Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ruby OpenSSL asymmetric encryption - using two key pairs

Tags:

ruby

openssl

I want to use two key pairs to implement secure messaging with non-repudiation between two communicating systems. I have generated and stored two sets of key pairs using:

sys1_key = OpenSSL::PKey::RSA.generate( 2048 )
sys2_key = OpenSSL::PKey::RSA.generate( 2048 )

Both of these key pairs have had their separate public and private keys saved out to files:

  • sys1.pub.pem
  • sys1.priv.pem
  • sys2.pub.pem
  • sys2.priv.pem

System 1 has its own public and private keys as well as the public key of System 2. System 2 has its own public and private keys as well as the public key of System 1.

On System 1, I want to take the message "Hello world" and encrypt it using System 1's private key and System 2's public key. This message can only be decrypted by System 2 using its own private key and System 1's public key.

We currently effect a similar process using GPG but I want to automate the process -- any help appreciated. We're on Ruby 1.9.2.

like image 387
Michael Avatar asked Sep 30 '12 16:09

Michael


People also ask

Does asymmetric encryption use two keys?

The main difference between asymmetric versus symmetric cryptography is that asymmetric encryption algorithms make use of two different but related keys. One key encrypts data and another key decrypts it. Symmetric encryption uses the same key to perform both encryption and decryption functions.

How many keys are required in asymmetric encryption?

Asymmetric cryptography uses two keys: if you encrypt with one key, you may decrypt with the other. Hashing is a one-way cryptographic transformation using an algorithm (and no key).

Is OpenSSL symmetric or asymmetric?

AES (Advanced Encryption Standard) is a symmetric-key encryption algorithm.

Is OpenSSL asymmetric?

You will also need a passphrase, which you must use whenever you use OpenSSL, so make sure to remember it. This command uses OpenSSL's genrsa command to generate a 1024-bit public/private key pair. This is possible because the RSA algorithm is asymmetric.


1 Answers

Private keys are for Decryptions and Public keys are for Encryption.

So If System 1 intends to send an encrypted text to System 2.

System 1 should get hold of public key of System 2 and encrypt the text using System 2's Public key. System 2 can receive the text and use its own Private key to decrypt. On sending Side you can use code like this.

#!/usr/bin/env ruby

require 'openssl'
require 'base64'

public_key_file = 'server2_public.pem';
string = 'Secret!';

public_key =
OpenSSL::PKey::RSA.new(File.read(public_key_file))
encrypted_string = Base64.encode64(public_key.public_encrypt(string))
print encrypted_string, "\n"

Base 64 encoding is just an optional step, depending on whether you want to send binary data over the wire etc.

On the receiving side

#!/usr/bin/env ruby

require 'openssl'
require 'base64'

key = 'my_private_key.pem';

private_key = OpenSSL::PKey::RSA.new(File.read(key),'password')
data = private_key.private_decrypt(Base64.decode64(encrypted_data_received))

puts data

If you have n number of systems you should use conventions to lookup public key names. Such as public key name can be same name as target machine name of the message and it can be looked up from the key server. private keys should be present only on corresponding system.

Purpose of Asymmetric Encryption is Twofold.

1) If you Encrypt Using a Public Key. Only the person who has the corresponding Private Key can Decrypt. This achieves message security. 2) If you Sign using a private Key, Public Key can be used to verify authenticity. Everyone who has access to the Public key can verify message authenticity. It proves the point that only you could have encrypted it. This is called a Signature.

like image 126
irfn Avatar answered Nov 08 '22 23:11

irfn