Menu
I want to use two key pairs to implement secure messaging with non-repudiation between two communicating systems. I have generated and stored two sets of key pairs using:
sys1_key = OpenSSL::PKey::RSA.generate( 2048 )
sys2_key = OpenSSL::PKey::RSA.generate( 2048 )
Both of these key pairs have had their separate public and private keys saved out to files:
System 1 has its own public and private keys as well as the public key of System 2. System 2 has its own public and private keys as well as the public key of System 1.
On System 1, I want to take the message "Hello world" and encrypt it using System 1's private key and System 2's public key. This message can only be decrypted by System 2 using its own private key and System 1's public key.
We currently effect a similar process using GPG but I want to automate the process -- any help appreciated. We're on Ruby 1.9.2.
387
The main difference between asymmetric versus symmetric cryptography is that asymmetric encryption algorithms make use of two different but related keys. One key encrypts data and another key decrypts it. Symmetric encryption uses the same key to perform both encryption and decryption functions.
Asymmetric cryptography uses two keys: if you encrypt with one key, you may decrypt with the other. Hashing is a one-way cryptographic transformation using an algorithm (and no key).
AES (Advanced Encryption Standard) is a symmetric-key encryption algorithm.
You will also need a passphrase, which you must use whenever you use OpenSSL, so make sure to remember it. This command uses OpenSSL's genrsa command to generate a 1024-bit public/private key pair. This is possible because the RSA algorithm is asymmetric.
Private keys are for Decryptions and Public keys are for Encryption.
So If System 1 intends to send an encrypted text to System 2.
System 1 should get hold of public key of System 2 and encrypt the text using System 2's Public key. System 2 can receive the text and use its own Private key to decrypt. On sending Side you can use code like this.
#!/usr/bin/env ruby
require 'openssl'
require 'base64'
public_key_file = 'server2_public.pem';
string = 'Secret!';
public_key =
OpenSSL::PKey::RSA.new(File.read(public_key_file))
encrypted_string = Base64.encode64(public_key.public_encrypt(string))
print encrypted_string, "\n"
Base 64 encoding is just an optional step, depending on whether you want to send binary data over the wire etc.
On the receiving side
#!/usr/bin/env ruby
require 'openssl'
require 'base64'
key = 'my_private_key.pem';
private_key = OpenSSL::PKey::RSA.new(File.read(key),'password')
data = private_key.private_decrypt(Base64.decode64(encrypted_data_received))
puts data
If you have n number of systems you should use conventions to lookup public key names. Such as public key name can be same name as target machine name of the message and it can be looked up from the key server. private keys should be present only on corresponding system.
Purpose of Asymmetric Encryption is Twofold.
1) If you Encrypt Using a Public Key. Only the person who has the corresponding Private Key can Decrypt. This achieves message security. 2) If you Sign using a private Key, Public Key can be used to verify authenticity. Everyone who has access to the Public key can verify message authenticity. It proves the point that only you could have encrypted it. This is called a Signature.
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
