Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CryptoRuby 101
Search
Zoran Majstorovic
April 28, 2015
Programming
1
290
CryptoRuby 101
basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension
Zoran Majstorovic
April 28, 2015
Tweet
Share
More Decks by Zoran Majstorovic
See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
240
Modeling a Solid Database
zmajstor
0
110
Ruby HTTP Clients
zmajstor
0
110
Other Decks in Programming
See All in Programming
Jakarta EE Core Profile and Helidon - Speed, Simplicity, and AI Integration
ivargrimstad
0
290
Updates on MLS on Ruby (and maybe more)
sylph01
1
170
TDD 実践ミニトーク
contour_gara
1
270
TanStack DB ~状態管理の新しい考え方~
bmthd
2
390
AI時代のUIはどこへ行く?
yusukebe
6
1.7k
Go言語での実装を通して学ぶLLMファインチューニングの仕組み / fukuokago22-llm-peft
monochromegane
0
110
速いWebフレームワークを作る
yusukebe
3
1.5k
個人軟體時代
ethanhuang13
0
280
AIコーディングAgentとの向き合い方
eycjur
0
250
go test -json そして testing.T.Attr / Kyoto.go #63
utgwkk
1
200
Improving my own Ruby thereafter
sisshiki1969
1
140
AI時代に学習する意味はあるのか?
tomoyakamaji
0
110
Featured
See All Featured
Raft: Consensus for Rubyists
vanstee
140
7.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Visualization
eitanlees
147
16k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Being A Developer After 40
akosma
90
590k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.5k
The Cost Of JavaScript in 2023
addyosmani
53
8.9k
Embracing the Ebb and Flow
colly
87
4.8k
Git: the NoSQL Database
bkeepers
PRO
431
66k
Transcript
CryptoRuby 101 by
[email protected]
from A Professional Mobile Device Management
Company
CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring
Ruby Standard Library Extension (OpenSSL) what to expect from today's
(en|de)crypt symmetric encrypt with secret key decrypt with secret key
asymmetric ecrypt with public key decrypt with private key
• an open-source library, written in C • implements basic
cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org
require 'openssl' • Ruby Standard Library Extension: /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html
symmetric-key cryptography a cipher (or cypher) is an algorithm
for encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption
CBC = Chiper Block Chaining CBC mode encryption
CBC = Chiper Block Chaining CBC mode encryption
source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption
OpenSSL::Cipher Code Snippet
msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =
cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true
ActiveSupport::MessageEncryptor a simple way to encrypt values which get
stored somewhere you don't trust
ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100
• default cipher algorythm is 'AES-256-CBC'
ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar
= parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb
ActiveSupport::MessageEncryptor Code Snippet
cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie
= chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
cookie = "user_id:1" salt = SecureRandom.random_bytes(64) pass = 'password' key
= ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie) # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true
Re-cap • explore OpenSSL namespace http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple
OpenSSL::Cipher http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html
Gems • ActiveSupport • SymmetricEncryption provides encryption of data for
Ruby and Rails: https://github.com/reidmorrison/symmetric-encryption • Strongbox provides Public Key Encryption for ActiveRecord: https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption
cryptofails.com “Be skeptical of everything you read and hear about
crypto”