Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
49 lines (37 sloc) 1.85 KB
# Symmetric crypto lets you scramble some data with one shared key. It is faster
# than asymmetric crypto, but has the downside that you can only share the data
# with trusted parties, so the key has to be pre-shared somehow, unlike asymmetric
# crypto.
# Note that a common method for fast cryptography is to first connect with the
# slower asymmetric crypto, then use that connection to exchange a shared secret
# for symmetric crypto. HTTPS and SSL sockets use this method. This means you get
# the full additional security from asymmetric crypto, but the speed of symmetric
# crypto.
require "openssl"
secret = "fd5d148867091d7595c388ac0dc50bb465052b764c4db8b4b4c3448b52ee0b33df16975830acca82"
data = "This is some data"
# You can list available chiphers.
#p OpenSSL::Cipher.ciphers
# The chiphers take the format name-keylength-mode
cipher ="AES-128-CBC")
# An alternative way of creating the object would be
cipher =, :CBC)
# The API is very imperative, as it binds pretty directly to the underlying C
# libraries. This call sets the object in encryption mode.
cipher.key = secret
# Many ciphers uses an initialization vector (IV) to randomize encryption. IVs should be unpredictable.
# See Ruby docs for more info:
iv = cipher.random_iv
encrypted = cipher.update(data) +
p iv + encrypted
# => ...some unreadable binary stuff...
# Time to decrypt it. We need to create a new object.
decipher =, :CBC)
decipher.key = secret
decipher.iv = encrypted[0..16] # In some modes like CTR you wouldn't be able to decrypt without proper IV setup
decrypted = decipher.update(encrypted[16..-1]) +
p decrypted
# => "This is some data"