Generate Encryption Keys in Ruby - OpenSSL & SecureRandom
Complete code tutorial with examples and best practices
[ Code Example - Quick Summary ]
Language: Ruby
What: Generate AES and RSA encryption keys in Ruby using OpenSSL and SecureRandom for secure encryption and decryption.
Try it: Use our interactive Encryption-keys generator or integrate this code into your Ruby application.
Generate AES and RSA encryption keys in Ruby using OpenSSL and SecureRandom for secure encryption and decryption. Looking for other languages? Check our code examples in PHP , JavaScript , Python , Java , C# , C++ and Go or use our interactive web generator.
Ruby Code Example
require 'openssl'
require 'securerandom'
require 'base64'
# AES-256 Key Generation
aes_256_key = SecureRandom.random_bytes(32) # 256 bits
aes_256_hex = aes_256_key.unpack1('H*')
aes_256_base64 = Base64.strict_encode64(aes_256_key)
puts "AES-256 Key (Hex): #{aes_256_hex}"
puts "AES-256 Key (Base64): #{aes_256_base64}"
# AES-128 Key
aes_128_key = SecureRandom.hex(16) # Returns hex string (16 bytes)
puts "AES-128 Key (Hex): #{aes_128_key}"
# RSA Key Pair Generation (2048-bit)
rsa_key = OpenSSL::PKey::RSA.new(2048)
private_key_pem = rsa_key.to_pem
public_key_pem = rsa_key.public_key.to_pem
puts "Private Key:\n#{private_key_pem}"
puts "Public Key:\n#{public_key_pem}"
# Export in DER format (binary)
private_key_der = rsa_key.to_der
public_key_der = rsa_key.public_key.to_der
private_key_base64 = Base64.strict_encode64(private_key_der)
puts "Private Key (Base64): #{private_key_base64}"
# Password-protected private key
encrypted_key = rsa_key.to_pem(OpenSSL::Cipher.new('AES-256-CBC'), 'password')
puts "Encrypted Private Key:\n#{encrypted_key}"[EXPLANATION]
Ruby's SecureRandom module provides cryptographically secure random generation. Use SecureRandom.random_bytes(n) for raw bytes (32 for AES-256, 16 for AES-128) or SecureRandom.hex(n) for hexadecimal strings. unpack1('H*') converts bytes to hex. For RSA, OpenSSL::PKey::RSA.new(bits) generates a key pair with the specified bit length (2048 or 4096). to_pem exports keys in PEM format (ASCII), while to_der exports in DER format (binary). To password-protect private keys, pass a cipher and password to to_pem (e.g., OpenSSL::Cipher.new('AES-256-CBC')).
Expected Output
AES-256 Key (Hex): d2f5a8c1e4b7f3a9d6c2e5b8f1a4c7d2e9c3f6a8d1b4e7f2a5c8d1e4b7f3a9d6 AES-256 Key (Base64): 0vWoweS386nWwuW48aTs0unD9qjRtOfypsjR5Lfzqdbo= AES-128 Key (Hex): f3a7d2e5c1b8f4a9d6c3e7b2f5a8c1d4 Private Key: -----BEGIN RSA PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9... -----END RSA PRIVATE KEY----- Public Key: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd... -----END PUBLIC KEY-----
Common Use Cases
- Encrypt sensitive data in Rails applications
- Secure API token encryption
- File encryption for cloud storage
- Database field-level encryption
- Secure messaging systems
Important Notes
-
SecureRandomis cryptographically secure (uses /dev/urandom) -
For Rails apps, use
ActiveSupport::MessageEncryptor - Password-protect keys with AES-256-CBC for secure storage
- Store keys in environment variables or Rails credentials
- OpenSSL is built into Ruby standard library
Try Our Interactive Generator
Don't want to write code? Use our free web-based Encryption-keys generator with instant results.
TRY ENCRYPTION-KEYS GENERATOR →Other Programming Languages
View Encryption-keys generation code examples in PHP
View Encryption-keys generation code examples in JavaScript
View Encryption-keys generation code examples in Python
View Encryption-keys generation code examples in Java
View Encryption-keys generation code examples in C#
View Encryption-keys generation code examples in C++
View Encryption-keys generation code examples in Go