Sentry Encryption Library

July 6, 2005

An interesting question was posed yesterday. What's a good way to encrypt data for a web application? The problem with typical symmetrical encryption, is that a key must still be present to decrypt the data (if you want automation, anyhow). So, I opted for a PKI method. Sentry is a little ruby module I wrote that uses some undocumented OpenSSL classes. Basically, it creates a simple RSA private and public key, and encrypts the private key with a symmetrical encryption algorithm. So, only a simple password (and not a full RSA private key) is needed to decrypt something. It's still not automated though. Check out the experimental Sentry lib if you're curious. I plan to move it to a subversion repository and set it up as gem once I get a chance. So far I have it working locally on my Mac, and on our Textdrive host server.