J
Joe Van Dyk
I could've sworn that I saw some Ruby library for encrypting stuff
like credit cards. But my google fu fails me. Any ideas?
Joe
like credit cards. But my google fu fails me. Any ideas?
Joe
Timothy said:OpenSSL?
Aleks said:OpenSSL can be used as a general-purpose crypto lib. Theres a good
example of using a plain symmetric cipher in the ruby 1.8.4 source, in
samples/openssl/crypt.rb:
************************
#!/usr/bin/env ruby
require 'openssl'
text = "abcdefghijklmnopqrstuvwxyz"
key = "key"
alg = "DES-EDE3-CBC"
#alg = "AES-128-CBC"
puts "--Setup--"
puts %(clear text: "#{text}")
puts %(symmetric key: "#{key}")
puts %(cipher alg: "#{alg}")
puts
puts "--Encrypting--"
des = OpenSSL::Cipher::Cipher.new(alg)
des.encrypt(key) #, "iv12345678")
cipher = des.update(text)
cipher << des.final
puts %(encrypted text: #{cipher.inspect})
puts
puts "--Decrypting--"
des = OpenSSL::Cipher::Cipher.new(alg)
des.decrypt(key) #, "iv12345678")
out = des.update(cipher)
out << des.final
puts %(decrypted text: "#{out}")
puts
***************************
IMO, if you are going to use encryption for sensitive data then you
should read up a bit on asymmetric (publik key) versus symmetric
cryptography and at least have a basic understanding of how this stuff
works. Ruby openssl works great, but unless you are already familiar
with openssl in general the docs probably won't do you much good. The
test suite in the ruby source though has a lot of examples.
Chris
What do you do in the situation where the key is in a store protected by
a passphrase? And one's application needs to run in the background and
can't accept user input. Aren't you still in the same position? Need a
way to hide the key/passphrase.
Good 'encyclopedic' book is Handbook of applied cryptography by
Menezes et al., You can even download it from the web. It lists most
common-used algorithms, along with their usage and drawbacks. Beware:
It contains lots of math ;-)
I have done some search but could not find a place where I could
get the
downloadable version. Could you provide a link please?
Greetings,
JS
Google "Handbook of applied cryptography" & click "I'm feeling lucky"
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.