I need to encrypt some items in the database in a rails app. I tried using the old "sentry" gem, but it doesn''t seem to be surviving Rails 2. The stuff I found for Active Crypto on the web appeared to be many years old. What are folks using to encrypt db data via active record these days? thanks, jp -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
depends on what you are looking for. if want to have a one-way function (for passwords and such) just try it like this: encrypted_item = Digest::SHA256.hexdigest(“string_to_encrypt”) you could also use SHA1, SHA384, SHA512 depending on your need of security. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
MaD wrote:> depends on what you are looking for. if want to have a one-way > function (for passwords and such) just try it like this: > > encrypted_item = Digest::SHA256.hexdigest(�string_to_encrypt�) > > you could also use SHA1, SHA384, SHA512 depending on your need of > security.Thanks, but I need to decrypt it also. It is "for your eyes only" user data. thanks, jp -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Mar 10, 2009 at 10:15 AM, Jeff Pritchard < rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > MaD wrote: > > depends on what you are looking for. if want to have a one-way > > function (for passwords and such) just try it like this: > > > > encrypted_item = Digest::SHA256.hexdigest(�string_to_encrypt�) > > > > you could also use SHA1, SHA384, SHA512 depending on your need of > > security. > > Thanks, but I need to decrypt it also. It is "for your eyes only" user > data. > > thanks, > jp >There is a ruby-aes-normal gem. I have never used it. Have you looked at? Cheers-- Charles --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I''m not a cryptographer, but .... One way you could do this, depending on your app requirements, is to follow an asymmetric encryption strategy using pub/priv keys, something like: ### gen pub/priv keys to use: $ cd ./private $ openssl genrsa -out asym_priv.key 2048 ... $ openssl rsa -in asym_priv.key -out asym_pub.key -pubout ... $ chmod 400 asym_priv.key $ chmod 444 asym_pub.key $ cd .. ### cat ./app/model/cryptor.rb require ''digest/sha2'' require ''openssl'' class Cryptor include Singleton ASYM_PUB_KEY = OpenSSL::PKey::RSA.new(IO.read("#{RAILS_ROOT}/private/ asym_pub.key")) ASYM_PRIV_KEY = OpenSSL::PKey::RSA.new(IO.read("#{RAILS_ROOT}/ private/asym_priv.key")) ... def Cryptor.asym_encrypt(str) return Base64.encode64(ASYM_PUB_KEY.public_encrypt(str)) end def Cryptor.asym_decrypt(str) return ASYM_PRIV_KEY.private_decrypt(Base64.decode64(str)) end ... end ### and then test it out: $ ./script/console ...>> enc_str = Cryptor.asym_encrypt(''testing 1 2 3'')=> "i4d/uc6w1NGCUQLspM7CMsvNMd +4dFrx3yb0QhM4N3di6Yha8jeW5Ftx4ZA2\nnPn4AzhZPzCrQdds/ERP0Lb9X/ dzJaJt5Tyig12hl4EqlILTnSj9SlPatIr9\n2m9D0K416BRuCJaWOp0lhXIe1XCZisjKKhLhR1T3nH +NjQnNx4HBFhrFOnSz \nuWpNfQf8sYxhLiSiKwTy3WUPmSRHPgu8h5mIgtxjU12spf0NvbZEDzwP+/br \nWMJNQ6rGSNP6smd3YahoQzYjNFn3v+YCjG497eIdHNOBN6LAnW+HoB1TD5qm \ngJzuOIk1eownT9kfjiykR+lNmw1kNX3bzDqdBvsB8g==\n">> dec_str = Cryptor.asym_decrypt(enc_str)=> "testing 1 2 3" Using Base64 isn''t necessary if your db tbls can handle binary, but it can be a help when you''re testing/debugging. Also, the size of your priv key in bits will definitely effect performance of encrypt/decrypt process, so you''ll want to choose according to needs, balancing performance vs encrypt-strength. And if such an asym strategy is just too slow for your needs, then you could pursue a symmetric strategy instead, which would be much faster in terms of performance, but more complex to implement (likely having to persist the initialization vector -- iv -- val used when sym encrypting some val for later use when sym decrypting that val again). Jeff On Mar 10, 8:15 am, Jeff Pritchard <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> MaD wrote: > > depends on what you are looking for. if want to have a one-way > > function (for passwords and such) just try it like this: > > > encrypted_item = Digest::SHA256.hexdigest( string_to_encrypt ) > > > you could also use SHA1, SHA384, SHA512 depending on your need of > > security. > > Thanks, but I need to decrypt it also. It is "for your eyes only" user > data. > > thanks, > jp > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Jeff Pritchard wrote:> I need to encrypt some items in the database in a rails app. > > I tried using the old "sentry" gem, but it doesn''t seem to be surviving > Rails 2. The stuff I found for Active Crypto on the web appeared to be > many years old. > > What are folks using to encrypt db data via active record these days? > > thanks, > jpI''m starting to question the validity of this whole notion. It seems to be expected that one would encrypt database tables that hold sensitive information (like a user''s health information for example). Taking a step back from it though, what''s the point? The database and my app are all on the same server. Nobody can see the database files unless they have access to my server. Anybody who does have access to my server can look at the app to figure out how to read the encrypted database tables/columns. So what is the supposed advantage of encrypting them in the first place???? Sorry for playing my own devil''s advocate here, but it just dawned on me that perhaps I was chasing a fool''s errand. Please enlighten me. thanks, jp -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
2009/3/11 Jeff Pritchard <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>> > Jeff Pritchard wrote: > > I need to encrypt some items in the database in a rails app. > > > > I tried using the old "sentry" gem, but it doesn''t seem to be surviving > > Rails 2. The stuff I found for Active Crypto on the web appeared to be > > many years old. > > > > What are folks using to encrypt db data via active record these days? > > > > thanks, > > jp > > I''m starting to question the validity of this whole notion. It seems to > be expected that one would encrypt database tables that hold sensitive > information (like a user''s health information for example). > > Taking a step back from it though, what''s the point? The database and > my app are all on the same server. Nobody can see the database files > unless they have access to my server. Anybody who does have access to > my server can look at the app to figure out how to read the encrypted > database tables/columns. > > So what is the supposed advantage of encrypting them in the first > place???? >It may depend on the likelihood of someone leaving a CD backup copy of the database on a train (or a laptop with a copy of the db), and of how embarrassing that would be. If you are handling private personal information or commercially confidential data you must consider the possibility of litigation if the data escapes. Colin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Colin Law wrote:> 2009/3/11 Jeff Pritchard <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> > >> > thanks, >> database tables/columns. >> >> So what is the supposed advantage of encrypting them in the first >> place???? >> > > It may depend on the likelihood of someone leaving a CD backup copy of > the > database on a train (or a laptop with a copy of the db), and of how > embarrassing that would be. > > If you are handling private personal information or commercially > confidential data you must consider the possibility of litigation if the > data escapes. > > ColinThanks Colin. That sounds like a valid reason. jp -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Running the application usually involves some sort of user rights. If the passwords aren''t stored on the server, then running the app won''t give access to the data. Just don''t leave the keys in plain text on the server and don''t leave user account info on the server. One consideration: Encrypting in the app layer may become very painful if you want to do sql maintenance of your database. Regards, Nick On Tue, Mar 10, 2009 at 11:05 PM, Jeff Pritchard < rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Jeff Pritchard wrote: > > I need to encrypt some items in the database in a rails app. > > > > I tried using the old "sentry" gem, but it doesn''t seem to be surviving > > Rails 2. The stuff I found for Active Crypto on the web appeared to be > > many years old. > > > > What are folks using to encrypt db data via active record these days? > > > > thanks, > > jp > > I''m starting to question the validity of this whole notion. It seems to > be expected that one would encrypt database tables that hold sensitive > information (like a user''s health information for example). > > Taking a step back from it though, what''s the point? The database and > my app are all on the same server. Nobody can see the database files > unless they have access to my server. Anybody who does have access to > my server can look at the app to figure out how to read the encrypted > database tables/columns. > > So what is the supposed advantage of encrypting them in the first > place???? > > Sorry for playing my own devil''s advocate here, but it just dawned on me > that perhaps I was chasing a fool''s errand. Please enlighten me. > > thanks, > jp > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---