Ruby OpenSSL: An Introduction to the OpenSSL Ruby Library

Ruby OpenSSLRuby is one of the most popular languages in the world at the moment. It’s a true object oriented language and features a dynamic type system and an automatic memory management system. The language code is easy to understand and learn. Ruby was inspired by several languages. Some of its most useful concepts have been integrated from popular languages like Smalltalk and Perl. If you have any experience at all with programming languages, you will find it easy to pick up Ruby. Ruby code is simple and logical- a few lines of code go farther in Ruby than they would in other languages. You can easily get started with Ruby with this beginners course.

The Ruby on Rails framework, which is based on the language, is used to design web applications. The full-stack framework is capable of making apps and pages that are capable of receiving information from web servers, querying databases and rendering templates right out of box. Ruby on rails has a routing feature that does not rely on a web server to work. Learning Ruby and Ruby on Rails will pave the way to writing your own web applications or finding work with some big software companies need Ruby programmers. If you are looking to learn Ruby  basics you can take this beginners course . We teach you everything you need to know to become a good Ruby programmer, so that you’ll be designing your own apps in no time. If you’re familiar with Ruby and just need a refresher you can read through this step by step tutorial.

OpenSSL in Ruby

The OpenSSL toolkit is used by ruby to provide SSL, TLS and general purpose encryption, through the OpenSSL library. The OpenSSL project is an open source, free to use endeavor that provides a standard, efficient and up-to-date toolkit that could implement TLS v1 (Transport Layer Security) and SSL v2/v3 (Secure Sockets Layer) protocols. It also provides a general purpose cryptographical library. The OpenSSL toolkit runs under a license similar to an Apache-style license, so it can be used for commercial or other purposes.

We’ll give you a brief introduction of the OpenSSL library in Ruby. Before we do that, let’s take a look at what SSL is first.

What is SSL?

So what is SSL exactly? Why is it important? The SSL protocol is a technology that allows a secure, encrypted link to be created between a server and a client system. For example, a mail server and a mail client like Outlook employ SSL technology to keep the connection secure. The encryption allows information to be sent to a server in a safe manner. If the data wasn’t encrypted, then any hacker would be able to get their hands on it. SSL is what lets you shop online using your credit card or internet banking. If a website has a valid SSL certificate, it make sit much harder for a hacker to get his hands on your information.

So how is this data interpreted by the server if it’s encrypted? Through public and private keys of course. In Ruby, you can create keys and save them to your disk. You can also encrypt them to make them more secure. Take a look at Ruby internals and how things work in Ruby with this course.

Referencing the SSL Library

If you are going to be working with keys and SSL protocols, you need to load the OpenSSL library first:

require ‘openssl’

Creating a Standard Key

Now let’s create a key that we can use with a SSL server later:

key = OpenSSL::PKey::RSA.new 2048
open 'private_key.pem', 'w' do |io| io.write key.to_pem end
open 'public_key.pem', 'w' do |io| io.write key.public_key.to_pem end

Note that we’re using the example key found in the official OpenSSL documentation. We will use some of the examples given in the official documentation for reference. If you run the code given above, this will create a public key and a private key and write it to the disk.

In Ruby, if you want to export a key, you must specify a passphrase to make it secure. Otherwise, that would defeat the purpose of having a key in the first place. The passphrase is similar to a password- except that it is usually made up of several words, which makes it harder to guess or break:

cipher = OpenSSL::Cipher.new 'AES-128-CBC'
pass_phrase = ‘this is an example pass phrase to make your key secure’

Now, if you wanted to load an encrypted key, you will be asked for a passphrase first. An unauthorized person won’t be able to use your key.

Loading a Key

You can load a private key or a public key from a file. How do you know which key is public or private? You can query ruby for that, so long as you have the name(s) of the key. If your key was key4, for example, you can query it to see if it’s private:

key4.private?

You will be returned a true or false value.

How do you load a key? You can load a key named key5 like this:

key5 = OpenSSL::PKey::RSA.new File.read 'private_key.pem'

You need to specify if you are loading a private or a public key.

If you are loading an encrypted key, you need to specify the passphrase- during the declaration or before:

key5_pem = File.read 'private.secure.pem'
key5 = OpenSSL::PKey::RSA.new key5_pem, pass_phrase

Creating an SSL Protected Server

Now that you know how to create a key, you can use it to create an SSL protected server. While a key is not required to create the server in itself, it is necessary (along with a certificate) if the server is to communicate with the client:

context.cert = cert
context.key = key

An SSL Server can be used like any TCP server. A TCP socket can be assigned to it. Here’s how you can create an SSL Server:

require 'socket'
require ‘openssl’
tcp_server = TCPServer.new 5000
ssl_server = OpenSSL::SSL::SSLServer.new tcp_server, context
loop do
  ssl_connection = ssl_server.accept
  data = connection.gets
  response = "Retrieved Data #{data.dump}"
  puts response
  connection.puts "Data Retrieved: #{data.dump}"
  connection.close
end

 In this example, we’ve set up an SSL server that utilizes the OpenSSL Ruby library and the socket module. It utilizes the SSL cryptography to connect to the server. Finally, if the connection is successful, we will see a bunch of data. Note that you need to use the socket module to create a server (or SSL client). To learn more about how to write OpenSSL Ruby programs, you can take this advanced course.

SSL Error- Failed Peer Verification

It’s pretty common to encounter the following error while attempting to connect to an SSL server with a client:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed

This error can mean one of three things: your system does not have valid certificates, your SSL client isn’t configured right or the server does not have valid certificates. You can check with your system admin (if you work in a company) for a valid certificate or to configure your client correctly. However, if the server doesn’t have a valid certificate, it could mean that you have arrived at a false server and your information may be at risk.

You can turn off the peer verification completely, but it’s not recommended:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

If you want to learn more about OpenSSL, you can check out these official Ruby doc or the OpenSSL org.

We recommend that you take a look at how you can create your own certificate, and encryption and decryption procedures, including password protection and cipher instances, to get a better grasp on the topic. You can also sign up for this practical training course on Ruby.