Class: ActiveSupport::MessageEncryptor

MessageEncryptor is a simple way to encrypt values which get stored somewhere you don‘t trust.

The cipher text and initialization vector are base64 encoded and returned to you.

This can be used in situations similar to the MessageVerifier, but where you don‘t want users to be able to determine the value of the payload.

Methods

decrypt
decrypt_and_verify
encrypt
encrypt_and_sign
new

Classes and Modules

Class ActiveSupport::MessageEncryptor::InvalidMessage

Constants

OpenSSLCipherError

OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError

Public Class methods

new(secret, cipher = 'aes-256-cbc')

[ show source ]

    # File activesupport/lib/active_support/message_encryptor.rb, line 15
15:     def initialize(secret, cipher = 'aes-256-cbc')
16:       @secret = secret
17:       @cipher = cipher
18:     end

Public Instance methods

decrypt(encrypted_message)

[ show source ]

    # File activesupport/lib/active_support/message_encryptor.rb, line 35
35:     def decrypt(encrypted_message)
36:       cipher = new_cipher
37:       encrypted_data, iv = encrypted_message.split("--").map {|v| ActiveSupport::Base64.decode64(v)}
38:       
39:       cipher.decrypt
40:       cipher.key = @secret
41:       cipher.iv  = iv
42: 
43:       decrypted_data = cipher.update(encrypted_data)
44:       decrypted_data << cipher.final
45:       
46:       Marshal.load(decrypted_data)
47:     rescue OpenSSLCipherError, TypeError
48:       raise InvalidMessage
49:     end

decrypt_and_verify(value)

[ show source ]

    # File activesupport/lib/active_support/message_encryptor.rb, line 55
55:     def decrypt_and_verify(value)
56:       decrypt(verifier.verify(value))
57:     end

encrypt(value)

[ show source ]

    # File activesupport/lib/active_support/message_encryptor.rb, line 20
20:     def encrypt(value)
21:       cipher = new_cipher
22:       # Rely on OpenSSL for the initialization vector
23:       iv = cipher.random_iv
24:       
25:       cipher.encrypt 
26:       cipher.key = @secret
27:       cipher.iv  = iv
28:       
29:       encrypted_data = cipher.update(Marshal.dump(value)) 
30:       encrypted_data << cipher.final
31: 
32:       [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
33:     end

encrypt_and_sign(value)

[ show source ]

    # File activesupport/lib/active_support/message_encryptor.rb, line 51
51:     def encrypt_and_sign(value)
52:       verifier.generate(encrypt(value))
53:     end