MessageEncryptor is a simple way to encrypt values which get stored somewhere you don’t trust.
The cipher text and initialization vector are base64 encoded and returned to you.
This can be used in situations similar to the MessageVerifier, but where you don’t want users to be able to determine the value of the payload.
# File lib/active_support/message_encryptor.rb, line 26 26: def initialize(secret, options = {}) 27: unless options.is_a?(Hash) 28: ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to specify the cipher algorithm." 29: options = { :cipher => options } 30: end 31: 32: @secret = secret 33: @cipher = options[:cipher] || 'aes-256-cbc' 34: @verifier = MessageVerifier.new(@secret, :serializer => NullSerializer) 35: @serializer = options[:serializer] || Marshal 36: end
# File lib/active_support/message_encryptor.rb, line 44 44: def decrypt(value) 45: ActiveSupport::Deprecation.warn "MessageEncryptor#decrypt is deprecated as it is not safe without a signature. " "Please use MessageEncryptor#decrypt_and_verify instead." 46: _decrypt(value) 47: end
Decrypt and verify a message. We need to verify the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks
# File lib/active_support/message_encryptor.rb, line 58 58: def decrypt_and_verify(value) 59: _decrypt(verifier.verify(value)) 60: end
# File lib/active_support/message_encryptor.rb, line 38 38: def encrypt(value) 39: ActiveSupport::Deprecation.warn "MessageEncryptor#encrypt is deprecated as it is not safe without a signature. " "Please use MessageEncryptor#encrypt_and_sign instead." 40: _encrypt(value) 41: end
Encrypt and sign a message. We need to sign the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks
# File lib/active_support/message_encryptor.rb, line 52 52: def encrypt_and_sign(value) 53: verifier.generate(_encrypt(value)) 54: end
# File lib/active_support/message_encryptor.rb, line 79 79: def _decrypt(encrypted_message) 80: cipher = new_cipher 81: encrypted_data, iv = encrypted_message.split("--").map {|v| ::Base64.decode64(v)} 82: 83: cipher.decrypt 84: cipher.key = @secret 85: cipher.iv = iv 86: 87: decrypted_data = cipher.update(encrypted_data) 88: decrypted_data << cipher.final 89: 90: @serializer.load(decrypted_data) 91: rescue OpenSSLCipherError, TypeError 92: raise InvalidMessage 93: end
# File lib/active_support/message_encryptor.rb, line 64 64: def _encrypt(value) 65: cipher = new_cipher 66: # Rely on OpenSSL for the initialization vector 67: iv = cipher.random_iv 68: 69: cipher.encrypt 70: cipher.key = @secret 71: cipher.iv = iv 72: 73: encrypted_data = cipher.update(@serializer.dump(value)) 74: encrypted_data << cipher.final 75: 76: [encrypted_data, iv].map {|v| ::Base64.strict_encode64(v)}.join("--") 77: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.