Over a million developers have joined DZone.

What Is the Best Strategy for Encrypting Files in Ruby?

DZone's Guide to

What Is the Best Strategy for Encrypting Files in Ruby?

Are you a Ruby developer looking to get into the Security space, or hoping to integrate security into your workflow? Read on to learn how to encrypt/decrypt data in Ruby.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Editorial Note: This article as co-written by Darya Kurtsyna and Viktor Shmigol of Active Bridge.

Symmetric Encryption in Ruby

In the past, cryptography was used con fines militares. However, now, along with the Information Society Foundation, cryptography’s become one of the main tools providing confidentiality, authorization, electronic payments, corporate security, and so on.

Cryptographic methods can be used to solve security issues, such as confidentiality of transmitted/stored data; authentication; integrity of stored and transmitted data; ensuring document authenticity; etc. Also, these methods are used for information transformation such as encryption (symmetric and asymmetric), hash functions calculation; generation of electronic digital signatures, and generation of a sequence of pseudo-random numbers.

There are some common definitions for cryptography.

Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. Encryption does not of itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted.

The Symmetric-Key Algorithm Is Usually Called Classical Code Number.

Symmetric encryption provides allows you to use the same key for both encryption and decryption. Two basic requirements are used for symmetric algorithms: the complete loss of all statistical regularities in the encryption object and the absence of linearity. We should divide the symmetric systems into block and stream systems. In block systems, the original data is divided into blocks with subsequent conversion with a key. In streaming systems, a certain sequence (output gamma) is generated. It replaces the message itself, and data encryption occurs as the flow, while the gamma is being generated.

The block length is usually 8 or 16 bytes. There are algorithms that allow a variable block length. The most famous block ciphers are determined by the American standard DES (Data Encryption Standard), for which the block length n is 64 and 256, respectively.


I am going to show you how the encryption flow actually works using some Ruby code. We will use 4096-bit key lengths and SHA-256 as our digest function.

So, we have the goal:
There are two users. They want to send a message to each other that no one else can read. They are defined in our Ruby code as sender and recipient.

Let's create an AsymmetricEncryption class:

class AsymmetricEncryption
  attr_reader :config

  def initialize
    @config = { key_length: 4096, digest_func: OpenSSL::Digest::SHA256.new }

  def generate_pair
    { private_key: pair.to_s, public_key: pair.public_key.to_s }

  def decrypt(private_key, encrypted)

  def encrypt(pub_key, data)

  def signature(private_key, data)
    client(private_key).sign(config[:digest_func], data)

  def verify(pub_key, signature, data)
    client(pub_key).verify(config[:digest_func], signature, data)


  def pub
    @pub ||= client(pair.public_key.to_der)

  def pair
    @pair ||= client(config[:key_length])

  def client(key)

Now, let's create specs for it:

require 'spec_helper'

describe AsymmetricEncryption do
  let(:data) { 'Hello world' }
  let(:encryptor) { AsymmetricEncryption.new }
  let(:pair) { encryptor.generate_pair }

  it 'encrypt/decrypt'  do
    encrypted = encryptor.encrypt(pair[:public_key], data)
    expect(encryptor.decrypt(pair[:private_key], encrypted)).to eq(data)

  it 'verify/signature' do
    signature = encryptor.signature(pair[:private_key], data)
    expect(encryptor.verify(pair[:public_key], signature, data)).to be_truthy

First of all, we need to generate key-pairs for users. The method generate_pair  creates two keys, a public key which will only be used to encrypt data, and a private key, which will only be used to decrypt data.

sender_pair = AsymmetricEncryption.new.generate_pair
recipient_pair = AsymmetricEncryption.new.generate_pair

Using the sender's private key, generate a signature for the message:
message = 'Hello world'
encryptor = AsymmetricEncryption.new
signature = encryptor.signature(sender_pair[:private_key], message)

Then we will prepare a message to send:

encrypted = encryptor.encrypt(recipient_pair[:public_key], message)

The recipient will be able to decrypt the message using their private key:

decrypted = encryptor.decrypt(recipient_pair[:private_key], encrypted)

Additionally, the recipient can verify that the message is actually from the sender by checking the signature:

puts 'Verified' if encryptor.verify(sender_pair[:public_key], signature, decrypted)

That’s all.

All open encryption systems have the following disadvantages: the key must be transmitted through a secret channel; hard requirements to the key generation service, due to the fact that for n subscribers with the "each with" interaction scheme, the dependence of the key numbers on the subscriber number is quadratic. The main disadvantage of symmetric encryption is the secret key must be known to both the sender and the recipient.

How can one safely distribute symmetric (secret) keys?

In the future, it’ll be possible to carry out the transfer of keys based on quantum cryptography and to develop methods into their software and hardware implementations to increase the length of the pseudo-random sequence.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

ruby ,security ,encryption ,decryption ,cryptography

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}