Simple Encryption

Posted by tobi — 04:06 PM Mar 14

For storing credit cards of our clients in our databases we use an asymmetric encryption system. Our web server farm only has the public key to encrypt the incoming cc’s. For the actual billing we use an internal server with no direct ties to the net. It receives a list of encrypted credit cards and the amount owed and goes to work with the private key to decrypt the cards and balance the books.

This little class does the encryption and decryption and even allows you to create a valid key pair. The ruby openssl library is not really documented so this might be useful to someone.

crypto-key.rb



    require 'key' 

    Crypto.create_keys # creates rsa_key and rsa_key.pub

    priv_key = Crypto::Key.from_file('rsa_key')
    pub_key =  Crypto::Key.from_file('rsa_key.pub')

    text = "I was encrypted but came back!" 

    secret = pub_key.encrypt(text)
    puts priv_key.decrypt(secret) #=> 
            "I was encrypted but came back!"

Comments

  • Marcus 14 Mar 17:16

    How does it go about to do the actual billing if it has no direct ties to the internet?

  • tobi 14 Mar 17:46

    Its connected to the internet alright but its behind a firewall and it got no public IP.

  • Jordan 14 Mar 18:23

    You said it uses an ‘asynchronous’ encryption method. I think you mean ‘asymmetric’

    http://en.wikipedia.org/wiki/Public_key

  • Ben Curtis 14 Mar 18:29

    You could also use TrustCommerce’s Citadel and let them store the data. :)

  • tobi 14 Mar 18:51

    Jordan: thanks

    Ben: True, but that locks you in with this vendor with no way to switch cc provider.

    TrustCommerce is excellent though. We have great support for them in ActiveMerchant

  • Rowan 14 Mar 22:00

    Good work, bravo, superb, you don’t know how many hours I was going through looking at this exact same problem last week, I think I went through every crypto library for ruby, and for some strange reason I’d thought the openssl wrapper wasn’t going to do public/private key encryption.

    Anyway a big slap on the back thanks for posting your code !!!! You’ve made my day.

  • Thomas 14 Mar 22:45

    Maybe 37signals (Basecamp, Ta-da etc.) will start storing our passwords this way instead of clear-text equilavent in their databases.

  • Francis 14 Mar 23:05

    Actually, I’ve been concerned by [Thomas’] comments as well but his is mistaken. This is also a clear-text equialavent.

    When someone stores a users password, what they should do is take the MD5 hash of that users password and store the hash in the database. Then when the user logs in, hash their submitted password and see if it matches to that in the database.

    This way, only the user knows what the password is

  • tobi 14 Mar 23:17

    For passwords hashing is a good idea. I used to be a big proponent of this strategy as you can see in typo and the login generator.

    Lately I don’t feel so strong about it anymore. I talked with lots of non technical people about this and they are generally confused if they don’t recognize the password they get emailed after hitting an “i forgot my password” type link.

    Obviously symetric encryption works well in such cases…

  • Francis 14 Mar 23:21

    Tobi,

    I don’t quite follow what you said. Since the only time someone would see their password is if they forgot it and asked to have it e-mailed to them.

    In that case, what you could do is create a temporary password and e-mail that temporary password to them.

    Now yes, it would be confusing to receive an e-mail if you don’t tell them it’s a temporary password that should be changed.

    Just my thoughts

  • Francis 14 Mar 23:22

    To clarify my last statement.

    Now yes, it would be confusing to receive a password that doesn’t look like your old password if the user wasn’t informed that it is a temporary password the should be changed.

  • tobi 15 Mar 10:05

    Good argument. Thats a good way to do it.

    Most users will go ahead and set it to their old password again. So if you don’t change their password to something random you save them some work.

  • Sean Smith 15 Mar 13:19

    It doesn’t surprise me that the ruby openssl wrapper is poorly documented, as the openssl library itself is poorly documented as well, primarily in using their own encryption functions including RSA. I did some work with the openssl library over the summer, and it was a pain in the ass.

  • Hank 15 Mar 13:42

    This is a good method as long as you can keep the “rsa_key” file secure and out of the hands of others.

    Just think – if the person can hack your database/web server – they probably can get access to that rsa_key file as well, now defeating the purpose of encryption

  • Jim 15 Mar 13:46

    Assuming you use MySQL, which if you read this blog you probably do.

    MySQL has encrypt/decrypt methods built in that will accomplish the exact same effect as the article posted here.

    http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html

    The benefit is that you now don’t have to require an external library to perform encryption since it’s built into the database.

  • tobi 15 Mar 18:30

    Jim: I don’t think mysql supports asymmetric encryption and there are no extra libraries required to do this in ruby because openssl is already bundled.

    Hank : exactly, thats why you don’t keep the rsa_key on your server farm at all. You only need the pub key and the servers can happily encrypt all the important information.

    The private key is something you should closely control, only have one copy of it on a encrypted file system on an non public IP server and another in a safety deposit box with your bank in case your office burns down.

  • Zachery Hostens 16 Mar 19:15

    Id agree with Tobi with both points.

    what would be the real point of encrypting something through mysql? if they hack your web/app server they can get whatever keyphrase is being used to encrypted the column in your database, and just retrieve everything … in a matter of minutes.

    As for the private key jim almost has a point. though only in situations where the administrator is 1 bit short of a byte. if they hack your web/app server, how long till they get to the billing server?

    Though with proper administration security/firewall setup this should be a moot issue. Having the billing box fetch data from the appserver or database (and dropping ALL connections from appserver->billing) creates a ZERO ability for the outside world to touch the billing machine.

    just my 2cent ;)

  • tobi 28 May 12:00

    Ok lets see…

  • Muhammad Saleem 30 May 01:21

    My name is muhammad Saleem and currently i am student of computer System Engineering in UET peshawar pakistan. I am interested in Message encryption and decryption techniques

  • mp3 ringtones 03 Jul 02:23

    http://www.la-ringtones.com/tones/ real ringtones. motorola ringtones: ringtones site free, ringtones site, Free nokia ringtones here. [url]http://www.la-ringtones.com/ring//urltracfone ringtones[/link] from site .

  • funny ringtones 03 Jul 02:23

    http://www.la-ringtones.com/mp3/ ringtones site. [URL=http://www.la-ringtones.com]qwest ringtones[/URL]: ringtones site free, ringtones site, Free nokia ringtones here. [url=http://www.la-ringtones.com]nextel ringtones[/url] from website .

  • funny ringtones 03 Jul 02:23

    http://www.la-ringtones.com/mp3/ ringtones site. ringtones site free, ringtones site, Free nokia ringtones here. from website .

  • ouimyim@dmoz.org 03 Jul 02:24

    ringtones free

Commenting are now closed…

About

Tobias Lütke is cofounder and CEO of Shopify, alumni of the Ruby on Rails core team and a startup advisor. Tobi wrote popular open source software such as ActiveMerchant, Liquid, Delayed::Job, Typo etc.

Popular posts

Categories

Projects and Libraries

Friends

Syndicate