[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

openssl for general purpose data encryption in Ruby

Brad Tilley

11/4/2006 12:56:00 AM

Does anyone use openssl within Ruby to encrypt data? I want to use a hosted
MySQL database, but most of the hosting companies do not support MySQL with the
aes_encrypt() or aes_decrypt() functions.

Most have Ruby bindings to MySQL and they support Rails. So, I thought I could
use openssl to encrypt data within Ruby and then store that data in the
database. I don't know if others are doing this. I thought I'd ask the list to
see if others do this.

Thank you,
Brad
2 Answers

Jano Svitok

11/4/2006 2:08:00 PM

0

On 11/4/06, Brad Tilley <rtilley@vt.edu> wrote:
> Does anyone use openssl within Ruby to encrypt data? I want to use a hosted
> MySQL database, but most of the hosting companies do not support MySQL with the
> aes_encrypt() or aes_decrypt() functions.
>
> Most have Ruby bindings to MySQL and they support Rails. So, I thought I could
> use openssl to encrypt data within Ruby and then store that data in the
> database. I don't know if others are doing this. I thought I'd ask the list to
> see if others do this.
>
> Thank you,
> Brad

I'm not doing it ('cause I just don't need it ;-). Anyway I think it
should work. However please note some possible problems:

1. you'll want o have your records independent - therefore either
using ECB mode or special IV for each record.

2. you don't want to have the same data in different places encrypted
into the same ciphertexts - therefore you'll need either IV or some
kind of salt, that you'll need to store somewhere (it depends on the
data you store, maybe a per row IV would be enough)

3. most probably you can't encrypt the index fields, and search will
not work as usual on encrypted fields.

Taking this into consideration, it should be possible to create a
schema that will work.

(If you don't know what these IV, ECB and salt things are, I recommend
reading something on cryptography, e.g. [1]. It's easy to get crypto
wrong, and useless)

[1] http://www.cacr.math.uwaterl...

Chilkat Software

11/4/2006 2:36:00 PM

0


"It's easy to get crypto wrong, and useless)"

Yes, it is. I wrote a blog entry that discusses the various factors involving
portability w/ block symmetric encryption algorithms (specifically AES, but it
applies to any block encryption algoritm). In a nutshell, you have
these things
which must match:

(1) Algorithm (Blowfish, AES, Twofish, etc.)
(2) Mode (CBC, ECB)
(3) Key Length (128-bit, 192-bit, 256-bit)
(4) Initialization Vector
(5) Secret Key
(6) Padding Scheme (but only last block will differ if mismatched).
(7) Byte ordering issues?
(8) Charset encoding if encrypting text (are you encrypting Unicode,
ANSI, utf-8, etc?)

The blog entry is here: http://blog.chilkatsoft....
I wrote it because I get so many emails that read like: "I'm
encrypting in PHP, but need to
decrypt in ASP..." The general problem is that you're encrypting in
one programming
language, or with one tool/sdk, but need to decrypt on something
entirely different.
Or worse, you have a database full of encrypted data and a few years
down the road
you want to re-design your systems in some other programming language.

I wrote another blog entry about data expansion with block encryption
algorithms:
http://blog.chilkatsoft....

The common question is: "How big should my database field be when
encrypting strings
that are no longer than N?" The factors involved are:
(1) Algorithm block size
(2) Padding scheme
(3) Output encoding, such as hex or base64 if encrypted output is a string
(4) Character encoding -- again, are you encrypting 2 byte/char
Unicode, utf-8, iso-8859-1, etc...?

I think the info in these blog posts apply to any programming
language or API...

Best Regards,
Matt


At 08:08 AM 11/4/2006, you wrote:

>On 11/4/06, Brad Tilley <rtilley@vt.edu> wrote:
>>Does anyone use openssl within Ruby to encrypt data? I want to use a hosted
>>MySQL database, but most of the hosting companies do not support
>>MySQL with the
>>aes_encrypt() or aes_decrypt() functions.
>>
>>Most have Ruby bindings to MySQL and they support Rails. So, I
>>thought I could
>>use openssl to encrypt data within Ruby and then store that data in the
>>database. I don't know if others are doing this. I thought I'd ask
>>the list to
>>see if others do this.
>>
>>Thank you,
>>Brad
>
>I'm not doing it ('cause I just don't need it ;-). Anyway I think it
>should work. However please note some possible problems:
>
>1. you'll want o have your records independent - therefore either
>using ECB mode or special IV for each record.
>
>2. you don't want to have the same data in different places encrypted
>into the same ciphertexts - therefore you'll need either IV or some
>kind of salt, that you'll need to store somewhere (it depends on the
>data you store, maybe a per row IV would be enough)
>
>3. most probably you can't encrypt the index fields, and search will
>not work as usual on encrypted fields.
>
>Taking this into consideration, it should be possible to create a
>schema that will work.
>
>(If you don't know what these IV, ECB and salt things are, I recommend
>reading something on cryptography, e.g. [1]. It's easy to get crypto
>wrong, and useless)
>
>[1] http://www.cacr.math.uwaterl...
>
>
>
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.409 / Virus Database: 268.13.27/517 - Release Date: 11/3/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.409 / Virus Database: 268.13.27/517 - Release Date: 11/3/2006