Simon wrote:
Hi,
I have an application where I want to be able to encrypt large amounts
of text before storing them to my DB (MySQL Text field - might be
switched to a Blob). I have an idea of how to do this, but was
wondering what the general consensus is within the community regarding
the issue.
You should probably use a blob field unless you also Base64 encode the
encryption, which then would allow you to use a text field.
I have come across a couple different plug ins/gems (Stringbox,
EzCrypto), but am wondering what other people are using. I like the
A lot of the UNIX based systems (including Mac OS X) have the OpenSSL
library pre-installed. OpenSSL contains all the modern crypto
functionality you should ever need for this. Checkout the Ruby OpenSSL
support.
idea of using Symmetric-key cryptography (and in particular, I would
like to be using Twofish), and then probably encrypting the random
password and IV for each encryption using a public key scheme.
Why Twofish when there exists the very popular AES (Rijndael algorithm)
that is really fast and very strong?
In any case you certainly want to use a symmetric algorithm.
Public/Private key encryption is very slow and inefficient. Use public
key encryption only to encrypt the keys for the symmetric algorithm, but
then only if you have to trasmitt the keys over a public network.
If all the encryption occurs server-side there is no need to encrypt any
keys. Just use the same security mechanisms to protect your symmetric
key(s) as you would for protecting a private key.
I guess I am wondering what other people’s response to such an
approach is, and whether or not there are suggestions for other
approaches. My main concern with the approach noted above is how to
secure the private key used to encrypt the key and IV used to encrypt
the actual text.
Securing the private key is easy, NEVER let anyone else gain access to
it. You just have to setup the security of the system so that there
is no public access to whatever is storing your private keys.
I am also wondering if using Twofish is possible with a Rails app.
From what I have seen in the openSSL documentation, only Blowfish -
the predecessor to Twofish - is availble, or AES.
Again AES is the algorithm I would choose. It’s the most advanced
symmetric algorithm I’m aware of and is the one used in the SSL/TLS
protocols.