OpenSSL TripleDES algorithm in Ruby

OpenSSL has a number of different ciphers available for use when encrypting data. An algorithm I found myself using recently with little discussion on the web is the Triple DES cipher with cipher-block chaining mode (CBC). Triple DES is the name for the Triple Data Encryption Algorithm block cipher.

Standard usage:

def encrypt(data)
  cipher = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC')
  cipher.encrypt # Must be called before anything else

  # Generate the key and initialization vector for the algorithm.
  # Alternatively, you can specify the initialization vector and cipher key
  # specifically using `cipher.iv = 'some iv'` and `cipher.key = 'some key'`
  cipher.pkcs5_keyivgen('SOME_PASS_PHRASE_GOES_HERE')

  output = cipher.update(data)
  output << cipher.final
  output
end

def decrypt(data)
  # Effectively the same as the `encrypt` method
  cipher = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC')
  cipher.decrypt # Also must be called before anything else

  cipher.pkcs5_keyivgen('SOME_PASS_PHRASE_GOES_HERE')

  output = cipher.update(data)
  output << cipher.final
  output
end

The second last line is particularly useful to know since the encryption/decryption algorithm operates on 96 bytes at a time, meaning, if you simply call the update method once, the output will be the first 96 bytes of the original data string. So you want to make sure that you call the final method on the cipher to retrieve the remainder. This is particularly useful to remember when you use Base64 encoding/decoding to transmit your data over email or the web. Consider the following:

b64_encrypted_string = Base64.encode64(encrypt('some data string goes here'))
#=> "some base 64 encoded string"

decrypted_string = decrypt(Base64.decode64(b64_encrypted_string))
#=> 'some data string goes here'

A word of warning, it is recommended that that you use a passphrase to generate the initialization vector and cipher key instead of setting these manually as you may inadvertently expose your encrypted data to vulnerabilities. If setting the IV, make sure it is at least 8 bytes, and that the cipher key is at least 24 bytes.