Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CryptoRuby 101

Zoran Majstorovic
April 28, 2015
Programming
1
230

CryptoRuby 101

basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension

Zoran Majstorovic

April 28, 2015
Tweet

More Decks by Zoran Majstorovic

See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
220
Modeling a Solid Database
zmajstor
0
100
Ruby HTTP Clients
zmajstor
0
94

Other Decks in Programming

See All in Programming
From Translations to Multi Dimension Entities
alexanderschranz
2
130
クリエイティブコーディングとRuby学習 / Creative Coding and Learning Ruby
chobishiba
0
3.9k
たのしいparse.y
ydah
3
120
今年のアップデートで振り返るCDKセキュリティのシフトレフト/2024-cdk-security-shift-left
tomoki10
0
190
103 Early Hints
sugi_0000
1
220
KMP와 kotlinx.rpc로 서버와 클라이언트 동기화
kwakeuijin
0
140
LLM Supervised Fine-tuningの理論と実践
datanalyticslabo
3
1k
The rollercoaster of releasing an Android, iOS, and macOS app with Kotlin Multiplatform | droidcon Italy
prof18
0
150
CSC305 Lecture 25
javiergs
PRO
0
130
htmxって知っていますか?次世代のHTML
hiro_ghap1
0
330
[JAWS-UG横浜 #76] イケてるアップデートを宇宙いち早く紹介するよ!
maroon1st
0
450
テスト自動化失敗から再挑戦しチームにオーナーシップを委譲した話/STAC2024 macho
ma_cho29
1
1.3k

Featured

See All Featured
Product Roadmaps are Hard
iamctodd
PRO
49
11k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Become a Pro
speakerdeck
PRO
26
5k
A Tale of Four Properties
chriscoyier
157
23k
Documentation Writing (for coders)
carmenintech
66
4.5k
The Cost Of JavaScript in 2023
addyosmani
45
7k
Optimising Largest Contentful Paint
csswizardry
33
3k
Unsuck your backbone
ammeep
669
57k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Scaling GitHub
holman
458
140k
Producing Creativity
orderedlist
PRO
341
39k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M

Transcript

  1. CryptoRuby 101 by [email protected] from A Professional Mobile Device Management

    Company

  2. CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring

    Ruby Standard Library Extension (OpenSSL) what to expect from today's

  3. (en|de)crypt symmetric encrypt with secret key decrypt with secret key

    asymmetric ecrypt with public key decrypt with private key

  4. • an open-source library, written in C • implements basic

    cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org

  5. require 'openssl' • Ruby Standard Library Extension:
 /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html

  6. symmetric-key cryptography 
 a cipher (or cypher) is an algorithm

    for 
 encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption

  7. CBC = Chiper Block Chaining CBC mode encryption

  8. CBC = Chiper Block Chaining CBC mode encryption

  9. source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption

  10. OpenSSL::Cipher Code Snippet

  11. msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =

    cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true

  12. ActiveSupport::MessageEncryptor 
 a simple way to encrypt values which get

    stored somewhere you don't trust

  13. ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100

    • default cipher algorythm is 'AES-256-CBC'

  14. ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar

    = parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb

  15. ActiveSupport::MessageEncryptor Code Snippet

  16. cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie

    = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  17. cookie = "user_id:1" salt = SecureRandom.random_bytes(64)
 pass = 'password'
 key

    = ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  18. Re-cap • explore OpenSSL namespace
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple

    OpenSSL::Cipher
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html 
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html

  19. Gems • ActiveSupport • SymmetricEncryption
 provides encryption of data for

    Ruby and Rails:
 https://github.com/reidmorrison/symmetric-encryption • Strongbox
 provides Public Key Encryption for ActiveRecord:
 https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption

  20. cryptofails.com “Be skeptical of everything you read and hear about

    crypto”