruby Litwo, Ojczyzno moja! ty jesteś jak zdrowie; Ile cię trzeba cenić, ten tylko się dowie, Kto cię stracił. Dziś piękność twą w całej ozdobie Widzę i opisuję, bo tęsknię po tobie. 899b352ef6b61bd08a2872a912908c2a54837efc1853c5458c08e9b2f17550bf Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 17/26

  26. Symmetric encryption Hash Passwords as keys Summary Plan 1 Symmetric

    encryption 2 Cryptographic hash functions 3 Password based cryptography 4 Summary Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 18/26

  27. Symmetric encryption Hash Passwords as keys Summary Passwords as keys?

    § 1 require ’openssl ’ 2 3 c = OpenSSL :: Cipher.new ’AES -256 - CTR ’ # CTR makes stream cipher 4 c.encrypt 5 6 #key = "Litwo Ojczyzno moja , ty jesteś jak zdrowie" 7 key = "\x02\x9A\x04h\xED\xC1 |\ xAE\ xABTE9ZknO\x82\xB9\xD9W" + 8 "\xD9\x9A\x03\x80\x9B\xC6 -\ xE1\xE3O -\ x1D" 9 c.key = key 10 #key = c. random_key 11 iv = c.random_iv 12 13 message = "Był na Żmudzi ród możny Billewiczów, od Mendoga 14 się wywodzący , wielce skoligacony i w całym Rosieńskiem nad 15 wszystkie inne szanowany." 16 17 encrypted = c.update message 18 19 puts "ENCRYPTED :\n#{ encrypted}"  ¦ ¥ Symmetric encryption in Ruby Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 19/26

  28. Symmetric encryption Hash Passwords as keys Summary Password-Based Key Derivation

    Function (PBKDF) Use password as input Generate binary (pseudorandom) key Use a lot of CPU time salt hash function XOR a lot of iterations (from 1000 in year 2000 to 10,000 in IOS 4, and even 100,000 now, serverside) Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 20/26

  29. Symmetric encryption Hash Passwords as keys Summary PBKDF2 in Ruby

    § 1 require ’openssl ’ 2 3 password = "Litwo Ojczyzno moja , Ty jesteś jak zdrowie" 4 5 salt = OpenSSL :: Random. random_bytes (16) # save with ciphertext 6 iter = 10 _000 7 key_len = 32 # e.g. for AES -256 8 9 digest = OpenSSL :: Digest.new(’SHA512 ’) 10 key = OpenSSL :: PKCS5. pbkdf2_hmac (password , salt , iter , 11 key_len , digest)  ¦ ¥ Generate password-based key Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 21/26

  30. Symmetric encryption Hash Passwords as keys Summary PBKDF2 and symmetric

    encryption in Ruby § 1 require ’openssl ’ 2 3 message = "Był na Żmudzi ród możny Billewiczów, od Mendoga 4 się wywodzący , wielce skoligacony i w całym Rosieńskiem nad 5 wszystkie inne szanowany." 6 password = "Litwo Ojczyzno moja , Ty jesteś jak zdrowie" 7 8 # Generate key from password 9 salt = OpenSSL :: Random. random_bytes (16) # save with ciphertext 10 iter = 10 _000 11 key_len = 32 # e.g. for AES -256 12 digest = OpenSSL :: Digest.new(’SHA512 ’) 13 key = OpenSSL :: PKCS5. pbkdf2_hmac (password , salt , iter , 14 key_len , digest) 15 # Encrypt message 16 c = OpenSSL :: Cipher.new ’AES -256 - CTR ’ # CTR makes stream cipher 17 c.encrypt 18 c.key = key 19 iv = c.random_iv 20 encrypted = c.update message 21 # deliver ciphertext with salt and IV 22 puts "ENCRYPTED :\n#{ encrypted}"  ¦ ¥ Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 22/26

  31. Symmetric encryption Hash Passwords as keys Summary PBKDF2 and symmetric

    decryption in Ruby § 24 # Generate key from password 25 # use salt delivered with ciphertext 26 iter = 10 _000 27 key_len = 32 # e.g. for AES -256 28 digest = OpenSSL :: Digest.new(’SHA512 ’) 29 key = OpenSSL :: PKCS5. pbkdf2_hmac (password , salt , iter , 30 key_len , digest) 31 32 # Decrypt message 33 d = OpenSSL :: Cipher.new(’AES -256 - CTR ’) 34 d.decrypt 35 d.iv = iv # use IV delivered with ciphertext 36 d.key = key 37 38 decrypted = d.update(encrypted) 39 decrypted. force_encoding (’utf -8’) 40 41 puts "DECRYPTED :\n#{ decrypted}"  ¦ ¥ Secure use of password for decryption Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 23/26

  32. Symmetric encryption Hash Passwords as keys Summary Summary Symmetric algorithms

    Cryptographic hashes Password-based cryptography Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 24/26

  33. Symmetric encryption Hash Passwords as keys Summary Summary Hard topic

    Be sure to know what you do before you do it! No ”but it works... somehow...” approach! Next: asymmetric cryptography Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 24/26

  34. Symmetric encryption Hash Passwords as keys Summary References Ruby OpenSSL

    rdoc Samolej, Rząsa, Rzońca, Sadolewski: Wprowadzenie do informatyki II – bezpieczeństwo systemów informatycznych, sieci komputerowe, systemy operacyjne i bazy danych, Oficyna Wyd. PRz., 2014. RFC 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0 https://tools.ietf.org/html/rfc2898#section-5.2 https://en.wikipedia.org/wiki/Block_cipher_mode_ of_operation Wojciech Rząsa, @wrzasa, KIiA PRz RRUG#3, Symmetric Cryptography in Ruby 25/26

  35. Symmetric encryption Hash Passwords as keys Summary Questions? Wojciech Rząsa

    wrzasa@prz-rzeszow.pl @wrzasa Katedra Informatyki i Automatyki, Politechnika Rzeszowska http://www.kia.prz.edu.pl/ Wojciech Rząsa, @wrzasa, KIiA PRz Questions? 26/26