A Quick Note on Encryption
Mar 02, 2010 09:54

I'm currently working on a project that requires some communication with a partner website. Our site sends the user to the partner site, where some transactions take place, and then the partner site sends the user back to our site, with a short message in the URL describing the results. To keep out potential abuse, we want to have that result message be encrypted, with a key that both of us would know.

The partner site is done in Python, and their developer originally suggested using XTEA as the encryption method. I found a Ruby XTEA library, but wasn't even able to get it to do a simple round trip encryption/decryption and return the same message. No doubt I'm missing some obvious aspect of how this is supposed to work - but since this is a side project, I don't have lots of time to spend figuring out why some obscure library wasn't working properly.

Thankfully, I found another solution: After a bit of Googling, I found a DZone snippet that shows how to use OpenSSL to encrypt messages. It looks like the original source for this code is from the always-awesome Rick Olson of Techno Weenie.

The best thing about this technique is that, since it only uses openssl and digest/sha1, it doesn't require any extra gems or custom libraries to run - it's all already built in to the Ruby that you already have.

I hope this saves somebody else some time and trouble.

We're all LUsers
Feb 12, 2010 12:25
Project Report: PTOS2
May 04, 2010 12:41