Sentry Plugin - Easy Question I don't doubt

dukael · February 6, 2006, 7:19pm

I am looking at adding the Sentry plugin to one of the applications
that we are working on. I have a need to store some info that will
have to be encrypted and decrypted. I have been going through the
docs for the plugin and the AsymetricSentry class looks like the best
for what we need to do but I am not sure how to generate the key. The
docs say:

This is a shortcut for using an asymmetrical algorithm with a private/
public key file. To use this, generate a public and
private key with Sentry::AsymmetricalSentry.save_random_rsa_key
(private_key_file, public_key_file). If you want to encrypt the
private key file with a symmetrical algorithm, pass a secret key
(neither the key nor the decrypted value will be stored).

Sentry::AsymmetricSentry.save_random_rsa_key(private_key_file,
public_key_file, :key => ‘secret_password’)

My question is this. I only want to generate this key once and set
the defaults in the environment.rb as mentioned in the docs. How do I
go about doing this? I am sure that the answer is probably very simple.

Thanks

Andrew

dukael · February 6, 2006, 10:47pm

On 2/6/06, Andrew F. [email protected] wrote:

(private_key_file, public_key_file). If you want to encrypt the
Thanks

Andrew

First, I added a config.yml file for various app settings (sentry
keys, payment gateway stuff, etc).

config/config.yml:
:keys:
:public: /config/sentry_keys/pub.key
:private: /config/sentry_keys/priv.key
:symmetric_key: my_sekrit

Then in environment.rb, I load the config, and set the global vars:

CONFIG = YAML::load(File.open(“#{RAILS_ROOT}/config/config.yml”))

Sentry

Sentry::AsymmetricSentry.default_public_key_file =
“#{RAILS_ROOT}#{CONFIG[:keys][:public]}”
Sentry::AsymmetricSentry.default_private_key_file =
“#{RAILS_ROOT}#{CONFIG[:keys][:private]}”

The thing is, you have to pass the secret key each time you want to
decrypt. Silly I suppose, but then what’s the point of the
encryption? The point of the asymmetric encryption is so the actual
key is not on the system at all.

If you have sentry installed as a plugin, there is a rake task to
generate the key.

rake sentry_key PRIV=config/sentry_keys/priv.key
PUB=config/sentry_keys/pub.key KEY=my_sekrit

–
Rick O.
http://techno-weenie.net

dukael · February 7, 2006, 1:27am

Thanks that was what I was looking for. Did not see the rake task in
the docs. Either I overlooked it or it isn’t there.

Andrew

dukael · February 7, 2006, 5:18am

Here is another question based on your response. Lets say that I have
two apps, one is going to only encrypt, it can never decrypt. I
havn’t put any decrypt actions in my app, and i am not going to. But
can I not include on this app the :symetric_key in the config file?
We are going to be encrypting creditcards with this app and to
completely secure data that needs to be as secure as possible we are
going to have the app in the DMZ (public interface) set up to use SSL
and it is going to store only the last 4 digits of the credit card.
Our network is going to be set up so that there is a completely
seperate DB behind the firewall that is going to store the actual
creditcard number and other sensitive material. The second app is
actually going to live behind the firewall and can decrypt the
creditcard to send to the payment gateway for processing. I know we
are being a little paranoid but a little paranoia doesn’t hurt when
dealing with sensitive data.

so in this setup can i do what I hope to do which is use the same
public and private keys in two different apps going after the same
data? And if so do I need the symetric_key info in my outside facing
app? or is it only used to decrypt? If it only is used to decrypt
than my setup in theory sounds like it should work the way that we
want it to. Where the outside app can’t decrypt because it has no
knowledge of the symetric_key. This way the highly sensitive data is
protected in three ways. The network is configured to only accept
writes, the DB is set up with a user who only has write access, and
should the server (DMZ) get compromised in anyway there is no way for
the malicious user to find out the symetric_key to decrypt the stored
values.

On a second note, is it possible to have two sets of keys? One key
for the creditcard info, and one key for other data that we deem
necessary to encrypt that the outside app would need to be able to
decrypt?

Both of these I will probably end up testing but an answer would
greatly shorten my effort if the answer to either is no.

Thanks again for all the help

Andrew

dukael · February 7, 2006, 12:21pm

Rick,
thanks for clarifying things for me. I now know how I need to have
things set up to work in our environment.

Andrew

dukael · February 7, 2006, 5:46am

On 2/6/06, Andrew F. [email protected] wrote:

creditcard number and other sensitive material. The second app is
want it to. Where the outside app can’t decrypt because it has no
decrypt?

Both of these I will probably end up testing but an answer would
greatly shorten my effort if the answer to either is no.

Thanks again for all the help

Andrew

You can use the public/private key anywhere you like. You
shouldn’t store the symmetric password ANYWHERE on the system.
Ideally it’s something you have to manually enter. However, this
means you’d need some manual input for credit card processing. If
this doesn’t work, then you should just use the unencrypted private
key on the internal processing server. Also, since you’re not going
to be decrypting on the public facing site at all, you only need the
public key file.
Yes you can have multiple keys. But, you’ll have to manually pass
them. The unit tests should have examples of this. I believe they
test both default key usage and the ability to pass keys.

–
Rick O.
http://techno-weenie.net