0

I'm creating a WebSocket Server in Ruby, and I would like to encrypt the string messages between the server and the client. I can't afford a certificate, so I was thinking that I would create an encryption algorithm using modulo.

I need to generate large prime numbers for this algorithm. I know that Ruby has a built in function for Primes, but I'm not sure if it can generate 50 to 60 digit numbers. Is the built in function for Primes good for this?

If anyone can offer a better way of encrypting my WS messages for free (and decrypt on the other side) I would also accept that :)

Melvin Sowah
  • 700
  • 1
  • 10
  • 29
  • 2
    I would highly advise you not to roll your own crypto. Check out this link for more info: http://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own. – sunnyrjuneja Aug 26 '13 at 20:15

1 Answers1

2

A self-signed certificate will work unless this is a public-facing project. Real certificates only matter if your client needs a way to trust the server it's connecting to.

Alternately, the Crypt gem has lots of Ruby implementations of cryptographic functions. Here's an example of encrypting and decrypting a string using Rijndael:

crypter = Crypt::Rijndael.new("super-awesome-32-byte-key-goes-here")
plaintext = "Hey Bob, how's it going? -- Alice"
cyphertext = crypter.encrypt_block(plaintext)
plaintext_again = crypter.decrypt_block(cyphertext)

If you can share a key between your client/server, you shouldn't have any trouble doing this.

Nick Veys
  • 23,458
  • 4
  • 47
  • 64
  • My Mathematics teacher talked to us about Cryptography, and I realised since my WebSocket server relies on strings, I would need to encrypt them to prevent eavesdropping. He talked to us about how to share the common key between both client and server, so that shouldn't be a problem. But the client that I'm sending messages to is a HTML5 game. Could I link Rails to it somehow? – Melvin Sowah Aug 27 '13 at 14:58
  • 1
    Certainly, there are [JavaScript crypto libraries](http://crypto.stanford.edu/sjcl/). The problem then comes in securing the key. I don't know how serious the work you are doing is. I believe (I'm no expert) that Rijndael is symmetric, so there is just one key (compared to asymmetric algorithms with public and private keys), and if you publish the key in your HTML5/JS source code, anyone could snag it and theoretically decrypt the communications. – Nick Veys Aug 27 '13 at 15:11
  • From what I was taught, I can use `modulo` to share a public key with my client without an eavesdropper finding out what it is. He gave us an algorithm to do that, but I had to work out how to encrypt a message using this key, but now I can do that with `crypt`. Do the JS libraries you mentioned and `crypt` use the same algorithm then? I couldn't find `Rijndael` anywhere – Melvin Sowah Aug 27 '13 at 15:29
  • I think Rijndael is used in AES, so it may be named that. Here is [another SO thread that may help](http://stackoverflow.com/questions/13563859/decryption-of-aes-created-with-sjcl-js-in-ruby). – Nick Veys Aug 27 '13 at 16:53
  • 1
    +1. I would upvote you, but I don't have the rep yet :) Thanks for the help – Melvin Sowah Aug 27 '13 at 18:43