Open in app

Sign in

Write

Sign in

Encrypting and Decrypting Data in Ruby Using OpenSSL

Umar Farooque Khan
3 min readMar 10, 2025

Introduction

Data encryption is crucial for protecting sensitive information such as email addresses, passwords, and personal details. In Ruby, the OpenSSL library provides a robust way to encrypt and decrypt data using various encryption algorithms.

In this document, we’ll explore how to encrypt and decrypt email addresses using the AES-256-CBC encryption algorithm in Ruby.

Understanding AES-256-CBC

AES (Advanced Encryption Standard) is a widely used encryption algorithm that comes in different key sizes, such as 128, 192, and 256 bits. The AES-256-CBC mode (Cipher Block Chaining) is a strong encryption method that requires:

  • A 32-byte secret key (for AES-256).
  • A 16-byte Initialization Vector (IV) to ensure randomness.
  • A cipher block chaining mode that makes each encrypted block dependent on the previous one, improving security.

Implementing Encryption and Decryption in Ruby

Below is a Ruby module that provides encryption and decryption functionalities using AES-256-CBC:

require 'openssl'
module EncryptionHelper
  ALGORITHM = 'AES-256-CBC'  # Encryption algorithm
  SECRET_KEY = "0123456789abcdef0123456789abcdef"[0, 32]  # 32-byte key for AES-256
  IV_LENGTH = 16  # AES requires a 16-byte IV
  # Method to encrypt an email
  def encrypt_email(email)
    return nil if email.nil? || email.strip.empty?  # Handle empty input
    iv = OpenSSL::Random.random_bytes(IV_LENGTH)  # Generate a random IV
    cipher = OpenSSL::Cipher.new(ALGORITHM).encrypt  # Create cipher in encryption mode
    cipher.key = SECRET_KEY  # Set encryption key
    cipher.iv = iv  # Set IV
    encrypted = cipher.update(email) + cipher.final  # Perform encryption
    "#{iv.unpack1('H*')}:#{encrypted.unpack1('H*')}"  # Convert to hex format and return
  end
  # Method to decrypt an email
  def decrypt_email(encrypted_string)
    return nil if encrypted_string.nil? || encrypted_string.strip.empty?  # Handle empty input
    iv_hex, encrypted_hex = encrypted_string.split(":")  # Split IV and encrypted data
    return nil unless iv_hex && encrypted_hex  # Validate input format
    cipher = OpenSSL::Cipher.new(ALGORITHM).decrypt  # Create cipher in decryption mode
    cipher.key = SECRET_KEY  # Set decryption key
    cipher.iv = [iv_hex].pack("H*")  # Convert IV from hex to bytes
    cipher.update([encrypted_hex].pack("H*")) + cipher.final  # Perform decryption
  end
end

Explanation of the Code

1. Defining Constants

  • ALGORITHM = 'AES-256-CBC' → Specifies the AES encryption method.
  • SECRET_KEY = "0123456789abcdef0123456789abcdef"[0, 32] → A 32-byte key for AES-256.
  • IV_LENGTH = 16 → The initialization vector (IV) should be 16 bytes long.

2. Encryption Process (encrypt_email)

  • Checks if the email input is valid.
  • Generates a random IV using OpenSSL::Random.random_bytes(IV_LENGTH).
  • Creates a new cipher in encryption mode using OpenSSL::Cipher.new(ALGORITHM).encrypt.
  • Sets the encryption key and IV.
  • Encrypts the email using cipher.update(email) + cipher.final.
  • Converts the IV and encrypted data into hexadecimal format for easy storage and transmission.
  • Returns a string in the format: IV:EncryptedData.

3. Decryption Process (decrypt_email)

  • Checks if the encrypted input is valid.
  • Extracts the IV and encrypted data by splitting the input string at ":".
  • Converts the IV back from hex to bytes using [iv_hex].pack("H*").
  • Creates a cipher in decryption mode using OpenSSL::Cipher.new(ALGORITHM).decrypt.
  • Sets the decryption key and IV.
  • Decrypts the data using cipher.update([encrypted_hex].pack("H*")) + cipher.final.
  • Returns the original email.

Example Usage

include EncryptionHelper
email = "user@example.com"
# Encrypt the email
encrypted_email = encrypt_email(email)
puts "Encrypted: #{encrypted_email}"
# Decrypt the email
decrypted_email = decrypt_email(encrypted_email)
puts "Decrypted: #{decrypted_email}"

Output Example

Encrypted: e6f14a8c94a9d7d1c8f8c9a8e6f6e8d4:5b6c2a97f6a8d9c3e1f0a0e4f7d5b8c1
Decrypted: user@example.com

Why This Approach is Secure?

  1. Random IV for each encryption → Even if the same email is encrypted multiple times, the output will always be different.
  2. Strong AES-256 encryption → Provides a high level of security.
  3. Hex encoding → Ensures safe storage and easy transmission of encrypted data.
  4. Proper error handling → Prevents decryption failures due to malformed input.

Conclusion

Encrypting and decrypting data using OpenSSL in Ruby is an essential practice for securing sensitive information. By following the AES-256-CBC approach, we can ensure that encrypted data remains secure while allowing authorized decryption when needed.

This method is ideal for hiding email addresses, protecting user data, and securing API tokens in applications.🚀

Programming
Ruby
Encryption
Web
Rails

--

--

Umar Farooque Khan
Umar Farooque Khan

Written by Umar Farooque Khan

389 Followers
4 Following

Experienced software developer with a passion for clean code and problem-solving. Full-stack expertise in web development. Lifelong learner and team player.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech