Ruby Video
Talks
Speakers
Events
Topics
Leaderboard
Sign in
Talks
Speakers
Events
Topics
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
#rubyconftw 2023 Adventures in the Dungeons of OpenSSL by Ryo KAJIWARA As part of implementing Hybrid Public Key Encryption (HPKE; RFC 9180) in Ruby, I had a chance to send a patch into Ruby's OpenSSL gem. Missing functionalities? Major version upgrade of the OpenSSL backend? There is a deep dungeon behind one of Ruby's default gem, and I will talk about one adventure through this dungeon.
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In this presentation titled "Adventures in the Dungeons of OpenSSL" delivered by Ryo Kajiwara at RubyConf Taiwan 2023, the focus is on exploring the intricacies of Hybrid Public Key Encryption (HPKE) and its implementation within Ruby's OpenSSL gem. ### Key Points Discussed: - **Introduction to the Speaker**: Ryo Kajiwara, a freelance web developer specializing in digital identity and security, shares his background and experience with cryptography and internet standards. - **Understanding Cryptographic APIs**: The talk emphasizes the importance of proper usage of cryptographic APIs, which can lead to significant security vulnerabilities if misused. Misguided implementations can have catastrophic consequences. - **Exploration of HPKE**: Kajiwara provides a comprehensive overview of HPKE (RFC 9180), describing its functionality in Ruby. He explains how public key encryption works, showcasing the process where a user generates a public-private key pair and uses it for secure message exchanges. - **Implementation Challenges**: The implementation of HPKE faced challenges due to unavailable features in Ruby's OpenSSL, prompting Kajiwara to dive deep into OpenSSL's functionalities like elliptic curve support and various cipher suites. He discusses the importance of using well-documented and secure APIs to avoid pitfalls. - **Technical Dive**: The complexities involved in creating OpenSSL keys and handling ASN.1 sequences are explained, showcasing the difficulty of navigating these technical elements and the necessity of precise control over data structures. - **Beta Release and Future Work**: Kajiwara also mentions the current state of his HPKE implementation available on GitHub, highlighting the ongoing experimental phase and the need for caution in production environments. The aim is to build C extensions that facilitate better integration between Ruby and C, enhancing Ruby’s capabilities in cryptography. - **Acknowledgments and Community Engagement**: He expresses gratitude towards contributors in the cryptographic and Ruby community, urging developers to ensure they have an adequate understanding of cryptographic principles before delving into implementations. ### Main Takeaways: - The careful implementation of cryptographic functions is crucial to avoid security vulnerabilities. - HPKE aims to simplify secure encryption processes while encouraging best practices in its usage within Ruby. - Continuous learning and community engagement are key to advancing Ruby’s role in cryptography and security.
Suggest modifications
Cancel