Encryption in Crystal lang

curious2learn · May 11, 2019, 11:17pm

How do I do encryption in Crystal? I want to encrypt say a hash type or a named tuple containing some information, and then add it as a cookie value. I need to be able to read this encrypted value back and decrypt it to original hash type. Is this possible?

Thank you so much for all the help.

sol.vin · May 12, 2019, 6:47pm

Check out OpenSSL::Cipher https://crystal-lang.org/api/0.35.1/OpenSSL/Cipher.html

Blacksmoke16 · May 12, 2019, 6:51pm

@sol.vin Just a heads up that link is for a quite old version of the Crystal docs.

sol.vin · May 12, 2019, 8:41pm

oops my bad, I just googled OpenSSL Cipher Crystal API and thats what came up.

sol.vin · May 12, 2019, 8:46pm

@Blacksmoke16 Wait I’m missing something here, I went through the API docs on latest and couldn’t find Cipher any more, but I know it’s still there because I recently used it in a program I was writing. It’s still there in the src.

github.com

crystal-lang/crystal/blob/master/src/openssl/cipher.cr

require "random/secure"
require "openssl"

class OpenSSL::Cipher
  class Error < OpenSSL::Error
  end

  def initialize(name)
    cipher = LibCrypto.evp_get_cipherbyname name
    raise ArgumentError.new "Unsupported cipher algorithm #{name.inspect}" unless cipher

    @ctx = LibCrypto.evp_cipher_ctx_new
    # The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows
    # uninitialized key, but other EVPs (such as AES) does not allow it.
    # Calling EVP_CipherUpdate() without initializing key causes SEGV so
    # we set the data filled with "\0" as the key by default.
    cipherinit cipher: cipher, key: "\0" * LibCrypto::EVP_MAX_KEY_LENGTH
  end

  def encrypt

This file has been truncated. show original

konovod · May 12, 2019, 8:51pm

Your question consists of two problems -

serialize your hash to some string or binary stream, (and deserialize back)
encrypt it (and decrypt back)

If I would need to do it, I’ll do something like this:

require "yaml"
require "monocypher"

def encrypt(object, secret)
  plaintext = object.to_yaml.to_slice
  ciphertext = Bytes.new(plaintext.size + Crypto::OVERHEAD_SYMMETRIC)
  Crypto.encrypt(key: secret, input: plaintext, output: ciphertext)
  cookiestring = ciphertext.hexstring
end

def decrypt(text, secret)
  ciphertext = text.hexbytes
  raise "ciphertext too short" if ciphertext.size < Crypto::OVERHEAD_SYMMETRIC
  result = Bytes.new(ciphertext.size - Crypto::OVERHEAD_SYMMETRIC)
  unless Crypto.decrypt(key: secret, input: ciphertext, output: result)
    raise "ciphertext is corrupt"
  end
  hash1 = YAML.parse(String.new(result))
end

secret = Crypto::SymmetricKey.new # this will generate a key from system random source
puts "secret key is #{secret}"

hash = {"1" => [1, 2, 3], 2 => "test"}
cookiestring = encrypt(hash, secret)
puts "encrypted message: #{cookiestring}"
puts "decrypted message: #{decrypt(cookiestring, secret)}"

using my monocypher bindings shard and untyped serialization to YAML (it is limited to simple types, but maybe it’s ok for a cookie).

Maybe you should better use OpenSSL or LibSodium bindings for encryption, and typed serialization (using e.g. YAML::Serializable) for serialization.

Blacksmoke16 · May 12, 2019, 8:55pm

@sol.vin Looks like that file isnt’t required in the docs_main file nor the openssl.cr file, thus is missing from the docs. Could prob make an issue for it as it’s prob not intentional it’s not there now.

sol.vin · May 13, 2019, 5:04am

Posted - https://github.com/crystal-lang/crystal/issues/7770

curious2learn · May 14, 2019, 2:07am

Thanks everyone. I was aware of OpenSSL::Cipher, however, as has been pointed out that wasn’t available in the new documentation.

I did not know about monocypher. Thank you @konovod. Will look into that. I appreciate the example you gave. That would be very helpful.

Thanks.

nsuchy · May 24, 2019, 4:59pm

What type of information is stored in the cookie? It may be a good idea to store a session reference and then have the actual user data only on the server to minimize the amount of places its temporarily stored.

curious2learn · May 25, 2019, 9:37pm

I was thinking of storing email and a session id (nothing sensitive, such as a password). But thought of encrypting it. But probably that is not necessary. As you said, I am just using the session id now. Probably, there is no need to encrypt that.

Thanks.

nsuchy · May 26, 2019, 7:41pm

HTTPS to and from your web server should be enough. Just make sure session IDs are unpredictable.

Topic		Replies	Views
How to read Crystal documentation?	24	1213	June 23, 2019
[Help] Optimization and code review Learning Resources	13	451	August 15, 2021
Where is the SecureRandom in Crystal? Help & Support	1	340	June 18, 2022
Hash declaration: What am I doing wrong here? Help & Support	7	244	December 9, 2022
How to easily get consistent object hash?	21	1677	April 3, 2019

Encryption in Crystal lang

Related Topics