Ruby Developer Solutions
Encryption and Key Management for Compliance
A variety of compliance regulations now require that Enterprise customers separate encryption keys from the data that they protect. For Ruby developers this means storing encryption keys on an external appliance designed for this purpose, and securely retrieving encryption keys in Ruby applications as they are needed for encryption and decryption tasks. Alliance Key Manager is an affordable solution that meets all compliance regulations for the secure creation, management, storage, and distribution of encryption keys. Alliance Key Manager is FIPS-140-2 certified (certificate number 1449) and is perfect for use in Ruby applications.
Encryption can be a challenge for Ruby developers. You can use the OpenSSL cryptographic library from Ruby for AES encryption. Or you can use the Alliance AES Encryption libraries for Linux and Unix platform. These shared libraries provide the Ruby developer a way to incorporate NIST-certified AES encryption into their Ruby applications.
Ruby Encryption Key Retrieval
Any application that can create a secure and authenticated TLS connection to the Alliance Key Manager can request and receive encryption keys for use in their applications. Ruby supports TLS communications with the openssl interface and can retrieve keys from AKM. You can store the client side certificate and private key files on your local system and reference them in your Ruby openssl application, make the TLS connection, format and send the key retrieval request, and retrieve an encryption key for use in your applications.
Wire Protocol Eliminates Libraries
The interface to the Alliance Key Manager is a “wire” protocol. This means that there is no client side software required for key retrieval. You will not need to write wrapper code around shared libraries, or use similar techniques for key retrieval. The Ruby language has all of the required features needed to retrieve keys using openssl from Ruby. This also means that you will not have complex package update requirements for your Linux or Unix operating environment.
Alliance Key Manager Documentation and Sample Code
The Alliance Key Manager product CD contains documentation on the use of the Alliance Key Manager.
Encryption Key Management APIs
Most Enterprise customers use the Linux security administrator’s command line application, or the Alliance Windows key management application, to create and manage encryption keys on the Alliance Key Manager appliance. However there are certain applications that need to perform key management functions under program control. Through the Linux command line console application, Alliance Key Manager provides commands to enable all of the normal encryption key management functions including creating encryption keys, rotating keys, revoking keys, and so forth. More than 80 commands are provided for every aspect of key management. You can create your own Ruby interfaces to the command line application to manage keys.
AES Encryption Libraries
Townsend Security provides NIST-certified AES encryption libraries on a wide variety of platforms including Windows, Linux and Unix. On Linux and Unix systems the software is delivered as a shared library in the package format appropriate for the OS, on Windows the software is delivered as a .NET assembly or DLL. You can use the Ruby “dl” command to open the shared library to access these AES encryption functions. These AES libraries are NIST certified through the AES Validation program, and interoperate with Townsend AES libraries on a variety of other platforms including Linux, Unix, IBM i (AS/400, iSeries), and IBM System z Mainframe platforms. You can encrypt on one platform and decrypt on a different platform without exposing the data during transport.
Tokenization for Ruby Developers
Tokenization is an alternative data protection method that preserves the format of the original data. The Townsend Alliance Token Manager solution provides tokenization services to Ruby applications and applications on all over major operating systems.
