-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy pathencryption_symmetric.rb
48 lines (37 loc) · 1.85 KB
/
encryption_symmetric.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Symmetric crypto lets you scramble some data with one shared key. It is faster
# than asymmetric crypto, but has the downside that you can only share the data
# with trusted parties, so the key has to be pre-shared somehow, unlike asymmetric
# crypto.
#
# Note that a common method for fast cryptography is to first connect with the
# slower asymmetric crypto, then use that connection to exchange a shared secret
# for symmetric crypto. HTTPS and SSL sockets use this method. This means you get
# the full additional security from asymmetric crypto, but the speed of symmetric
# crypto.
require "openssl"
secret = "fd5d148867091d7595c388ac0dc50bb465052b764c4db8b4b4c3448b52ee0b33df16975830acca82"
data = "This is some data"
# You can list available chiphers.
#p OpenSSL::Cipher.ciphers
# The chiphers take the format name-keylength-mode
cipher = OpenSSL::Cipher.new("AES-128-CBC")
# An alternative way of creating the object would be
cipher = OpenSSL::Cipher::AES.new(128, :CBC)
# The API is very imperative, as it binds pretty directly to the underlying C
# libraries. This call sets the object in encryption mode.
cipher.encrypt
cipher.key = secret
# Many ciphers uses an initialization vector (IV) to randomize encryption. IVs should be unpredictable.
# See Ruby docs for more info: http://ruby-doc.org/stdlib-2.2.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html#class-OpenSSL::Cipher-label-Choosing+an+IV
iv = cipher.random_iv
encrypted = cipher.update(data) + cipher.final
p iv + encrypted
# => ...some unreadable binary stuff...
# Time to decrypt it. We need to create a new object.
decipher = OpenSSL::Cipher::AES.new(128, :CBC)
decipher.decrypt
decipher.key = secret
decipher.iv = encrypted[0..16] # In some modes like CTR you wouldn't be able to decrypt without proper IV setup
decrypted = decipher.update(encrypted[16..-1]) + decipher.final
p decrypted
# => "This is some data"