Encryption in Crystal lang

curious2learn · May 11, 2019, 11:17pm

How do I do encryption in Crystal? I want to encrypt say a hash type or a named tuple containing some information, and then add it as a cookie value. I need to be able to read this encrypted value back and decrypt it to original hash type. Is this possible?

Thank you so much for all the help.

sol.vin · May 12, 2019, 6:47pm

Check out OpenSSL::Cipher https://crystal-lang.org/api/0.35.1/OpenSSL/Cipher.html

Blacksmoke16 · May 12, 2019, 6:51pm

@sol.vin Just a heads up that link is for a quite old version of the Crystal docs.

sol.vin · May 12, 2019, 8:41pm

oops my bad, I just googled OpenSSL Cipher Crystal API and thats what came up.

sol.vin · May 12, 2019, 8:46pm

@Blacksmoke16 Wait I’m missing something here, I went through the API docs on latest and couldn’t find Cipher any more, but I know it’s still there because I recently used it in a program I was writing. It’s still there in the src.

github.com

crystal-lang/crystal/blob/master/src/openssl/cipher.cr

require "random/secure"
require "openssl"

class OpenSSL::Cipher
  class Error < OpenSSL::Error
  end

  def initialize(name)
    cipher = LibCrypto.evp_get_cipherbyname name
    raise ArgumentError.new "Unsupported cipher algorithm #{name.inspect}" unless cipher

    @ctx = LibCrypto.evp_cipher_ctx_new
    # The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
    # uninitialized key, but other EVPs (such as AES) does not allow it.
    # Calling EVP_CipherUpdate() without initializing key causes SEGV so
    # we set the data filled with "\0" as the key by default.
    cipherinit cipher: cipher, key: "\0" * LibCrypto::EVP_MAX_KEY_LENGTH
  end

  def encrypt

This file has been truncated. show original

konovod · May 12, 2019, 8:51pm

Your question consists of two problems -

serialize your hash to some string or binary stream, (and deserialize back)
encrypt it (and decrypt back)

If I would need to do it, I’ll do something like this:

require "yaml"
require "monocypher"

def encrypt(object, secret)
  plaintext = object.to_yaml.to_slice
  ciphertext = Bytes.new(plaintext.size + Crypto::OVERHEAD_SYMMETRIC)
  Crypto.encrypt(key: secret, input: plaintext, output: ciphertext)
  cookiestring = ciphertext.hexstring
end

def decrypt(text, secret)
  ciphertext = text.hexbytes
  raise "ciphertext too short" if ciphertext.size < Crypto::OVERHEAD_SYMMETRIC
  result = Bytes.new(ciphertext.size - Crypto::OVERHEAD_SYMMETRIC)
  unless Crypto.decrypt(key: secret, input: ciphertext, output: result)
    raise "ciphertext is corrupt"
  end
  hash1 = YAML.parse(String.new(result))
end

secret = Crypto::SymmetricKey.new # this will generate a key from system random source
puts "secret key is #{secret}"

hash = {"1" => [1, 2, 3], 2 => "test"}
cookiestring = encrypt(hash, secret)
puts "encrypted message: #{cookiestring}"
puts "decrypted message: #{decrypt(cookiestring, secret)}"

using my monocypher bindings shard and untyped serialization to YAML (it is limited to simple types, but maybe it’s ok for a cookie).

Maybe you should better use OpenSSL or LibSodium bindings for encryption, and typed serialization (using e.g. YAML::Serializable) for serialization.

Blacksmoke16 · May 12, 2019, 8:55pm

@sol.vin Looks like that file isnt’t required in the docs_main file nor the openssl.cr file, thus is missing from the docs. Could prob make an issue for it as it’s prob not intentional it’s not there now.

sol.vin · May 13, 2019, 5:04am

Posted - https://github.com/crystal-lang/crystal/issues/7770

curious2learn · May 14, 2019, 2:07am

Thanks everyone. I was aware of OpenSSL::Cipher, however, as has been pointed out that wasn’t available in the new documentation.

I did not know about monocypher. Thank you @konovod. Will look into that. I appreciate the example you gave. That would be very helpful.

Thanks.

nsuchy · May 24, 2019, 4:59pm

What type of information is stored in the cookie? It may be a good idea to store a session reference and then have the actual user data only on the server to minimize the amount of places its temporarily stored.

curious2learn · May 25, 2019, 9:37pm

I was thinking of storing email and a session id (nothing sensitive, such as a password). But thought of encrypting it. But probably that is not necessary. As you said, I am just using the session id now. Probably, there is no need to encrypt that.

Thanks.

nsuchy · May 26, 2019, 7:41pm

HTTPS to and from your web server should be enough. Just make sure session IDs are unpredictable.

Topic		Replies	Views
How to encrypt/decrypt data? Help & Support	13	2094	March 23, 2021
Simple Encrypt + Decrypt? Help & Support	7	853	November 9, 2020
OpenSSL::PKey Help & Support	3	279	February 25, 2022
Writing Crypto in Crystal Community	7	202	July 20, 2024
Unable to get snippet to work on play.crystal-lang.org Crystal Contrib	0	379	December 21, 2019

Encryption in Crystal lang

Related topics