MessageEncryptor is a simple way to encrypt values which get stored somewhere you don‘t trust.
The cipher text and initialization vector are base64 encoded and returned to you.
This can be used in situations similar to the MessageVerifier, but where you don‘t want users to be able to determine the value of the payload.
Methods
Classes and Modules
Class ActiveSupport::MessageEncryptor::InvalidMessageConstants
OpenSSLCipherError | = | OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError |
Public Class methods
[ show source ]
# File activesupport/lib/active_support/message_encryptor.rb, line 15 15: def initialize(secret, cipher = 'aes-256-cbc') 16: @secret = secret 17: @cipher = cipher 18: end
Public Instance methods
[ show source ]
# File activesupport/lib/active_support/message_encryptor.rb, line 35 35: def decrypt(encrypted_message) 36: cipher = new_cipher 37: encrypted_data, iv = encrypted_message.split("--").map {|v| ActiveSupport::Base64.decode64(v)} 38: 39: cipher.decrypt 40: cipher.key = @secret 41: cipher.iv = iv 42: 43: decrypted_data = cipher.update(encrypted_data) 44: decrypted_data << cipher.final 45: 46: Marshal.load(decrypted_data) 47: rescue OpenSSLCipherError, TypeError 48: raise InvalidMessage 49: end
[ show source ]
# File activesupport/lib/active_support/message_encryptor.rb, line 55 55: def decrypt_and_verify(value) 56: decrypt(verifier.verify(value)) 57: end
[ show source ]
# File activesupport/lib/active_support/message_encryptor.rb, line 20 20: def encrypt(value) 21: cipher = new_cipher 22: # Rely on OpenSSL for the initialization vector 23: iv = cipher.random_iv 24: 25: cipher.encrypt 26: cipher.key = @secret 27: cipher.iv = iv 28: 29: encrypted_data = cipher.update(Marshal.dump(value)) 30: encrypted_data << cipher.final 31: 32: [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--") 33: end
[ show source ]
# File activesupport/lib/active_support/message_encryptor.rb, line 51 51: def encrypt_and_sign(value) 52: verifier.generate(encrypt(value)) 53: end