Rails - Feb 2006 - Sentry Plugin - Easy Question I don''t doubt

I am looking at adding the Sentry plugin to one of the applications  
that we are working on. I have a need to store some info that will  
have to be encrypted and decrypted. I have been going through the  
docs for the plugin and the AsymetricSentry class looks like the best  
for what we need to do but I am not sure how to generate the key. The  
docs say:

This is a shortcut for using an asymmetrical algorithm with a private/ 
public key file.  To use this, generate a public and
private key with Sentry::AsymmetricalSentry.save_random_rsa_key 
(private_key_file, public_key_file).  If you want to encrypt the
private key file with a symmetrical algorithm, pass a secret key  
(neither the key nor the decrypted value will be stored).

Sentry::AsymmetricSentry.save_random_rsa_key(private_key_file,  
public_key_file, :key => ''secret_password'')

My question is this. I only want to generate this key once and set  
the defaults in the environment.rb as mentioned in the docs. How do I  
go about doing this? I am sure that the answer is probably very simple.

Thanks

Andrew

On 2/6/06, Andrew Filipowski <a.filipowski@mac.com>
wrote:
> I am looking at adding the Sentry plugin to one of the applications
> that we are working on. I have a need to store some info that will
> have to be encrypted and decrypted. I have been going through the
> docs for the plugin and the AsymetricSentry class looks like the best
> for what we need to do but I am not sure how to generate the key. The
> docs say:
>
> This is a shortcut for using an asymmetrical algorithm with a private/
> public key file.  To use this, generate a public and
> private key with Sentry::AsymmetricalSentry.save_random_rsa_key
> (private_key_file, public_key_file).  If you want to encrypt the
> private key file with a symmetrical algorithm, pass a secret key
> (neither the key nor the decrypted value will be stored).
>
> Sentry::AsymmetricSentry.save_random_rsa_key(private_key_file,
> public_key_file, :key => ''secret_password'')
>
> My question is this. I only want to generate this key once and set
> the defaults in the environment.rb as mentioned in the docs. How do I
> go about doing this? I am sure that the answer is probably very simple.
>
> Thanks
>
> Andrew
First, I added a config.yml file for various app settings (sentry
keys, payment gateway stuff, etc).

config/config.yml:
:keys:
  :public: /config/sentry_keys/pub.key
  :private: /config/sentry_keys/priv.key
  :symmetric_key: my_sekrit

Then in environment.rb, I load the config, and set the global vars:

CONFIG = YAML::load(File.open("#{RAILS_ROOT}/config/config.yml"))
# Sentry
Sentry::AsymmetricSentry.default_public_key_file
"#{RAILS_ROOT}#{CONFIG[:keys][:public]}"
Sentry::AsymmetricSentry.default_private_key_file
"#{RAILS_ROOT}#{CONFIG[:keys][:private]}"

The thing is, you have to pass the secret key each time you want to
decrypt.  Silly I suppose, but then what''s the point of the
encryption?  The point of the asymmetric encryption is so the actual
key is not on the system at all.

If you have sentry installed as a plugin, there is a rake task to
generate the key.

rake sentry_key PRIV=config/sentry_keys/priv.key
PUB=config/sentry_keys/pub.key KEY=my_sekrit

--
Rick Olson
http://techno-weenie.net

Thanks that was what I was looking for. Did not see the rake task in  
the docs. Either I overlooked it or it isn''t there.

Andrew


On Feb 6, 2006, at 4:46 PM, Rick Olson wrote:
> On 2/6/06, Andrew Filipowski <a.filipowski@mac.com> wrote:
>> I am looking at adding the Sentry plugin to one of the applications
>> that we are working on. I have a need to store some info that will
>> have to be encrypted and decrypted. I have been going through the
>> docs for the plugin and the AsymetricSentry class looks like the best
>> for what we need to do but I am not sure how to generate the key. The
>> docs say:
>>
>> This is a shortcut for using an asymmetrical algorithm with a  
>> private/
>> public key file.  To use this, generate a public and
>> private key with Sentry::AsymmetricalSentry.save_random_rsa_key
>> (private_key_file, public_key_file).  If you want to encrypt the
>> private key file with a symmetrical algorithm, pass a secret key
>> (neither the key nor the decrypted value will be stored).
>>
>> Sentry::AsymmetricSentry.save_random_rsa_key(private_key_file,
>> public_key_file, :key => ''secret_password'')
>>
>> My question is this. I only want to generate this key once and set
>> the defaults in the environment.rb as mentioned in the docs. How do I
>> go about doing this? I am sure that the answer is probably very  
>> simple.
>>
>> Thanks
>>
>> Andrew
>
> First, I added a config.yml file for various app settings (sentry
> keys, payment gateway stuff, etc).
>
> config/config.yml:
> :keys:
>   :public: /config/sentry_keys/pub.key
>   :private: /config/sentry_keys/priv.key
>   :symmetric_key: my_sekrit
>
> Then in environment.rb, I load the config, and set the global vars:
>
> CONFIG = YAML::load(File.open("#{RAILS_ROOT}/config/config.yml"))
> # Sentry
> Sentry::AsymmetricSentry.default_public_key_file >
"#{RAILS_ROOT}#{CONFIG[:keys][:public]}"
> Sentry::AsymmetricSentry.default_private_key_file >
"#{RAILS_ROOT}#{CONFIG[:keys][:private]}"
>
> The thing is, you have to pass the secret key each time you want to
> decrypt.  Silly I suppose, but then what''s the point of the
> encryption?  The point of the asymmetric encryption is so the actual
> key is not on the system at all.
>
> If you have sentry installed as a plugin, there is a rake task to
> generate the key.
>
> rake sentry_key PRIV=config/sentry_keys/priv.key
> PUB=config/sentry_keys/pub.key KEY=my_sekrit
>
> --
> Rick Olson
> http://techno-weenie.net
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

Here is another question based on your response. Lets say that I have  
two apps, one is going to only encrypt, it can never decrypt. I  
havn''t put any decrypt actions in my app, and i am not going to. But  
can I not include on this app the :symetric_key in the config file?  
We are going to be encrypting creditcards with this app and to  
completely secure data that needs to be as secure as possible we are  
going to have the app in the DMZ (public interface) set up to use SSL  
and it is going to store only the last 4 digits of the credit card.  
Our network is going to be set up so that there is a completely  
seperate DB behind the firewall that is going to store the actual  
creditcard number and other sensitive material. The second app is  
actually going to live behind the firewall and can decrypt the  
creditcard to send to the payment gateway for processing. I know we  
are being a little paranoid but a little paranoia doesn''t hurt when  
dealing with sensitive data.

so in this setup can i do what I hope to do which is use the same  
public and private keys in two different apps going after the same  
data? And if so do I need the symetric_key info in my outside facing  
app? or is it only used to decrypt? If it only is used to decrypt  
than my setup in theory sounds like it should work the way that we  
want it to. Where the outside app can''t decrypt because it has no  
knowledge of the symetric_key. This way the highly sensitive data is  
protected in three ways. The network is configured to only accept  
writes, the DB is set up with a user who only has write access, and  
should the server (DMZ) get compromised in anyway there is no way for  
the malicious user to find out the symetric_key to decrypt the stored  
values.

On a second note, is it possible to have two sets of keys? One key  
for the creditcard info, and one key for other data that we deem  
necessary to encrypt that the outside app would need to be able to  
decrypt?

Both of these I will probably end up testing but an answer would  
greatly shorten my effort if the answer to either is no.

Thanks again for all the help

Andrew


On Feb 6, 2006, at 4:46 PM, Rick Olson wrote:
> On 2/6/06, Andrew Filipowski <a.filipowski@mac.com> wrote:
>> I am looking at adding the Sentry plugin to one of the applications
>> that we are working on. I have a need to store some info that will
>> have to be encrypted and decrypted. I have been going through the
>> docs for the plugin and the AsymetricSentry class looks like the best
>> for what we need to do but I am not sure how to generate the key. The
>> docs say:
>>
>> This is a shortcut for using an asymmetrical algorithm with a  
>> private/
>> public key file.  To use this, generate a public and
>> private key with Sentry::AsymmetricalSentry.save_random_rsa_key
>> (private_key_file, public_key_file).  If you want to encrypt the
>> private key file with a symmetrical algorithm, pass a secret key
>> (neither the key nor the decrypted value will be stored).
>>
>> Sentry::AsymmetricSentry.save_random_rsa_key(private_key_file,
>> public_key_file, :key => ''secret_password'')
>>
>> My question is this. I only want to generate this key once and set
>> the defaults in the environment.rb as mentioned in the docs. How do I
>> go about doing this? I am sure that the answer is probably very  
>> simple.
>>
>> Thanks
>>
>> Andrew
>
> First, I added a config.yml file for various app settings (sentry
> keys, payment gateway stuff, etc).
>
> config/config.yml:
> :keys:
>   :public: /config/sentry_keys/pub.key
>   :private: /config/sentry_keys/priv.key
>   :symmetric_key: my_sekrit
>
> Then in environment.rb, I load the config, and set the global vars:
>
> CONFIG = YAML::load(File.open("#{RAILS_ROOT}/config/config.yml"))
> # Sentry
> Sentry::AsymmetricSentry.default_public_key_file >
"#{RAILS_ROOT}#{CONFIG[:keys][:public]}"
> Sentry::AsymmetricSentry.default_private_key_file >
"#{RAILS_ROOT}#{CONFIG[:keys][:private]}"
>
> The thing is, you have to pass the secret key each time you want to
> decrypt.  Silly I suppose, but then what''s the point of the
> encryption?  The point of the asymmetric encryption is so the actual
> key is not on the system at all.
>
> If you have sentry installed as a plugin, there is a rake task to
> generate the key.
>
> rake sentry_key PRIV=config/sentry_keys/priv.key
> PUB=config/sentry_keys/pub.key KEY=my_sekrit
>
> --
> Rick Olson
> http://techno-weenie.net
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

On 2/6/06, Andrew Filipowski <a.filipowski@mac.com>
wrote:
> Here is another question based on your response. Lets say that I have
> two apps, one is going to only encrypt, it can never decrypt. I
> havn''t put any decrypt actions in my app, and i am not going to.
But
> can I not include on this app the :symetric_key in the config file?
> We are going to be encrypting creditcards with this app and to
> completely secure data that needs to be as secure as possible we are
> going to have the app in the DMZ (public interface) set up to use SSL
> and it is going to store only the last 4 digits of the credit card.
> Our network is going to be set up so that there is a completely
> seperate DB behind the firewall that is going to store the actual
> creditcard number and other sensitive material. The second app is
> actually going to live behind the firewall and can decrypt the
> creditcard to send to the payment gateway for processing. I know we
> are being a little paranoid but a little paranoia doesn''t hurt
when
> dealing with sensitive data.
>
> so in this setup can i do what I hope to do which is use the same
> public and private keys in two different apps going after the same
> data? And if so do I need the symetric_key info in my outside facing
> app? or is it only used to decrypt? If it only is used to decrypt
> than my setup in theory sounds like it should work the way that we
> want it to. Where the outside app can''t decrypt because it has no
> knowledge of the symetric_key. This way the highly sensitive data is
> protected in three ways. The network is configured to only accept
> writes, the DB is set up with a user who only has write access, and
> should the server (DMZ) get compromised in anyway there is no way for
> the malicious user to find out the symetric_key to decrypt the stored
> values.
>
> On a second note, is it possible to have two sets of keys? One key
> for the creditcard info, and one key for other data that we deem
> necessary to encrypt that the outside app would need to be able to
> decrypt?
>
> Both of these I will probably end up testing but an answer would
> greatly shorten my effort if the answer to either is no.
>
> Thanks again for all the help
>
> Andrew
1) You can use the public/private key anywhere you like.  You
shouldn''t store the symmetric password ANYWHERE on the system. 
Ideally it''s something you have to manually enter.  However, this
means you''d need some manual input for credit card processing.  If
this doesn''t work, then you should just use the unencrypted private
key on the internal processing server.  Also, since you''re not going
to be decrypting on the public facing site at all, you only need the
public key file.

2) Yes you can have multiple keys.  But, you''ll have to manually pass
them.  The unit tests should have examples of this.  I believe they
test both default key usage and the ability to pass keys.

--
Rick Olson
http://techno-weenie.net

Rick,
thanks for clarifying things for me. I now know how I need to have  
things set up to work in our environment.

Andrew


On Feb 6, 2006, at 11:43 PM, Rick Olson wrote:
> On 2/6/06, Andrew Filipowski <a.filipowski@mac.com> wrote:
>> Here is another question based on your response. Lets say that I have
>> two apps, one is going to only encrypt, it can never decrypt. I
>> havn''t put any decrypt actions in my app, and i am not going
to. But
>> can I not include on this app the :symetric_key in the config file?
>> We are going to be encrypting creditcards with this app and to
>> completely secure data that needs to be as secure as possible we are
>> going to have the app in the DMZ (public interface) set up to use SSL
>> and it is going to store only the last 4 digits of the credit card.
>> Our network is going to be set up so that there is a completely
>> seperate DB behind the firewall that is going to store the actual
>> creditcard number and other sensitive material. The second app is
>> actually going to live behind the firewall and can decrypt the
>> creditcard to send to the payment gateway for processing. I know we
>> are being a little paranoid but a little paranoia doesn''t hurt
when
>> dealing with sensitive data.
>>
>> so in this setup can i do what I hope to do which is use the same
>> public and private keys in two different apps going after the same
>> data? And if so do I need the symetric_key info in my outside facing
>> app? or is it only used to decrypt? If it only is used to decrypt
>> than my setup in theory sounds like it should work the way that we
>> want it to. Where the outside app can''t decrypt because it has
no
>> knowledge of the symetric_key. This way the highly sensitive data is
>> protected in three ways. The network is configured to only accept
>> writes, the DB is set up with a user who only has write access, and
>> should the server (DMZ) get compromised in anyway there is no way for
>> the malicious user to find out the symetric_key to decrypt the stored
>> values.
>>
>> On a second note, is it possible to have two sets of keys? One key
>> for the creditcard info, and one key for other data that we deem
>> necessary to encrypt that the outside app would need to be able to
>> decrypt?
>>
>> Both of these I will probably end up testing but an answer would
>> greatly shorten my effort if the answer to either is no.
>>
>> Thanks again for all the help
>>
>> Andrew
>
> 1) You can use the public/private key anywhere you like.  You
> shouldn''t store the symmetric password ANYWHERE on the system.
> Ideally it''s something you have to manually enter.  However, this
> means you''d need some manual input for credit card processing.  If
> this doesn''t work, then you should just use the unencrypted
private
> key on the internal processing server.  Also, since you''re not
going
> to be decrypting on the public facing site at all, you only need the
> public key file.
>
> 2) Yes you can have multiple keys.  But, you''ll have to manually
pass
> them.  The unit tests should have examples of this.  I believe they
> test both default key usage and the ability to pass keys.
>
> --
> Rick Olson
> http://techno-weenie.net
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails