Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CryptoRuby 101

Zoran Majstorovic
April 28, 2015
Programming
1
250

CryptoRuby 101

basic stuff in general cryptography (encrypt/decrypt) using Ruby OpenSSL Extension

Zoran Majstorovic

April 28, 2015
Tweet

More Decks by Zoran Majstorovic

See All by Zoran Majstorovic
Microservices with RabbitMQ
zmajstor
1
230
Modeling a Solid Database
zmajstor
0
110
Ruby HTTP Clients
zmajstor
0
100

Other Decks in Programming

See All in Programming
Honoをフロントエンドで使う 3つのやり方
yusukebe
7
3.5k
Jakarta EE meets AI
ivargrimstad
0
370
自力でTTSモデルを作った話
zgock999
0
100
Jasprが凄い話
hyshu
0
150
ML.NETで始める機械学習
ymd65536
0
230
お前もAI鬼にならないか?👹Bolt & Cursor & Supabase & Vercelで人間をやめるぞ、ジョジョー!👺
taishiyade
7
4.2k
sappoRo.R #12 初心者セッション
kosugitti
0
280
Domain-Driven Transformation
hschwentner
2
1.9k
Rails 1.0 のコードで学ぶ find_by* と method_missing の仕組み / Learn how find_by_* and method_missing work in Rails 1.0 code
maimux2x
1
190
パスキーのすべて ── 導入・UX設計・実装の紹介 / 20250213 パスキー開発者の集い
kuralab
3
890
Amazon Q Developer Proで効率化するAPI開発入門
seike460
PRO
0
120
.NET Frameworkでも汎用ホストが使いたい!
tomokusaba
0
200

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Building Applications with DynamoDB
mza
93
6.2k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Into the Great Unknown - MozCon
thekraken
35
1.6k
Visualization
eitanlees
146
15k
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Statistics for Hackers
jakevdp
797
220k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
10
510

Transcript

  1. CryptoRuby 101 by zoran.majstorovic@promdm.com from A Professional Mobile Device Management

    Company

  2. CryptoRuby 101 very basic stuff in general cryptography (encypt/decript) featuring

    Ruby Standard Library Extension (OpenSSL) what to expect from today's

  3. (en|de)crypt symmetric encrypt with secret key decrypt with secret key

    asymmetric ecrypt with public key decrypt with private key

  4. • an open-source library, written in C • implements basic

    cryptographic functions and SSL and TLS protocols • founded in 1998, used by 2/3 of all webservers • https://www.openssl.org

  5. require 'openssl' • Ruby Standard Library Extension:
 /ext/openssl/* • http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html

  6. symmetric-key cryptography 
 a cipher (or cypher) is an algorithm

    for 
 encryption or decryption OpenSSL::Cipher Chiper Block Chaining mode encryption

  7. CBC = Chiper Block Chaining CBC mode encryption

  8. CBC = Chiper Block Chaining CBC mode encryption

  9. source: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation CBC mode encryption

  10. OpenSSL::Cipher Code Snippet

  11. msg = 'hello secret world' cipher = OpenSSL::Cipher.new('AES-256-CBC').encrypt iv =

    cipher.random_iv key = cipher.random_key encrypted = cipher.update(msg) + cipher.final # safe to share publicly: encrypted, alg, iv decipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt dechiper.iv, dechiper.key = iv, key decrypted = decipher.update(encrypted) + decipher.final puts msg == decrypted #=> true

  12. ActiveSupport::MessageEncryptor 
 a simple way to encrypt values which get

    stored somewhere you don't trust

  13. ActiveSupport::MessageEncryptor #encrypt_and_sign #decrypt_and_verify • implemented using OpenSSL::Cipher • https://github.com/rails/rails/blob/master/activesupport/ lib/active_support/message_encryptor.rb#L100

    • default cipher algorythm is 'AES-256-CBC'

  14. ActiveSupport::MessageEncryptor class EncryptedCookieJar def initialize(parent_jar, key_generator, options = {}) @parent_jar

    = parent_jar @options = options secret = key_generator.generate_key(@options[:encrypted_cookie_salt]) sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt]) @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, ...) end # etc... used as @encryptor in ActionDispatch::EncryptedCookieJar https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/ middleware/cookies.rb

  15. ActiveSupport::MessageEncryptor Code Snippet

  16. cookie = "user_id:1" key = Rails.application.secrets[:secret_key_base] chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie

    = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  17. cookie = "user_id:1" salt = SecureRandom.random_bytes(64)
 pass = 'password'
 key

    = ActiveSupport::KeyGenerator.new(pass).generate_key(salt) chiper = ActiveSupport::MessageEncryptor.new(key) encrypted_cookie = chiper.encrypt_and_sign(cookie)
 # cookie: "#{base64_encrypted_data}--#{base_64_iv}" # read encrypted_cookie decrypted = chiper.decrypt_and_verify(encrypted_cookie) cookie == decrypted #=> true

  18. Re-cap • explore OpenSSL namespace
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/index.html • start with simple

    OpenSSL::Cipher
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/Cipher.html • dive into Asymmetric Public Key Algorithms: OpenSSL::PKey
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey.html 
 http://ruby-doc.org/stdlib-2.2.2/libdoc/openssl/rdoc/OpenSSL/PKey/RSA.html

  19. Gems • ActiveSupport • SymmetricEncryption
 provides encryption of data for

    Ruby and Rails:
 https://github.com/reidmorrison/symmetric-encryption • Strongbox
 provides Public Key Encryption for ActiveRecord:
 https://github.com/spikex/strongbox • etc: https://www.ruby-toolbox.com/categories/encryption

  20. cryptofails.com “Be skeptical of everything you read and hear about

    crypto”