I need to encrypt some items in the database in a rails app.
I tried using the old “sentry” gem, but it doesn’t seem to be surviving
Rails 2. The stuff I found for Active Crypto on the web appeared to be
many years old.
What are folks using to encrypt db data via active record these days?
thanks,
jp
depends on what you are looking for. if want to have a one-way
function (for passwords and such) just try it like this:
encrypted_item = Digest::SHA256.hexdigest(“string_to_encrypt”)
you could also use SHA1, SHA384, SHA512 depending on your need of
security.
MaD wrote:
depends on what you are looking for. if want to have a one-way
function (for passwords and such) just try it like this:encrypted_item = Digest::SHA256.hexdigest(�string_to_encrypt�)
you could also use SHA1, SHA384, SHA512 depending on your need of
security.
Thanks, but I need to decrypt it also. It is “for your eyes only” user
data.
thanks,
jp
On Tue, Mar 10, 2009 at 10:15 AM, Jeff P. <
[email protected]> wrote:
Thanks, but I need to decrypt it also. It is “for your eyes only” user
data.thanks,
jp
There is a ruby-aes-normal gem. I have never used it. Have you looked
at?
Cheers–
Charles
I’m not a cryptographer, but … One way you could do this,
depending on your app requirements, is to follow an asymmetric
encryption strategy using pub/priv keys, something like:
$ cd ./private
$ openssl genrsa -out asym_priv.key 2048
…
$ openssl rsa -in asym_priv.key -out asym_pub.key -pubout
…
$ chmod 400 asym_priv.key
$ chmod 444 asym_pub.key
$ cd …
require ‘digest/sha2’
require ‘openssl’
class Cryptor
include Singleton
ASYM_PUB_KEY = OpenSSL::PKey::RSA.new(IO.read(“#{RAILS_ROOT}/private/
asym_pub.key”))
ASYM_PRIV_KEY = OpenSSL::PKey::RSA.new(IO.read(“#{RAILS_ROOT}/
private/asym_priv.key”))
…
def Cryptor.asym_encrypt(str)
return Base64.encode64(ASYM_PUB_KEY.public_encrypt(str))
end
def Cryptor.asym_decrypt(str)
return ASYM_PRIV_KEY.private_decrypt(Base64.decode64(str))
end
…
end
$ ./script/console
…
enc_str = Cryptor.asym_encrypt(‘testing 1 2 3’)
=> “i4d/uc6w1NGCUQLspM7CMsvNMd
+4dFrx3yb0QhM4N3di6Yha8jeW5Ftx4ZA2\nnPn4AzhZPzCrQdds/ERP0Lb9X/
dzJaJt5Tyig12hl4EqlILTnSj9SlPatIr9\n2m9D0K416BRuCJaWOp0lhXIe1XCZisjKKhLhR1T3nH
+NjQnNx4HBFhrFOnSz
\nuWpNfQf8sYxhLiSiKwTy3WUPmSRHPgu8h5mIgtxjU12spf0NvbZEDzwP+/br
\nWMJNQ6rGSNP6smd3YahoQzYjNFn3v+YCjG497eIdHNOBN6LAnW+HoB1TD5qm
\ngJzuOIk1eownT9kfjiykR+lNmw1kNX3bzDqdBvsB8g==\n”
dec_str = Cryptor.asym_decrypt(enc_str)
=> “testing 1 2 3”
Using Base64 isn’t necessary if your db tbls can handle binary, but it
can be a help when you’re testing/debugging. Also, the size of your
priv key in bits will definitely effect performance of encrypt/decrypt
process, so you’ll want to choose according to needs, balancing
performance vs encrypt-strength.
And if such an asym strategy is just too slow for your needs, then you
could pursue a symmetric strategy instead, which would be much faster
in terms of performance, but more complex to implement (likely having
to persist the initialization vector – iv – val used when sym
encrypting some val for later use when sym decrypting that val again).
Jeff
On Mar 10, 8:15 am, Jeff P. [email protected]
2009/3/11 Jeff P. [email protected]
thanks,
database tables/columns.So what is the supposed advantage of encrypting them in the first
place???
It may depend on the likelihood of someone leaving a CD backup copy of
the
database on a train (or a laptop with a copy of the db), and of how
embarrassing that would be.
If you are handling private personal information or commercially
confidential data you must consider the possibility of litigation if the
data escapes.
Colin
Colin L. wrote:
2009/3/11 Jeff P. [email protected]
thanks,
database tables/columns.So what is the supposed advantage of encrypting them in the first
place???It may depend on the likelihood of someone leaving a CD backup copy of
the
database on a train (or a laptop with a copy of the db), and of how
embarrassing that would be.If you are handling private personal information or commercially
confidential data you must consider the possibility of litigation if the
data escapes.Colin
Thanks Colin. That sounds like a valid reason.
jp
Jeff P. wrote:
I need to encrypt some items in the database in a rails app.
I tried using the old “sentry” gem, but it doesn’t seem to be surviving
Rails 2. The stuff I found for Active Crypto on the web appeared to be
many years old.What are folks using to encrypt db data via active record these days?
thanks,
jp
I’m starting to question the validity of this whole notion. It seems to
be expected that one would encrypt database tables that hold sensitive
information (like a user’s health information for example).
Taking a step back from it though, what’s the point? The database and
my app are all on the same server. Nobody can see the database files
unless they have access to my server. Anybody who does have access to
my server can look at the app to figure out how to read the encrypted
database tables/columns.
So what is the supposed advantage of encrypting them in the first
place???
Sorry for playing my own devil’s advocate here, but it just dawned on me
that perhaps I was chasing a fool’s errand. Please enlighten me.
thanks,
jp
Running the application usually involves some sort of user rights. If
the
passwords aren’t stored on the server, then running the app won’t give
access to the data. Just don’t leave the keys in plain text on the
server
and don’t leave user account info on the server.
One consideration: Encrypting in the app layer may become very painful
if
you want to do sql maintenance of your database.
Regards,
Nick
On Tue, Mar 10, 2009 at 11:05 PM, Jeff P. <
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs