Parent

Class Index [+]

Quicksearch

ActiveSupport::MessageEncryptor

MessageEncryptor is a simple way to encrypt values which get stored somewhere you don’t trust.

The cipher text and initialization vector are base64 encoded and returned to you.

This can be used in situations similar to the MessageVerifier, but where you don’t want users to be able to determine the value of the payload.

Constants

OpenSSLCipherError

Public Class Methods

new(secret, options = {}) click to toggle source
    # File lib/active_support/message_encryptor.rb, line 26
26:     def initialize(secret, options = {})
27:       unless options.is_a?(Hash)
28:         ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to specify the cipher algorithm."
29:         options = { :cipher => options }
30:       end
31: 
32:       @secret = secret
33:       @cipher = options[:cipher] || 'aes-256-cbc'
34:       @verifier = MessageVerifier.new(@secret, :serializer => NullSerializer)
35:       @serializer = options[:serializer] || Marshal
36:     end

Public Instance Methods

decrypt(value) click to toggle source
    # File lib/active_support/message_encryptor.rb, line 44
44:     def decrypt(value)
45:       ActiveSupport::Deprecation.warn "MessageEncryptor#decrypt is deprecated as it is not safe without a signature. "          "Please use MessageEncryptor#decrypt_and_verify instead."
46:       _decrypt(value)
47:     end
decrypt_and_verify(value) click to toggle source

Decrypt and verify a message. We need to verify the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks

    # File lib/active_support/message_encryptor.rb, line 58
58:     def decrypt_and_verify(value)
59:       _decrypt(verifier.verify(value))
60:     end
encrypt(value) click to toggle source
    # File lib/active_support/message_encryptor.rb, line 38
38:     def encrypt(value)
39:       ActiveSupport::Deprecation.warn "MessageEncryptor#encrypt is deprecated as it is not safe without a signature. "          "Please use MessageEncryptor#encrypt_and_sign instead."
40:       _encrypt(value)
41:     end
encrypt_and_sign(value) click to toggle source

Encrypt and sign a message. We need to sign the message in order to avoid padding attacks. Reference: www.limited-entropy.com/padding-oracle-attacks

    # File lib/active_support/message_encryptor.rb, line 52
52:     def encrypt_and_sign(value)
53:       verifier.generate(_encrypt(value))
54:     end

Private Instance Methods

_decrypt(encrypted_message) click to toggle source
    # File lib/active_support/message_encryptor.rb, line 79
79:     def _decrypt(encrypted_message)
80:       cipher = new_cipher
81:       encrypted_data, iv = encrypted_message.split("--").map {|v| ::Base64.decode64(v)}
82: 
83:       cipher.decrypt
84:       cipher.key = @secret
85:       cipher.iv  = iv
86: 
87:       decrypted_data = cipher.update(encrypted_data)
88:       decrypted_data << cipher.final
89: 
90:       @serializer.load(decrypted_data)
91:     rescue OpenSSLCipherError, TypeError
92:       raise InvalidMessage
93:     end
_encrypt(value) click to toggle source
    # File lib/active_support/message_encryptor.rb, line 64
64:     def _encrypt(value)
65:       cipher = new_cipher
66:       # Rely on OpenSSL for the initialization vector
67:       iv = cipher.random_iv
68: 
69:       cipher.encrypt
70:       cipher.key = @secret
71:       cipher.iv  = iv
72: 
73:       encrypted_data = cipher.update(@serializer.dump(value))
74:       encrypted_data << cipher.final
75: 
76:       [encrypted_data, iv].map {|v| ::Base64.strict_encode64(v)}.join("--")
77:     end
new_cipher() click to toggle source
    # File lib/active_support/message_encryptor.rb, line 95
95:     def new_cipher
96:       OpenSSL::Cipher::Cipher.new(@cipher)
97:     end
verifier() click to toggle source
     # File lib/active_support/message_encryptor.rb, line 99
 99:     def verifier
100:       @verifier
101:     end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.